brew/Library/Homebrew/cask/lib/hbc/audit.rb

require "hbc/checkable"
require "hbc/download"
require "digest"
require "utils/git"

module Hbc
  class Audit
    include Checkable

    attr_reader :cask, :commit_range, :download

    def initialize(cask, download: false, check_token_conflicts: false, commit_range: nil, command: SystemCommand)
      @cask = cask
      @download = download
      @commit_range = commit_range
      @check_token_conflicts = check_token_conflicts
      @command = command
    end

    def check_token_conflicts?
      @check_token_conflicts
    end

    def run!
      check_required_stanzas
      check_version_and_checksum
      check_version
      check_sha256
      check_appcast
      check_url
      check_generic_artifacts
      check_token_conflicts
      check_download
      check_single_pre_postflight
      check_single_uninstall_zap
      check_untrusted_pkg
      check_github_releases_appcast
      check_latest_with_appcast
      self
    rescue StandardError => e
      odebug "#{e.message}\n#{e.backtrace.join("\n")}"
      add_error "exception while auditing #{cask}: #{e.message}"
      self
    end

    def success?
      !(errors? || warnings?)
    end

    def summary_header
      "audit for #{cask}"
    end

    private

    def check_untrusted_pkg
      odebug "Auditing pkg stanza: allow_untrusted"

      return if @cask.sourcefile_path.nil?

      tap = @cask.tap
      return if tap.nil? || tap.user != "caskroom"

      return unless cask.artifacts.any? { |k| k.is_a?(Hbc::Artifact::Pkg) && k.stanza_options.key?(:allow_untrusted) }
      add_warning "allow_untrusted is not permitted in official Homebrew-Cask taps"
    end

    def check_single_pre_postflight
      odebug "Auditing preflight and postflight stanzas"

      if cask.artifacts.count { |k| k.is_a?(Hbc::Artifact::PreflightBlock) && k.directives.key?(:preflight) } > 1
        add_warning "only a single preflight stanza is allowed"
      end

      return unless cask.artifacts.count { |k| k.is_a?(Hbc::Artifact::PostflightBlock) && k.directives.key?(:postflight) } > 1
      add_warning "only a single postflight stanza is allowed"
    end

    def check_single_uninstall_zap
      odebug "Auditing single uninstall_* and zap stanzas"

      if cask.artifacts.count { |k| k.is_a?(Hbc::Artifact::Uninstall) } > 1
        add_warning "only a single uninstall stanza is allowed"
      end

      if cask.artifacts.count { |k| k.is_a?(Hbc::Artifact::PreflightBlock) && k.directives.key?(:uninstall_preflight) } > 1
        add_warning "only a single uninstall_preflight stanza is allowed"
      end

      if cask.artifacts.count { |k| k.is_a?(Hbc::Artifact::PostflightBlock) && k.directives.key?(:uninstall_postflight) } > 1
        add_warning "only a single uninstall_postflight stanza is allowed"
      end

      return unless cask.artifacts.count { |k| k.is_a?(Hbc::Artifact::Zap) } > 1
      add_warning "only a single zap stanza is allowed"
    end

    def check_required_stanzas
      odebug "Auditing required stanzas"
      [:version, :sha256, :url, :homepage].each do |sym|
        add_error "a #{sym} stanza is required" unless cask.send(sym)
      end
      add_error "at least one name stanza is required" if cask.name.empty?
      # TODO: specific DSL knowledge should not be spread around in various files like this
      # TODO: nested_container should not still be a pseudo-artifact at this point
      installable_artifacts = cask.artifacts.reject { |k| [:uninstall, :zap, :nested_container].include?(k) }
      add_error "at least one activatable artifact stanza is required" if installable_artifacts.empty?
    end

    def check_version_and_checksum
      return if @cask.sourcefile_path.nil?

      tap = @cask.tap
      return if tap.nil?

      return if commit_range.nil?
      previous_cask_contents = Git.last_revision_of_file(tap.path, @cask.sourcefile_path, before_commit: commit_range)
      return if previous_cask_contents.empty?

