brew/Library/Homebrew/utils/curl.rb

require "open3"

def curl_executable
  @curl ||= [
    ENV["HOMEBREW_CURL"],
    which("curl"),
    "/usr/bin/curl",
  ].compact.map { |c| Pathname(c) }.find(&:executable?)
  raise "no executable curl was found" unless @curl
  @curl
end

def curl_args(*extra_args, show_output: false, user_agent: :default)
  args = []

  # do not load .curlrc unless requested (must be the first argument)
  args << "-q" unless ENV["HOMEBREW_CURLRC"]

  args << "--show-error"

  args << "--user-agent" << case user_agent
  when :browser, :fake
    HOMEBREW_USER_AGENT_FAKE_SAFARI
  when :default
    HOMEBREW_USER_AGENT_CURL
  else
    user_agent
  end

  unless show_output
    args << "--fail"
    args << "--progress-bar" unless ARGV.verbose?
    args << "--verbose" if ENV["HOMEBREW_CURL_VERBOSE"]
    args << "--silent" if !$stdout.tty? || ENV["TRAVIS"]
  end

  args + extra_args
end

def curl(*args)
  # SSL_CERT_FILE can be incorrectly set by users or portable-ruby and screw
  # with SSL downloads so unset it here.
  system_command! curl_executable,
                  args: curl_args(*args),
                  env: { "SSL_CERT_FILE" => nil }
end

def curl_download(*args, to: nil, continue_at: "-", **options)
  had_incomplete_download ||= File.exist?(to)
  curl("--location", "--remote-time", "--continue-at", continue_at.to_s, "--output", to, *args, **options)
rescue ErrorDuringExecution => e
  # `curl` error 33: HTTP server doesn't seem to support byte ranges. Cannot resume.
  # HTTP status 416: Requested range not satisfiable
  if (e.status.exitstatus == 33 || had_incomplete_download) && continue_at == "-"
    continue_at = 0
    had_incomplete_download = false
    retry
  end

  raise
end

def curl_output(*args, **options)
  system_command(curl_executable,
                 args: curl_args(*args, show_output: true, **options),
                 print_stderr: false)
end

def curl_check_http_content(url, user_agents: [:default], check_content: false, strict: false, require_http: false)
  return unless url.start_with? "http"

  details = nil
  user_agent = nil
  hash_needed = url.start_with?("http:") && !require_http
  user_agents.each do |ua|
    details = curl_http_content_headers_and_checksum(url, hash_needed: hash_needed, user_agent: ua)
    user_agent = ua
    break if details[:status].to_s.start_with?("2")
  end

  unless details[:status]
    # Hack around https://github.com/Homebrew/brew/issues/3199
    return if MacOS.version == :el_capitan
    return "The URL #{url} is not reachable"
  end

  unless details[:status].start_with? "2"
    return "The URL #{url} is not reachable (HTTP status code #{details[:status]})"
  end

  return unless hash_needed

  secure_url = url.sub "http", "https"
  secure_details =
    curl_http_content_headers_and_checksum(secure_url, hash_needed: true, user_agent: user_agent)

  if !details[:status].to_s.start_with?("2") ||
     !secure_details[:status].to_s.start_with?("2")
    return
  end

  etag_match = details[:etag] &&
               details[:etag] == secure_details[:etag]
  content_length_match =
    details[:content_length] &&
    details[:content_length] == secure_details[:content_length]
  file_match = details[:file_hash] == secure_details[:file_hash]

  if etag_match || content_length_match || file_match
    return "The URL #{url} should use HTTPS rather than HTTP"
  end

  return unless check_content

  no_protocol_file_contents = %r{https?:\\?/\\?/}
  details[:file] = details[:file].gsub(no_protocol_file_contents, "/")
  secure_details[:file] = secure_details[:file].gsub(no_protocol_file_contents, "/")

