Class: Homebrew::ResourceAuditor Private

Inherits:

Object

Object
Homebrew::ResourceAuditor

show all

Includes:: Utils::Curl

Defined in:: resource_auditor.rb

Overview

This class is part of a private API. This class may only be used in the Homebrew/brew repository. Third parties should avoid using this class if possible, as it may be removed or changed without warning.

Auditor for checking common violations in Resources.

Instance Attribute Summary collapse

#checksum ⇒ Object readonly private
#mirrors ⇒ Object readonly private
#name ⇒ Object readonly private
#owner ⇒ Object readonly private
#problems ⇒ Object readonly private
#spec_name ⇒ Object readonly private
#specs ⇒ Object readonly private
#url ⇒ Object readonly private
#using ⇒ Object readonly private
#version ⇒ Object readonly private

Class Method Summary collapse

.curl_deps ⇒ Object private

Instance Method Summary collapse

#audit ⇒ Object private
#audit_checksum ⇒ Object private
#audit_download_strategy ⇒ Object private
#audit_head_branch ⇒ Object private
#audit_resource_name_matches_pypi_package_name_in_url ⇒ Object private
#audit_urls ⇒ Object private
#audit_version ⇒ Object private
#initialize(resource, spec_name, options = {}) ⇒ ResourceAuditor constructor private
A new instance of ResourceAuditor.
#problem(text) ⇒ Object private

Methods included from Utils::Curl

clear_path_cache, curl, curl_args, curl_check_http_content, curl_download, curl_executable, curl_headers, curl_http_content_headers_and_checksum, curl_output, curl_path, curl_response_follow_redirections, curl_response_last_location, curl_supports_fail_with_body?, curl_supports_tls13?, curl_version, curl_with_workarounds, http_status_ok?, parse_curl_output, url_protected_by_cloudflare?, url_protected_by_incapsula?

Methods included from SystemCommand::Mixin

#system_command, #system_command!

Constructor Details

#initialize(resource, spec_name, options = {}) ⇒ `ResourceAuditor`

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns a new instance of ResourceAuditor.

# File 'resource_auditor.rb', line 13

def initialize(resource, spec_name, options = {})
  @name     = resource.name
  @version  = resource.version
  @checksum = resource.checksum
  @url      = resource.url
  @mirrors  = resource.mirrors
  @using    = resource.using
  @specs    = resource.specs
  @owner    = resource.owner
  @spec_name = spec_name
  @online    = options[:online]
  @strict    = options[:strict]
  @only      = options[:only]
  @except    = options[:except]
  @core_tap  = options[:core_tap]
  @use_homebrew_curl = options[:use_homebrew_curl]
  @problems = []
end

Instance Attribute Details

#checksum ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def checksum
  @checksum
end

#mirrors ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def mirrors
  @mirrors
end

#name ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def name
  @name
end

#owner ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def owner
  @owner
end

#problems ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def problems
  @problems
end

#spec_name ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def spec_name
  @spec_name
end

#specs ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def specs
  @specs
end

#url ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def url
  @url
end

#using ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def using
  @using
end

#version ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def version
  @version
end

Class Method Details

.curl_deps ⇒ `Object`

# File 'resource_auditor.rb', line 103

def self.curl_deps
  @curl_deps ||= begin
    ["curl"] + Formula["curl"].recursive_dependencies.map(&:name).uniq
  rescue FormulaUnavailableError
    []
  end
end

Instance Method Details

#audit ⇒ `Object`

# File 'resource_auditor.rb', line 32

def audit
  only_audits = @only
  except_audits = @except

  methods.map(&:to_s).grep(/^audit_/).each do |audit_method_name|
    name = audit_method_name.delete_prefix("audit_")
    next if only_audits&.exclude?(name)
    next if except_audits&.include?(name)

    send(audit_method_name)
  end

  self
end

#audit_checksum ⇒ `Object`

# File 'resource_auditor.rb', line 93

def audit_checksum
  return if spec_name == :head
  # This condition is non-invertible.
  # rubocop:disable Style/InvertibleUnlessCondition
  return unless DownloadStrategyDetector.detect(url, using) <= CurlDownloadStrategy
  # rubocop:enable Style/InvertibleUnlessCondition

  problem "Checksum is missing" if checksum.blank?
end

#audit_download_strategy ⇒ `Object`

# File 'resource_auditor.rb', line 63

def audit_download_strategy
  url_strategy = DownloadStrategyDetector.detect(url)

  if (using == :git || url_strategy == GitDownloadStrategy) && specs[:tag] && !specs[:revision]
    problem "Git should specify `revision:` when a `tag:` is specified."
  end

  return unless using

  if using == :cvs
    mod = specs[:module]

    problem "Redundant `module:` value in URL" if mod == name

    if url.match?(%r{:[^/]+$})
      mod = url.split(":").last

      if mod == name
        problem "Redundant CVS module appended to URL"
      else
        problem "Specify CVS module as `module: \"#{mod}\"` instead of appending it to the URL"
      end
    end
  end

  return if url_strategy != DownloadStrategyDetector.detect("", using)

  problem "Redundant `using:` value in URL"
end

#audit_head_branch ⇒ `Object`

# File 'resource_auditor.rb', line 181

def audit_head_branch
  return unless @online
  return if spec_name != :head
  return if specs[:tag].present?
  return if specs[:revision].present?
  # Skip `resource` URLs as they use SHAs instead of branch specifiers.
  return if name != owner.name
  return unless url.end_with?(".git")
  return unless Utils::Git.remote_exists?(url)

  detected_branch = Utils.popen_read("git", "ls-remote", "--symref", url, "HEAD")
                         .match(%r{ref: refs/heads/(.*?)\s+HEAD})&.to_a&.second

  if specs[:branch].blank?
    problem "Git `head` URL must specify a branch name"
    return
  end

  return unless @core_tap
  return if specs[:branch] == detected_branch

  problem "To use a non-default HEAD branch, add the formula to `head_non_default_branch_allowlist.json`."
end

