brew/Library/Homebrew/utils/curl.rb

require "open3"

def curl_executable
  @curl ||= [
    ENV["HOMEBREW_CURL"],
    which("curl"),
    "/usr/bin/curl",
  ].compact.map { |c| Pathname(c) }.find(&:executable?)
  raise "no executable curl was found" unless @curl

  @curl
end

def curl_args(*extra_args, show_output: false, user_agent: :default)
  args = []

  # do not load .curlrc unless requested (must be the first argument)
  args << "-q" unless ENV["HOMEBREW_CURLRC"]

  args << "--show-error"

  args << "--user-agent" << case user_agent
  when :browser, :fake
    HOMEBREW_USER_AGENT_FAKE_SAFARI
  when :default
    HOMEBREW_USER_AGENT_CURL
  else
    user_agent
  end

  unless show_output
    args << "--fail"
    args << "--progress-bar" unless ARGV.verbose?
    args << "--verbose" if ENV["HOMEBREW_CURL_VERBOSE"]
    args << "--silent" if !$stdout.tty? || ENV["HOMEBREW_TRAVIS_CI"]
  end

  args + extra_args
end

def curl(*args)
  # SSL_CERT_FILE can be incorrectly set by users or portable-ruby and screw
  # with SSL downloads so unset it here.
  system_command! curl_executable,
                  args: curl_args(*args),
                  print_stdout: true,
                  env: { "SSL_CERT_FILE" => nil }
end

def curl_download(*args, to: nil, **options)
  destination = Pathname(to)
  destination.dirname.mkpath

  continue_at = if destination.exist? &&
                   curl_output("--location", "--head", "--range", "0-1",
                               "--write-out", "%{http_code}",
                               "--output", "/dev/null", *args, **options).stdout.to_i == 206 # Partial Content
    "-"
  else
    0
  end

  curl("--location", "--remote-time", "--continue-at", continue_at.to_s, "--output", destination, *args, **options)
end

def curl_output(*args, **options)
  system_command(curl_executable,
                 args: curl_args(*args, show_output: true, **options),
                 print_stderr: false)
end

def curl_check_http_content(url, user_agents: [:default], check_content: false, strict: false, require_http: false)
  return unless url.start_with? "http"

  details = nil
  user_agent = nil
  hash_needed = url.start_with?("http:") && !require_http
  user_agents.each do |ua|
    details = curl_http_content_headers_and_checksum(url, hash_needed: hash_needed, user_agent: ua)
    user_agent = ua
    break if details[:status].to_s.start_with?("2")
  end

  unless details[:status]
    # Hack around https://github.com/Homebrew/brew/issues/3199
    return if MacOS.version == :el_capitan

    return "The URL #{url} is not reachable"
  end

  unless details[:status].start_with? "2"
    return "The URL #{url} is not reachable (HTTP status code #{details[:status]})"
  end

  return unless hash_needed

  secure_url = url.sub "http", "https"
  secure_details =
    curl_http_content_headers_and_checksum(secure_url, hash_needed: true, user_agent: user_agent)

  if !details[:status].to_s.start_with?("2") ||
     !secure_details[:status].to_s.start_with?("2")
    return
  end

  etag_match = details[:etag] &&
               details[:etag] == secure_details[:etag]
  content_length_match =
    details[:content_length] &&
    details[:content_length] == secure_details[:content_length]
  file_match = details[:file_hash] == secure_details[:file_hash]

  if etag_match || content_length_match || file_match
    return curl_check_http_redirections(secure_url, original_url: url, user_agents: user_agents)
  end

  return unless check_content

  no_protocol_file_contents = %r{https?:\\?/\\?/}
  details[:file] = details[:file].gsub(no_protocol_file_contents, "/")
  secure_details[:file] = secure_details[:file].gsub(no_protocol_file_contents, "/")