      begin
        previous_cask = CaskLoader.load(previous_cask_contents)

        return unless previous_cask.version == cask.version
        return if previous_cask.sha256 == cask.sha256

        add_error "only sha256 changed (see: https://github.com/caskroom/homebrew-cask/blob/master/doc/cask_language_reference/stanzas/sha256.md)"
      rescue CaskError => e
        add_warning "Skipped version and checksum comparison. Reading previous version failed: #{e}"
      end
    end

    def check_version
      return unless cask.version
      check_no_string_version_latest
      check_no_file_separator_in_version
    end

    def check_no_string_version_latest
      odebug "Verifying version :latest does not appear as a string ('latest')"
      return unless cask.version.raw_version == "latest"
      add_error "you should use version :latest instead of version 'latest'"
    end

    def check_no_file_separator_in_version
      odebug "Verifying version does not contain '#{File::SEPARATOR}'"
      return unless cask.version.raw_version.is_a?(String)
      return unless cask.version.raw_version.include?(File::SEPARATOR)
      add_error "version should not contain '#{File::SEPARATOR}'"
    end

    def check_sha256
      return unless cask.sha256
      check_sha256_no_check_if_latest
      check_sha256_actually_256
      check_sha256_invalid
    end

    def check_sha256_no_check_if_latest
      odebug "Verifying sha256 :no_check with version :latest"
      return unless cask.version.latest? && cask.sha256 != :no_check
      add_error "you should use sha256 :no_check when version is :latest"
    end

    def check_sha256_actually_256(sha256: cask.sha256, stanza: "sha256")
      odebug "Verifying #{stanza} string is a legal SHA-256 digest"
      return unless sha256.is_a?(String)
      return if sha256.length == 64 && sha256[/^[0-9a-f]+$/i]
      add_error "#{stanza} string must be of 64 hexadecimal characters"
    end

    def check_sha256_invalid(sha256: cask.sha256, stanza: "sha256")
      odebug "Verifying #{stanza} is not a known invalid value"
      empty_sha256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      return unless sha256 == empty_sha256
      add_error "cannot use the sha256 for an empty string in #{stanza}: #{empty_sha256}"
    end

    def check_appcast
      return unless cask.appcast
      odebug "Auditing appcast"
      check_appcast_has_checkpoint
      return unless cask.appcast.checkpoint
      check_sha256_actually_256(sha256: cask.appcast.checkpoint, stanza: "appcast :checkpoint")
      check_sha256_invalid(sha256: cask.appcast.checkpoint, stanza: "appcast :checkpoint")
      return unless download
      check_appcast_http_code
      check_appcast_checkpoint_accuracy
    end

    def check_appcast_has_checkpoint
      odebug "Verifying appcast has :checkpoint key"
      add_error "a checkpoint sha256 is required for appcast" unless cask.appcast.checkpoint
    end

    def check_appcast_http_code
      odebug "Verifying appcast returns 200 HTTP response code"

      curl_executable, *args = curl_args(
        "--compressed", "--location", "--fail",
        "--write-out", "%{http_code}",
        "--output", "/dev/null",
        cask.appcast,
        user_agent: :fake
      )
      result = @command.run(curl_executable, args: args, print_stderr: false)
      if result.success?
        http_code = result.stdout.chomp
        add_warning "unexpected HTTP response code retrieving appcast: #{http_code}" unless http_code == "200"
      else
        add_warning "error retrieving appcast: #{result.stderr}"
      end
    end

    def check_appcast_checkpoint_accuracy
      odebug "Verifying appcast checkpoint is accurate"
      result = cask.appcast.calculate_checkpoint

      actual_checkpoint = result[:checkpoint]

      if actual_checkpoint.nil?
        add_warning "error retrieving appcast: #{result[:command_result].stderr}"
      else
        expected = cask.appcast.checkpoint
        add_warning <<~EOS unless expected == actual_checkpoint
          appcast checkpoint mismatch
          Expected: #{expected}
          Actual: #{actual_checkpoint}
        EOS
      end
    end

