Class: Homebrew::ResourceAuditor Private
- Includes:
- Utils::Curl
- Defined in:
- resource_auditor.rb
Overview
This class is part of a private API. This class may only be used in the Homebrew/brew repository. Third parties should avoid using this class if possible, as it may be removed or changed without warning.
Auditor for checking common violations in Resources.
Instance Attribute Summary collapse
- #checksum ⇒ Object readonly private
- #mirrors ⇒ Object readonly private
- #name ⇒ Object readonly private
- #owner ⇒ Object readonly private
- #problems ⇒ Object readonly private
- #spec_name ⇒ Object readonly private
- #specs ⇒ Object readonly private
- #url ⇒ Object readonly private
- #using ⇒ Object readonly private
- #version ⇒ Object readonly private
Class Method Summary collapse
- .curl_deps ⇒ Object private
Instance Method Summary collapse
- #audit ⇒ Object private
- #audit_checksum ⇒ Object private
- #audit_download_strategy ⇒ Object private
- #audit_head_branch ⇒ Object private
- #audit_resource_name_matches_pypi_package_name_in_url ⇒ Object private
- #audit_urls ⇒ Object private
- #audit_version ⇒ Object private
-
#initialize(resource, spec_name, options = {}) ⇒ ResourceAuditor
constructor
private
A new instance of ResourceAuditor.
- #problem(text) ⇒ Object private
Methods included from Utils::Curl
clear_path_cache, curl, curl_args, curl_check_http_content, curl_download, curl_executable, curl_headers, curl_http_content_headers_and_checksum, curl_output, curl_path, curl_response_follow_redirections, curl_response_last_location, curl_supports_fail_with_body?, curl_supports_tls13?, curl_version, curl_with_workarounds, http_status_ok?, parse_curl_output, url_protected_by_cloudflare?, url_protected_by_incapsula?
Methods included from SystemCommand::Mixin
#system_command, #system_command!
Constructor Details
#initialize(resource, spec_name, options = {}) ⇒ ResourceAuditor
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
Returns a new instance of ResourceAuditor.
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# File 'resource_auditor.rb', line 13 def initialize(resource, spec_name, = {}) @name = resource.name @version = resource.version @checksum = resource.checksum @url = resource.url @mirrors = resource.mirrors @using = resource.using @specs = resource.specs @owner = resource.owner @spec_name = spec_name @online = [:online] @strict = [:strict] @only = [:only] @except = [:except] @core_tap = [:core_tap] @use_homebrew_curl = [:use_homebrew_curl] @problems = [] end |
Instance Attribute Details
#checksum ⇒ Object (readonly)
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
11 12 13 |
# File 'resource_auditor.rb', line 11 def checksum @checksum end |
#mirrors ⇒ Object (readonly)
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
11 12 13 |
# File 'resource_auditor.rb', line 11 def mirrors @mirrors end |
#name ⇒ Object (readonly)
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
11 12 13 |
# File 'resource_auditor.rb', line 11 def name @name end |
#owner ⇒ Object (readonly)
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
11 12 13 |
# File 'resource_auditor.rb', line 11 def owner @owner end |
#problems ⇒ Object (readonly)
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
11 12 13 |
# File 'resource_auditor.rb', line 11 def problems @problems end |
#spec_name ⇒ Object (readonly)
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
11 12 13 |
# File 'resource_auditor.rb', line 11 def spec_name @spec_name end |
#specs ⇒ Object (readonly)
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
11 12 13 |
# File 'resource_auditor.rb', line 11 def specs @specs end |
#url ⇒ Object (readonly)
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
11 12 13 |
# File 'resource_auditor.rb', line 11 def url @url end |
#using ⇒ Object (readonly)
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
11 12 13 |
# File 'resource_auditor.rb', line 11 def using @using end |
#version ⇒ Object (readonly)
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
11 12 13 |
# File 'resource_auditor.rb', line 11 def version @version end |
Class Method Details
.curl_deps ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
106 107 108 109 110 111 112 |
# File 'resource_auditor.rb', line 106 def self.curl_deps @curl_deps ||= begin ["curl"] + Formula["curl"].recursive_dependencies.map(&:name).uniq rescue FormulaUnavailableError [] end end |
Instance Method Details
#audit ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'resource_auditor.rb', line 32 def audit only_audits = @only except_audits = @except methods.map(&:to_s).grep(/^audit_/).each do |audit_method_name| name = audit_method_name.delete_prefix("audit_") next if only_audits&.exclude?(name) next if except_audits&.include?(name) send(audit_method_name) end self end |
#audit_checksum ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
96 97 98 99 100 101 102 103 104 |