  # Check for the same content after removing all protocols
  if details[:file] == secure_details[:file]
    return curl_check_http_redirections(secure_url, original_url: url, user_agents: user_agents)
  end

  return unless strict

  # Same size, different content after normalization
  # (typical causes: Generated ID, Timestamp, Unix time)
  if details[:file].length == secure_details[:file].length
    return "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser."
  end

  lenratio = (100 * secure_details[:file].length / details[:file].length).to_i
  return unless (90..110).cover?(lenratio)

  "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser."
end

def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: :default)
  max_time = hash_needed ? "600" : "25"
  output, = curl_output(
    "--connect-timeout", "15", "--include", "--max-time", max_time, "--location", url, "--head",
    user_agent: user_agent
  )

  status_code = :unknown
  while status_code == :unknown || status_code.to_s.start_with?("3")
    headers, _, output = output.partition("\r\n\r\n")
    status_code = headers[%r{HTTP\/.* (\d+)}, 1]
  end

  output_hash = Digest::SHA256.digest(output) if hash_needed

  {
    status: status_code,
    etag: headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2],
    content_length: headers[/Content-Length: (\d+)/, 1],
    file_hash: output_hash,
    file: output,
  }
end

def curl_check_http_redirections(url, original_url: nil, user_agents: [:default])
  out, _, status= curl_output("--location", "--silent", "--head", url.to_s)

  lines = status.success? ? out.lines.map(&:chomp) : []

  locations = lines.map { |line| line[/^Location:\s*(.*)$/i, 1] }
                   .compact

  redirect_url = locations.reduce(url) do |current_url, location|
    if location.start_with?("/")
      uri = URI(current_url)
      "#{uri.scheme}://#{uri.host}#{location}"
    else
      location
    end
  end

  if original_url.start_with?("https://")
    unless redirect_url.start_with?("https://")
      return "The URL #{original_url} redirects back to HTTP"
    end
  elsif url.start_with?("https://")
    if redirect_url.start_with?("https://")
      return "The URL #{original_url} should use HTTPS rather than HTTP"
    end
  end
end
github: produce better curl error messages. (#441) * global: add RUBY_TWO global variable. * test-bot: use RUBY_TWO global variable. * github: produce better curl error messages. If we don't know why curl has failed then ensure that the error messages that it produced are included as part of the user output. 2016-07-12 19:46:29 +01:00			`require "open3"`
Use `curl` for the GitHub API (#295) * Move GitHub API module to utils/github.rb. * Move curl method to utils/curl.rb. * global: use long curl arguments and an array. This makes the code more self-documenting. * utils/curl: support reading curl's output. * utils/github: use curl instead of open-uri. It has far better proxy support. * pull: set Homebrew user agent. * gist-logs: remove trailing whitespace. * gist-logs: use first instead of [0]. Easier to read. * gist-logs: use curl-based GitHub.open method. 2016-06-03 13:05:18 +01:00
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`def curl_executable`
curl: handle more non-executable curl edge-cases. Address some additional issues mentioned in #3624. 2018-01-11 16:33:20 +00:00			`@curl \|\|= [`
			`ENV["HOMEBREW_CURL"],`
			`which("curl"),`
			`"/usr/bin/curl",`
fix: crash when curl is not installed 2018-03-17 16:46:44 -07:00			`].compact.map { \|c\| Pathname(c) }.find(&:executable?)`
			`raise "no executable curl was found" unless @curl`
Update to RuboCop 0.59.1. 2018-09-17 02:45:00 +02:00
curl: handle more non-executable curl edge-cases. Address some additional issues mentioned in #3624. 2018-01-11 16:33:20 +00:00			`@curl`
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`end`
Use `curl` for the GitHub API (#295) * Move GitHub API module to utils/github.rb. * Move curl method to utils/curl.rb. * global: use long curl arguments and an array. This makes the code more self-documenting. * utils/curl: support reading curl's output. * utils/github: use curl instead of open-uri. It has far better proxy support. * pull: set Homebrew user agent. * gist-logs: remove trailing whitespace. * gist-logs: use first instead of [0]. Easier to read. * gist-logs: use curl-based GitHub.open method. 2016-06-03 13:05:18 +01:00
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`def curl_args(*extra_args, show_output: false, user_agent: :default)`
Use `SystemCommand` for `curl`. 2018-07-30 10:11:00 +02:00			`args = []`
Add/use HOMEBREW_CURLRC variable. 2018-04-08 15:51:58 -07:00
			`# do not load .curlrc unless requested (must be the first argument)`
Only read curlrc if HOMEBREW_CURLRC is set. This reverses the previous, incorrect order. 2018-04-09 15:43:03 -07:00			`args << "-q" unless ENV["HOMEBREW_CURLRC"]`
Add/use HOMEBREW_CURLRC variable. 2018-04-08 15:51:58 -07:00
			`args << "--show-error"`
Use `curl` for the GitHub API (#295) * Move GitHub API module to utils/github.rb. * Move curl method to utils/curl.rb. * global: use long curl arguments and an array. This makes the code more self-documenting. * utils/curl: support reading curl's output. * utils/github: use curl instead of open-uri. It has far better proxy support. * pull: set Homebrew user agent. * gist-logs: remove trailing whitespace. * gist-logs: use first instead of [0]. Easier to read. * gist-logs: use curl-based GitHub.open method. 2016-06-03 13:05:18 +01:00
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`args << "--user-agent" << case user_agent`
			`when :browser, :fake`
			`HOMEBREW_USER_AGENT_FAKE_SAFARI`
			`when :default`
			`HOMEBREW_USER_AGENT_CURL`
Allow `brew audit` to fake a Safari user-agent. This allows us to detect if homepages such as e.g. `aiccu` which blocks `curl` are up or not. 2017-01-07 14:03:08 +00:00			`else`
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`user_agent`
curl: make curl_args more configurable. Allow configuring whether output should be shown or the default the default user agent is used. 2016-12-25 23:01:40 +00:00			`end`

Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`unless show_output`
Don’t pass `--fail` for `curl_output`. 2017-08-11 12:28:58 +02:00			`args << "--fail"`
curl: make curl_args more configurable. Allow configuring whether output should be shown or the default the default user agent is used. 2016-12-25 23:01:40 +00:00			`args << "--progress-bar" unless ARGV.verbose?`
			`args << "--verbose" if ENV["HOMEBREW_CURL_VERBOSE"]`
Cleanup Travis and CI configuration. Use the environment variables set by `brew test-bot`. Eventually we'll disable Travis CI running CodeCov so move `TRAVIS` references to `HOMEBREW_TRAVIS_CI` so it doesn't need whitelisted. Also, fix `azure-pipelines.yml` so it's testing the correct version of Homebrew/brew (the one checked out in the `pwd`). 2018-09-19 14:45:06 +01:00			`args << "--silent" if !$stdout.tty? \|\| ENV["HOMEBREW_TRAVIS_CI"]`
curl: make curl_args more configurable. Allow configuring whether output should be shown or the default the default user agent is used. 2016-12-25 23:01:40 +00:00			`end`

Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`args + extra_args`
Use `curl` for the GitHub API (#295) * Move GitHub API module to utils/github.rb. * Move curl method to utils/curl.rb. * global: use long curl arguments and an array. This makes the code more self-documenting. * utils/curl: support reading curl's output. * utils/github: use curl instead of open-uri. It has far better proxy support. * pull: set Homebrew user agent. * gist-logs: remove trailing whitespace. * gist-logs: use first instead of [0]. Easier to read. * gist-logs: use curl-based GitHub.open method. 2016-06-03 13:05:18 +01:00			`end`