    def check_latest_with_appcast
      return unless cask.version.latest?
      return unless cask.appcast

      add_warning "Casks with an appcast should not use version :latest"
    end

    def check_github_releases_appcast
      return if cask.appcast
      return unless cask.url.to_s =~ %r{github.com/([^/]+)/([^/]+)/releases/download/(\S+)}

      add_warning "Cask uses GitHub releases, please add an appcast. See https://github.com/caskroom/homebrew-cask/blob/master/doc/cask_language_reference/stanzas/appcast.md"
    end

    def check_url
      return unless cask.url
      check_download_url_format
    end

    def check_download_url_format
      odebug "Auditing URL format"
      if bad_sourceforge_url?
        add_warning "SourceForge URL format incorrect. See https://github.com/caskroom/homebrew-cask/blob/master/doc/cask_language_reference/stanzas/url.md#sourceforgeosdn-urls"
      elsif bad_osdn_url?
        add_warning "OSDN URL format incorrect. See https://github.com/caskroom/homebrew-cask/blob/master/doc/cask_language_reference/stanzas/url.md#sourceforgeosdn-urls"
      end
    end

    def bad_url_format?(regex, valid_formats_array)
      return false unless cask.url.to_s =~ regex
      valid_formats_array.none? { |format| cask.url.to_s =~ format }
    end

    def bad_sourceforge_url?
      bad_url_format?(/sourceforge/,
                      [
                        %r{\Ahttps://sourceforge\.net/projects/[^/]+/files/latest/download\Z},
                        %r{\Ahttps://downloads\.sourceforge\.net/(?!(project|sourceforge)\/)},
                        # special cases: cannot find canonical format URL
                        %r{\Ahttps?://brushviewer\.sourceforge\.net/brushviewql\.zip\Z},
                        %r{\Ahttps?://doublecommand\.sourceforge\.net/files/},
                        %r{\Ahttps?://excalibur\.sourceforge\.net/get\.php\?id=},
                      ])
    end

    def bad_osdn_url?
      bad_url_format?(/osd/, [%r{\Ahttps?://([^/]+.)?dl\.osdn\.jp/}])
    end

    def check_generic_artifacts
      cask.artifacts.select { |a| a.is_a?(Hbc::Artifact::Artifact) }.each do |artifact|
        unless artifact.target.absolute?
          add_error "target must be absolute path for #{artifact.class.english_name} #{artifact.source}"
        end
      end
    end

    def check_token_conflicts
      return unless check_token_conflicts?
      return unless core_formula_names.include?(cask.token)
      add_warning "possible duplicate, cask token conflicts with Homebrew core formula: #{core_formula_url}"
    end

    def core_tap
      @core_tap ||= CoreTap.instance
    end

    def core_formula_names
      core_tap.formula_names
    end

    def core_formula_url
      "#{core_tap.default_remote}/blob/master/Formula/#{cask.token}.rb"
    end