# File 'resource_auditor.rb', line 96 def audit_checksum return if spec_name == :head # This condition is non-invertible. # rubocop:disable Style/InvertibleUnlessCondition return unless DownloadStrategyDetector.detect(url, using) <= CurlDownloadStrategy # rubocop:enable Style/InvertibleUnlessCondition problem "Checksum is missing" if checksum.blank? end |
#audit_download_strategy ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'resource_auditor.rb', line 63 def audit_download_strategy url_strategy = DownloadStrategyDetector.detect(url) if (using == :git || url_strategy == GitDownloadStrategy) && specs[:tag] && !specs[:revision] problem "Git should specify `revision:` when a `tag:` is specified." end return unless using if using == :cvs mod = specs[:module] problem "Redundant `module:` value in URL" if mod == name if url.match?(%r{:[^/]+$}) mod = url.split(":").last if mod == name problem "Redundant CVS module appended to URL" else problem "Specify CVS module as `module: \"#{mod}\"` instead of appending it to the URL" end end end # TODO: Remove this exception for `lsr` after support for tangled.sh # Git URLs is available in a brew release. return if name == "lsr" return if url_strategy != DownloadStrategyDetector.detect("", using) problem "Redundant `using:` value in URL" end |
#audit_head_branch ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 |
# File 'resource_auditor.rb', line 184 def audit_head_branch return unless @online return if spec_name != :head return if specs[:tag].present? return if specs[:revision].present? # Skip `resource` URLs as they use SHAs instead of branch specifiers. return if name != owner.name return unless url.end_with?(".git") return unless Utils::Git.remote_exists?(url) detected_branch = Utils.popen_read("git", "ls-remote", "--symref", url, "HEAD") .match(%r{ref: refs/heads/(.*?)\s+HEAD})&.to_a&.second if specs[:branch].blank? problem "Git `head` URL must specify a branch name" return end return unless @core_tap return if specs[:branch] == detected_branch problem "To use a non-default HEAD branch, add the formula to `head_non_default_branch_allowlist.json`." end |
#audit_resource_name_matches_pypi_package_name_in_url ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
# File 'resource_auditor.rb', line 114 def audit_resource_name_matches_pypi_package_name_in_url return unless url.match?(%r{^https?://files\.pythonhosted\.org/packages/}) return if name == owner.name # Skip the top-level package name as we only care about `resource "foo"` blocks. if url.end_with? ".whl" path = URI(url).path return unless path.present? pypi_package_name, = File.basename(path).split("-", 2) else url =~ %r{/(?<package_name>[^/]+)-} pypi_package_name = Regexp.last_match(:package_name).to_s end T.must(pypi_package_name).gsub!(/[_.]/, "-") return if name.casecmp(pypi_package_name).zero? problem "`resource` name should be '#{pypi_package_name}' to match the PyPI package name" end |
#audit_urls ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 |
# File 'resource_auditor.rb', line 135 def audit_urls urls = [url] + mirrors curl_dep = self.class.curl_deps.include?(owner.name) # Ideally `ca-certificates` would not be excluded here, but sourcing a HTTP mirror was tricky. # Instead, we have logic elsewhere to pass `--insecure` to curl when downloading the certs. # TODO: try remove the OS/env conditional if Homebrew::SimulateSystem.simulating_or_running_on_macos? && spec_name == :stable && owner.name != "ca-certificates" && curl_dep && !urls.find { |u| u.start_with?("http://") } problem "Should always include at least one HTTP mirror" end return unless @online urls.each do |url| next if !@strict && mirrors.include?(url) strategy = DownloadStrategyDetector.detect(url, using) if strategy <= CurlDownloadStrategy && !url.start_with?("file") raise HomebrewCurlDownloadStrategyError, url if strategy <= HomebrewCurlDownloadStrategy && !Formula["curl"].any_version_installed? # Skip https audit for curl dependencies if !curl_dep && (http_content_problem = curl_check_http_content( url, "source URL", specs:, use_homebrew_curl: @use_homebrew_curl, )) problem http_content_problem end elsif strategy <= GitDownloadStrategy attempts = 0 remote_exists = T.let(false, T::Boolean) while !remote_exists && attempts < Homebrew::EnvConfig.curl_retries.to_i remote_exists = Utils::Git.remote_exists?(url) attempts += 1 end problem "The URL #{url} is not a valid Git URL" unless remote_exists elsif strategy <= SubversionDownloadStrategy next unless DevelopmentTools.subversion_handles_most_https_certificates? next unless Utils::Svn.available? problem "The URL #{url} is not a valid SVN URL" unless Utils::Svn.remote_exists? url end end end |
#audit_version ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'resource_auditor.rb', line 47 def audit_version if version.nil? problem "Missing version" elsif owner.is_a?(Formula) && !version.to_s.match?(GitHubPackages::VALID_OCI_TAG_REGEX) && (owner.core_formula? || (owner.bottle_defined? && GitHubPackages::URL_REGEX.match?(owner.bottle_specification.root_url))) problem "`version #{version}` does not match #{GitHubPackages::VALID_OCI_TAG_REGEX.source}" elsif !version.detected_from_url? version_text = version version_url = Version.detect(url, **specs) if version_url.to_s == version_text.to_s && version.instance_of?(Version) problem "`version #{version_text}` is redundant with version scanned from URL" end end end |
#problem(text) ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
208 209 210 |
# File 'resource_auditor.rb', line 208 def problem(text) @problems << text end |