			`def curl(*args)`
curl: unset SSL_CERT_FILE. 2017-11-03 18:58:59 +00:00			`# SSL_CERT_FILE can be incorrectly set by users or portable-ruby and screw`
			`# with SSL downloads so unset it here.`
Use `SystemCommand` for `curl`. 2018-07-30 10:11:00 +02:00			`system_command! curl_executable,`
			`args: curl_args(*args),`
Show `stdout` for `curl` commands. 2018-08-01 11:15:42 +02:00			`print_stdout: true,`
Use `SystemCommand` for `curl`. 2018-07-30 10:11:00 +02:00			`env: { "SSL_CERT_FILE" => nil }`
Simplify CurlDownloadStrategy. 2017-08-04 16:24:29 +02:00			`end`

Check for range support instead of rescuing error. 2018-09-06 16:25:08 +02:00			`def curl_download(args, to: nil, *options)`
Fix `downloads` directory not being created. 2018-09-05 00:38:19 +02:00			`destination = Pathname(to)`
			`destination.dirname.mkpath`
Check for range support instead of rescuing error. 2018-09-06 16:25:08 +02:00
			`continue_at = if destination.exist? &&`
			`curl_output("--location", "--head", "--range", "0-1",`
			`"--write-out", "%{http_code}",`
			`"--output", "/dev/null", args, *options).stdout.to_i == 206 # Partial Content`
			`"-"`
			`else`
			`0`
`curl_download`: Retry once on error `33`. 2017-08-10 18:53:23 +02:00			`end`

Check for range support instead of rescuing error. 2018-09-06 16:25:08 +02:00			`curl("--location", "--remote-time", "--continue-at", continue_at.to_s, "--output", destination, args, *options)`
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`end`

			`def curl_output(args, *options)`
Use `SystemCommand` for `curl`. 2018-07-30 10:11:00 +02:00			`system_command(curl_executable,`
			`args: curl_args(args, show_output: true, *options),`
			`print_stderr: false)`
Use `curl` for the GitHub API (#295) * Move GitHub API module to utils/github.rb. * Move curl method to utils/curl.rb. * global: use long curl arguments and an array. This makes the code more self-documenting. * utils/curl: support reading curl's output. * utils/github: use curl instead of open-uri. It has far better proxy support. * pull: set Homebrew user agent. * gist-logs: remove trailing whitespace. * gist-logs: use first instead of [0]. Easier to read. * gist-logs: use curl-based GitHub.open method. 2016-06-03 13:05:18 +01:00			`end`
Refactor: Move FormulaAudit.check_http_content to utils/curl 2017-12-03 14:02:55 +01:00
			`def curl_check_http_content(url, user_agents: [:default], check_content: false, strict: false, require_http: false)`
			`return unless url.start_with? "http"`

			`details = nil`
			`user_agent = nil`
			`hash_needed = url.start_with?("http:") && !require_http`
			`user_agents.each do \|ua\|`
			`details = curl_http_content_headers_and_checksum(url, hash_needed: hash_needed, user_agent: ua)`
			`user_agent = ua`
			`break if details[:status].to_s.start_with?("2")`
			`end`

			`unless details[:status]`
			`# Hack around https://github.com/Homebrew/brew/issues/3199`
			`return if MacOS.version == :el_capitan`
Update to RuboCop 0.59.1. 2018-09-17 02:45:00 +02:00
Refactor: Move FormulaAudit.check_http_content to utils/curl 2017-12-03 14:02:55 +01:00			`return "The URL #{url} is not reachable"`
			`end`

			`unless details[:status].start_with? "2"`
			`return "The URL #{url} is not reachable (HTTP status code #{details[:status]})"`
			`end`

			`return unless hash_needed`

			`secure_url = url.sub "http", "https"`
			`secure_details =`
			`curl_http_content_headers_and_checksum(secure_url, hash_needed: true, user_agent: user_agent)`

			`if !details[:status].to_s.start_with?("2") \|\|`
			`!secure_details[:status].to_s.start_with?("2")`
			`return`
			`end`

			`etag_match = details[:etag] &&`
			`details[:etag] == secure_details[:etag]`
			`content_length_match =`
			`details[:content_length] &&`
			`details[:content_length] == secure_details[:content_length]`
			`file_match = details[:file_hash] == secure_details[:file_hash]`