#audit_resource_name_matches_pypi_package_name_in_url ⇒ `Object`

# File 'resource_auditor.rb', line 111

def audit_resource_name_matches_pypi_package_name_in_url
  return unless url.match?(%r{^https?://files\.pythonhosted\.org/packages/})
  return if name == owner.name # Skip the top-level package name as we only care about `resource "foo"` blocks.

  if url.end_with? ".whl"
    path = URI(url).path
    return unless path.present?

    pypi_package_name, = File.basename(path).split("-", 2)
  else
    url =~ %r{/(?<package_name>[^/]+)-}
    pypi_package_name = Regexp.last_match(:package_name).to_s
  end

  T.must(pypi_package_name).gsub!(/[_.]/, "-")

  return if name.casecmp(pypi_package_name).zero?

  problem "`resource` name should be '#{pypi_package_name}' to match the PyPI package name"
end

#audit_urls ⇒ `Object`

# File 'resource_auditor.rb', line 132

def audit_urls
  urls = [url] + mirrors

  curl_dep = self.class.curl_deps.include?(owner.name)
  # Ideally `ca-certificates` would not be excluded here, but sourcing a HTTP mirror was tricky.
  # Instead, we have logic elsewhere to pass `--insecure` to curl when downloading the certs.
  # TODO: try remove the OS/env conditional
  if Homebrew::SimulateSystem.simulating_or_running_on_macos? && spec_name == :stable &&
     owner.name != "ca-certificates" && curl_dep && !urls.find { |u| u.start_with?("http://") }
    problem "Should always include at least one HTTP mirror"
  end

  return unless @online

  urls.each do |url|
    next if !@strict && mirrors.include?(url)

    strategy = DownloadStrategyDetector.detect(url, using)
    if strategy <= CurlDownloadStrategy && !url.start_with?("file")

      raise HomebrewCurlDownloadStrategyError, url if
        strategy <= HomebrewCurlDownloadStrategy && !Formula["curl"].any_version_installed?

      # Skip https audit for curl dependencies
      if !curl_dep && (http_content_problem = curl_check_http_content(
        url,
        "source URL",
        specs:,
        use_homebrew_curl: @use_homebrew_curl,
      ))
        problem http_content_problem
      end
    elsif strategy <= GitDownloadStrategy
      attempts = 0
      remote_exists = T.let(false, T::Boolean)
      while !remote_exists && attempts < Homebrew::EnvConfig.curl_retries.to_i
        remote_exists = Utils::Git.remote_exists?(url)
        attempts += 1
      end
      problem "The URL #{url} is not a valid Git URL" unless remote_exists
    elsif strategy <= SubversionDownloadStrategy
      next unless DevelopmentTools.subversion_handles_most_https_certificates?
      next unless Utils::Svn.available?

      problem "The URL #{url} is not a valid SVN URL" unless Utils::Svn.remote_exists? url
    end
  end
end

#audit_version ⇒ `Object`

# File 'resource_auditor.rb', line 47

def audit_version
  if version.nil?
    problem "Missing version"
  elsif owner.is_a?(Formula) && !version.to_s.match?(GitHubPackages::VALID_OCI_TAG_REGEX) &&
        (owner.core_formula? ||
        (owner.bottle_defined? && GitHubPackages::URL_REGEX.match?(owner.bottle_specification.root_url)))
    problem "`version #{version}` does not match #{GitHubPackages::VALID_OCI_TAG_REGEX.source}"
  elsif !version.detected_from_url?
    version_text = version
    version_url = Version.detect(url, **specs)
    if version_url.to_s == version_text.to_s && version.instance_of?(Version)
      problem "`version #{version_text}` is redundant with version scanned from URL"
    end
  end
end

#problem(text) ⇒ `Object`



205
206
207

# File 'resource_auditor.rb', line 205

def problem(text)
  @problems << text
end

Class: Homebrew::ResourceAuditor Private

Overview

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Utils::Curl

Methods included from SystemCommand::Mixin

Constructor Details

#initialize(resource, spec_name, options = {}) ⇒ ResourceAuditor

Instance Attribute Details

#checksum ⇒ Object (readonly)

#mirrors ⇒ Object (readonly)

#name ⇒ Object (readonly)

#owner ⇒ Object (readonly)

#problems ⇒ Object (readonly)

#spec_name ⇒ Object (readonly)

#specs ⇒ Object (readonly)

#url ⇒ Object (readonly)

#using ⇒ Object (readonly)

#version ⇒ Object (readonly)