  # Check for the same content after removing all protocols
  if details[:file] == secure_details[:file]
    return "The URL #{url} should use HTTPS rather than HTTP"
  end

  return unless strict

  # Same size, different content after normalization
  # (typical causes: Generated ID, Timestamp, Unix time)
  if details[:file].length == secure_details[:file].length
    return "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser."
  end

  lenratio = (100 * secure_details[:file].length / details[:file].length).to_i
  return unless (90..110).cover?(lenratio)
  "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser."
end

def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: :default)
  max_time = hash_needed ? "600" : "25"
  output, = curl_output(
    "--connect-timeout", "15", "--include", "--max-time", max_time, "--location", url,
    user_agent: user_agent
  )

  status_code = :unknown
  while status_code == :unknown || status_code.to_s.start_with?("3")
    headers, _, output = output.partition("\r\n\r\n")
    status_code = headers[%r{HTTP\/.* (\d+)}, 1]
  end

  output_hash = Digest::SHA256.digest(output) if hash_needed

  {
    status: status_code,
    etag: headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2],
    content_length: headers[/Content-Length: (\d+)/, 1],
    file_hash: output_hash,
    file: output,
  }
end
github: produce better curl error messages. (#441) * global: add RUBY_TWO global variable. * test-bot: use RUBY_TWO global variable. * github: produce better curl error messages. If we don't know why curl has failed then ensure that the error messages that it produced are included as part of the user output. 2016-07-12 19:46:29 +01:00			`require "open3"`
Use `curl` for the GitHub API (#295) * Move GitHub API module to utils/github.rb. * Move curl method to utils/curl.rb. * global: use long curl arguments and an array. This makes the code more self-documenting. * utils/curl: support reading curl's output. * utils/github: use curl instead of open-uri. It has far better proxy support. * pull: set Homebrew user agent. * gist-logs: remove trailing whitespace. * gist-logs: use first instead of [0]. Easier to read. * gist-logs: use curl-based GitHub.open method. 2016-06-03 13:05:18 +01:00
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`def curl_executable`
curl: handle more non-executable curl edge-cases. Address some additional issues mentioned in #3624. 2018-01-11 16:33:20 +00:00			`@curl \|\|= [`
			`ENV["HOMEBREW_CURL"],`
			`which("curl"),`
			`"/usr/bin/curl",`
fix: crash when curl is not installed 2018-03-17 16:46:44 -07:00			`].compact.map { \|c\| Pathname(c) }.find(&:executable?)`
			`raise "no executable curl was found" unless @curl`
curl: handle more non-executable curl edge-cases. Address some additional issues mentioned in #3624. 2018-01-11 16:33:20 +00:00			`@curl`
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`end`
Use `curl` for the GitHub API (#295) * Move GitHub API module to utils/github.rb. * Move curl method to utils/curl.rb. * global: use long curl arguments and an array. This makes the code more self-documenting. * utils/curl: support reading curl's output. * utils/github: use curl instead of open-uri. It has far better proxy support. * pull: set Homebrew user agent. * gist-logs: remove trailing whitespace. * gist-logs: use first instead of [0]. Easier to read. * gist-logs: use curl-based GitHub.open method. 2016-06-03 13:05:18 +01:00
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`def curl_args(*extra_args, show_output: false, user_agent: :default)`
Use `SystemCommand` for `curl`. 2018-07-30 10:11:00 +02:00			`args = []`
Add/use HOMEBREW_CURLRC variable. 2018-04-08 15:51:58 -07:00
			`# do not load .curlrc unless requested (must be the first argument)`
Only read curlrc if HOMEBREW_CURLRC is set. This reverses the previous, incorrect order. 2018-04-09 15:43:03 -07:00			`args << "-q" unless ENV["HOMEBREW_CURLRC"]`
Add/use HOMEBREW_CURLRC variable. 2018-04-08 15:51:58 -07:00
			`args << "--show-error"`
Use `curl` for the GitHub API (#295) * Move GitHub API module to utils/github.rb. * Move curl method to utils/curl.rb. * global: use long curl arguments and an array. This makes the code more self-documenting. * utils/curl: support reading curl's output. * utils/github: use curl instead of open-uri. It has far better proxy support. * pull: set Homebrew user agent. * gist-logs: remove trailing whitespace. * gist-logs: use first instead of [0]. Easier to read. * gist-logs: use curl-based GitHub.open method. 2016-06-03 13:05:18 +01:00
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`args << "--user-agent" << case user_agent`
			`when :browser, :fake`
			`HOMEBREW_USER_AGENT_FAKE_SAFARI`
			`when :default`
			`HOMEBREW_USER_AGENT_CURL`
Allow `brew audit` to fake a Safari user-agent. This allows us to detect if homepages such as e.g. `aiccu` which blocks `curl` are up or not. 2017-01-07 14:03:08 +00:00			`else`
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`user_agent`
curl: make curl_args more configurable. Allow configuring whether output should be shown or the default the default user agent is used. 2016-12-25 23:01:40 +00:00			`end`

Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`unless show_output`
Don’t pass `--fail` for `curl_output`. 2017-08-11 12:28:58 +02:00			`args << "--fail"`
curl: make curl_args more configurable. Allow configuring whether output should be shown or the default the default user agent is used. 2016-12-25 23:01:40 +00:00			`args << "--progress-bar" unless ARGV.verbose?`
			`args << "--verbose" if ENV["HOMEBREW_CURL_VERBOSE"]`
More environment filtering fixes - Make `brew pull` pass through Git environment variables - Whitelist all `TRAVIS_` variables. 2017-11-27 10:48:03 +00:00			`args << "--silent" if !$stdout.tty? \|\| ENV["TRAVIS"]`
curl: make curl_args more configurable. Allow configuring whether output should be shown or the default the default user agent is used. 2016-12-25 23:01:40 +00:00			`end`

Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`args + extra_args`
Use `curl` for the GitHub API (#295) * Move GitHub API module to utils/github.rb. * Move curl method to utils/curl.rb. * global: use long curl arguments and an array. This makes the code more self-documenting. * utils/curl: support reading curl's output. * utils/github: use curl instead of open-uri. It has far better proxy support. * pull: set Homebrew user agent. * gist-logs: remove trailing whitespace. * gist-logs: use first instead of [0]. Easier to read. * gist-logs: use curl-based GitHub.open method. 2016-06-03 13:05:18 +01:00			`end`

			`def curl(*args)`
curl: unset SSL_CERT_FILE. 2017-11-03 18:58:59 +00:00			`# SSL_CERT_FILE can be incorrectly set by users or portable-ruby and screw`
			`# with SSL downloads so unset it here.`
Use `SystemCommand` for `curl`. 2018-07-30 10:11:00 +02:00			`system_command! curl_executable,`
			`args: curl_args(*args),`
			`env: { "SSL_CERT_FILE" => nil }`
Simplify CurlDownloadStrategy. 2017-08-04 16:24:29 +02:00			`end`

Fix `pull`. 2017-08-21 19:32:16 +02:00			`def curl_download(args, to: nil, continue_at: "-", *options)`
Let `curl_download` handle HTTP 416 error. 2017-09-10 07:23:18 +02:00			`had_incomplete_download \|\|= File.exist?(to)`
Fix `pull`. 2017-08-21 19:32:16 +02:00			`curl("--location", "--remote-time", "--continue-at", continue_at.to_s, "--output", to, args, *options)`
Use `SystemCommand` for `curl`. 2018-07-30 10:11:00 +02:00			`rescue ErrorDuringExecution => e`
`curl_download`: Retry once on error `33`. 2017-08-10 18:53:23 +02:00			# `curl` error 33: HTTP server doesn't seem to support byte ranges. Cannot resume.
Let `curl_download` handle HTTP 416 error. 2017-09-10 07:23:18 +02:00			`# HTTP status 416: Requested range not satisfiable`
Use `SystemCommand` for `curl`. 2018-07-30 10:11:00 +02:00			`if (e.status.exitstatus == 33 \|\| had_incomplete_download) && continue_at == "-"`
Fix `pull`. 2017-08-21 19:32:16 +02:00			`continue_at = 0`
Let `curl_download` handle HTTP 416 error. 2017-09-10 07:23:18 +02:00			`had_incomplete_download = false`
`curl_download`: Retry once on error `33`. 2017-08-10 18:53:23 +02:00			`retry`
			`end`