			`if etag_match \|\| content_length_match \|\| file_match`
Cask: address HTTPS->HTTP redirections 2018-10-10 21:36:06 +00:00			`return curl_check_http_redirections(secure_url, original_url: url, user_agents: user_agents)`
Refactor: Move FormulaAudit.check_http_content to utils/curl 2017-12-03 14:02:55 +01:00			`end`

			`return unless check_content`

			`no_protocol_file_contents = %r{https?:\\?/\\?/}`
			`details[:file] = details[:file].gsub(no_protocol_file_contents, "/")`
			`secure_details[:file] = secure_details[:file].gsub(no_protocol_file_contents, "/")`

			`# Check for the same content after removing all protocols`
			`if details[:file] == secure_details[:file]`
Cask: address HTTPS->HTTP redirections 2018-10-10 21:36:06 +00:00			`return curl_check_http_redirections(secure_url, original_url: url, user_agents: user_agents)`
Refactor: Move FormulaAudit.check_http_content to utils/curl 2017-12-03 14:02:55 +01:00			`end`

			`return unless strict`

			`# Same size, different content after normalization`
			`# (typical causes: Generated ID, Timestamp, Unix time)`
			`if details[:file].length == secure_details[:file].length`
			`return "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser."`
			`end`

			`lenratio = (100 * secure_details[:file].length / details[:file].length).to_i`
			`return unless (90..110).cover?(lenratio)`
Update to RuboCop 0.59.1. 2018-09-17 02:45:00 +02:00
Refactor: Move FormulaAudit.check_http_content to utils/curl 2017-12-03 14:02:55 +01:00			`"The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser."`
			`end`

			`def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: :default)`
			`max_time = hash_needed ? "600" : "25"`
			`output, = curl_output(`
Cask: address HTTPS->HTTP redirections 2018-10-10 21:36:06 +00:00			`"--connect-timeout", "15", "--include", "--max-time", max_time, "--location", url, "--head",`
Refactor: Move FormulaAudit.check_http_content to utils/curl 2017-12-03 14:02:55 +01:00			`user_agent: user_agent`
			`)`

			`status_code = :unknown`
			`while status_code == :unknown \|\| status_code.to_s.start_with?("3")`
			`headers, _, output = output.partition("\r\n\r\n")`
			`status_code = headers[%r{HTTP\/.* (\d+)}, 1]`
			`end`

			`output_hash = Digest::SHA256.digest(output) if hash_needed`

			`{`
			`status: status_code,`
			`etag: headers[%r{ETag: ([wW]\/)?"(([^"]\|\\")*)"}, 2],`
			`content_length: headers[/Content-Length: (\d+)/, 1],`
			`file_hash: output_hash,`
			`file: output,`
			`}`
			`end`
Cask: address HTTPS->HTTP redirections 2018-10-10 21:36:06 +00:00
			`def curl_check_http_redirections(url, original_url: nil, user_agents: [:default])`
			`out, _, status= curl_output("--location", "--silent", "--head", url.to_s)`

			`lines = status.success? ? out.lines.map(&:chomp) : []`

			`locations = lines.map { \|line\| line[/^Location:\s(.)$/i, 1] }`
			`.compact`

			`redirect_url = locations.reduce(url) do \|current_url, location\|`
			`if location.start_with?("/")`
			`uri = URI(current_url)`
			`"#{uri.scheme}://#{uri.host}#{location}"`
			`else`
			`location`
			`end`
			`end`

			`if original_url.start_with?("https://")`
			`unless redirect_url.start_with?("https://")`
			`return "The URL #{original_url} redirects back to HTTP"`
			`end`
			`elsif url.start_with?("https://")`
			`if redirect_url.start_with?("https://")`
			`return "The URL #{original_url} should use HTTPS rather than HTTP"`
			`end`
			`end`
			`end`