			`raise`
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00			`end`

			`def curl_output(args, *options)`
Use `SystemCommand` for `curl`. 2018-07-30 10:11:00 +02:00			`system_command(curl_executable,`
			`args: curl_args(args, show_output: true, *options),`
			`print_stderr: false)`
Use `curl` for the GitHub API (#295) * Move GitHub API module to utils/github.rb. * Move curl method to utils/curl.rb. * global: use long curl arguments and an array. This makes the code more self-documenting. * utils/curl: support reading curl's output. * utils/github: use curl instead of open-uri. It has far better proxy support. * pull: set Homebrew user agent. * gist-logs: remove trailing whitespace. * gist-logs: use first instead of [0]. Easier to read. * gist-logs: use curl-based GitHub.open method. 2016-06-03 13:05:18 +01:00			`end`
Refactor: Move FormulaAudit.check_http_content to utils/curl 2017-12-03 14:02:55 +01:00
			`def curl_check_http_content(url, user_agents: [:default], check_content: false, strict: false, require_http: false)`
			`return unless url.start_with? "http"`

			`details = nil`
			`user_agent = nil`
			`hash_needed = url.start_with?("http:") && !require_http`
			`user_agents.each do \|ua\|`
			`details = curl_http_content_headers_and_checksum(url, hash_needed: hash_needed, user_agent: ua)`
			`user_agent = ua`
			`break if details[:status].to_s.start_with?("2")`
			`end`

			`unless details[:status]`
			`# Hack around https://github.com/Homebrew/brew/issues/3199`
			`return if MacOS.version == :el_capitan`
			`return "The URL #{url} is not reachable"`
			`end`

			`unless details[:status].start_with? "2"`
			`return "The URL #{url} is not reachable (HTTP status code #{details[:status]})"`
			`end`

			`return unless hash_needed`

			`secure_url = url.sub "http", "https"`
			`secure_details =`
			`curl_http_content_headers_and_checksum(secure_url, hash_needed: true, user_agent: user_agent)`

			`if !details[:status].to_s.start_with?("2") \|\|`
			`!secure_details[:status].to_s.start_with?("2")`
			`return`
			`end`

			`etag_match = details[:etag] &&`
			`details[:etag] == secure_details[:etag]`
			`content_length_match =`
			`details[:content_length] &&`
			`details[:content_length] == secure_details[:content_length]`
			`file_match = details[:file_hash] == secure_details[:file_hash]`

			`if etag_match \|\| content_length_match \|\| file_match`
			`return "The URL #{url} should use HTTPS rather than HTTP"`
			`end`

			`return unless check_content`

			`no_protocol_file_contents = %r{https?:\\?/\\?/}`
			`details[:file] = details[:file].gsub(no_protocol_file_contents, "/")`
			`secure_details[:file] = secure_details[:file].gsub(no_protocol_file_contents, "/")`

			`# Check for the same content after removing all protocols`
			`if details[:file] == secure_details[:file]`
			`return "The URL #{url} should use HTTPS rather than HTTP"`
			`end`

			`return unless strict`

			`# Same size, different content after normalization`
			`# (typical causes: Generated ID, Timestamp, Unix time)`
			`if details[:file].length == secure_details[:file].length`
			`return "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser."`
			`end`

			`lenratio = (100 * secure_details[:file].length / details[:file].length).to_i`
			`return unless (90..110).cover?(lenratio)`
			`"The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser."`
			`end`

			`def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: :default)`
			`max_time = hash_needed ? "600" : "25"`
			`output, = curl_output(`
			`"--connect-timeout", "15", "--include", "--max-time", max_time, "--location", url,`
			`user_agent: user_agent`
			`)`

			`status_code = :unknown`
			`while status_code == :unknown \|\| status_code.to_s.start_with?("3")`
			`headers, _, output = output.partition("\r\n\r\n")`
			`status_code = headers[%r{HTTP\/.* (\d+)}, 1]`
			`end`

			`output_hash = Digest::SHA256.digest(output) if hash_needed`

			`{`
			`status: status_code,`
			`etag: headers[%r{ETag: ([wW]\/)?"(([^"]\|\\")*)"}, 2],`
			`content_length: headers[/Content-Length: (\d+)/, 1],`
			`file_hash: output_hash,`
			`file: output,`
			`}`
			`end`