    def check_download
      return unless download && cask.url
      odebug "Auditing download"
      downloaded_path = download.perform
      Verify.all(cask, downloaded_path)
    rescue => e
      add_error "download not possible: #{e.message}"
    end
  end
end
init 2016-08-18 22:11:42 +03:00			`require "hbc/checkable"`
			`require "hbc/download"`
			`require "digest"`
Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00			`require "utils/git"`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`module Hbc`
			`class Audit`
			`include Checkable`
init 2016-08-18 22:11:42 +03:00
Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00			`attr_reader :cask, :commit_range, :download`
init 2016-08-18 22:11:42 +03:00
Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00			`def initialize(cask, download: false, check_token_conflicts: false, commit_range: nil, command: SystemCommand)`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`@cask = cask`
			`@download = download`
Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00			`@commit_range = commit_range`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`@check_token_conflicts = check_token_conflicts`
			`@command = command`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_token_conflicts?`
			`@check_token_conflicts`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def run!`
			`check_required_stanzas`
Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00			`check_version_and_checksum`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`check_version`
			`check_sha256`
			`check_appcast`
			`check_url`
			`check_generic_artifacts`
			`check_token_conflicts`
			`check_download`
Use #count, rewrite warning, and add pre/postflight checks too 2017-10-30 20:47:22 -03:00			`check_single_pre_postflight`
Check that a single uninstall_* and zap stanzas is defined 2017-10-27 16:53:22 -03:00			`check_single_uninstall_zap`
cask audit: check allow_untrusted 2018-03-25 15:30:16 +10:00			`check_untrusted_pkg`
cask audit: check for appcast if the cask uses github releases 2018-03-26 21:25:00 +10:00			`check_github_releases_appcast`
cask audit: check for :latest with appcast 2018-03-27 20:56:01 +10:00			`check_latest_with_appcast`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`self`
			`rescue StandardError => e`
			`odebug "#{e.message}\n#{e.backtrace.join("\n")}"`
			`add_error "exception while auditing #{cask}: #{e.message}"`
			`self`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def success?`
			`!(errors? \|\| warnings?)`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def summary_header`
			`"audit for #{cask}"`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`private`
init 2016-08-18 22:11:42 +03:00
cask audit: check allow_untrusted 2018-03-25 15:30:16 +10:00			`def check_untrusted_pkg`
			`odebug "Auditing pkg stanza: allow_untrusted"`

			`return if @cask.sourcefile_path.nil?`

			`tap = @cask.tap`
			`return if tap.nil? \|\| tap.user != "caskroom"`

			`return unless cask.artifacts.any? { \|k\| k.is_a?(Hbc::Artifact::Pkg) && k.stanza_options.key?(:allow_untrusted) }`
			`add_warning "allow_untrusted is not permitted in official Homebrew-Cask taps"`
			`end`

Use #count, rewrite warning, and add pre/postflight checks too 2017-10-30 20:47:22 -03:00			`def check_single_pre_postflight`
			`odebug "Auditing preflight and postflight stanzas"`

Turn ifs into multiple lines 2017-11-01 22:35:41 -03:00			`if cask.artifacts.count { \|k\| k.is_a?(Hbc::Artifact::PreflightBlock) && k.directives.key?(:preflight) } > 1`
			`add_warning "only a single preflight stanza is allowed"`
			`end`
Use #count, rewrite warning, and add pre/postflight checks too 2017-10-30 20:47:22 -03:00
Fix last remaining style issues 2017-11-02 09:56:51 -03:00			`return unless cask.artifacts.count { \|k\| k.is_a?(Hbc::Artifact::PostflightBlock) && k.directives.key?(:postflight) } > 1`
			`add_warning "only a single postflight stanza is allowed"`
Use #count, rewrite warning, and add pre/postflight checks too 2017-10-30 20:47:22 -03:00			`end`

Check that a single uninstall_* and zap stanzas is defined 2017-10-27 16:53:22 -03:00			`def check_single_uninstall_zap`
			`odebug "Auditing single uninstall_* and zap stanzas"`

Turn ifs into multiple lines 2017-11-01 22:35:41 -03:00			`if cask.artifacts.count { \|k\| k.is_a?(Hbc::Artifact::Uninstall) } > 1`
			`add_warning "only a single uninstall stanza is allowed"`
			`end`
Check that a single uninstall_* and zap stanzas is defined 2017-10-27 16:53:22 -03:00
Turn ifs into multiple lines 2017-11-01 22:35:41 -03:00			`if cask.artifacts.count { \|k\| k.is_a?(Hbc::Artifact::PreflightBlock) && k.directives.key?(:uninstall_preflight) } > 1`
			`add_warning "only a single uninstall_preflight stanza is allowed"`
			`end`
Check that a single uninstall_* and zap stanzas is defined 2017-10-27 16:53:22 -03:00
Turn ifs into multiple lines 2017-11-01 22:35:41 -03:00			`if cask.artifacts.count { \|k\| k.is_a?(Hbc::Artifact::PostflightBlock) && k.directives.key?(:uninstall_postflight) } > 1`
			`add_warning "only a single uninstall_postflight stanza is allowed"`
			`end`
Check that a single uninstall_* and zap stanzas is defined 2017-10-27 16:53:22 -03:00
Fix last remaining style issues 2017-11-02 09:56:51 -03:00			`return unless cask.artifacts.count { \|k\| k.is_a?(Hbc::Artifact::Zap) } > 1`
			`add_warning "only a single zap stanza is allowed"`
Check that a single uninstall_* and zap stanzas is defined 2017-10-27 16:53:22 -03:00			`end`

Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_required_stanzas`
			`odebug "Auditing required stanzas"`
Don’t use `%i` literal. 2016-10-14 20:17:25 +02:00			`[:version, :sha256, :url, :homepage].each do \|sym\|`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`add_error "a #{sym} stanza is required" unless cask.send(sym)`
			`end`
			`add_error "at least one name stanza is required" if cask.name.empty?`
			`# TODO: specific DSL knowledge should not be spread around in various files like this`
			`# TODO: nested_container should not still be a pseudo-artifact at this point`
			`installable_artifacts = cask.artifacts.reject { \|k\| [:uninstall, :zap, :nested_container].include?(k) }`
			`add_error "at least one activatable artifact stanza is required" if installable_artifacts.empty?`
init 2016-08-18 22:11:42 +03:00			`end`

Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00			`def check_version_and_checksum`
			`return if @cask.sourcefile_path.nil?`

cask audit: use @cask.tap 2018-03-27 08:41:09 +10:00			`tap = @cask.tap`
Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00			`return if tap.nil?`

Don’t run checksum check if no commit range is given. 2017-05-10 20:46:39 +02:00			`return if commit_range.nil?`
Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00			`previous_cask_contents = Git.last_revision_of_file(tap.path, @cask.sourcefile_path, before_commit: commit_range)`
			`return if previous_cask_contents.empty?`

Add audit warning if previous Cask version cannot be read. 2017-10-01 02:13:53 +02:00			`begin`
Add helper method for Cask fixture paths and refactor CaskLoader. 2017-10-07 15:58:49 +02:00			`previous_cask = CaskLoader.load(previous_cask_contents)`
Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00
Add audit warning if previous Cask version cannot be read. 2017-10-01 02:13:53 +02:00			`return unless previous_cask.version == cask.version`
			`return if previous_cask.sha256 == cask.sha256`
Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00
Add audit warning if previous Cask version cannot be read. 2017-10-01 02:13:53 +02:00			`add_error "only sha256 changed (see: https://github.com/caskroom/homebrew-cask/blob/master/doc/cask_language_reference/stanzas/sha256.md)"`
			`rescue CaskError => e`
			`add_warning "Skipped version and checksum comparison. Reading previous version failed: #{e}"`
			`end`
Add audit check to see if both version and checksum changed. 2017-05-07 06:41:40 +02:00			`end`

Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_version`
			`return unless cask.version`
			`check_no_string_version_latest`
Disallow file separator in version strings. 2016-12-31 21:44:42 +01:00			`check_no_file_separator_in_version`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_no_string_version_latest`
			`odebug "Verifying version :latest does not appear as a string ('latest')"`
			`return unless cask.version.raw_version == "latest"`
			`add_error "you should use version :latest instead of version 'latest'"`
			`end`
init 2016-08-18 22:11:42 +03:00
Disallow file separator in version strings. 2016-12-31 21:44:42 +01:00			`def check_no_file_separator_in_version`
			`odebug "Verifying version does not contain '#{File::SEPARATOR}'"`
			`return unless cask.version.raw_version.is_a?(String)`
			`return unless cask.version.raw_version.include?(File::SEPARATOR)`
			`add_error "version should not contain '#{File::SEPARATOR}'"`
			`end`

Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_sha256`
			`return unless cask.sha256`
			`check_sha256_no_check_if_latest`
			`check_sha256_actually_256`
			`check_sha256_invalid`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_sha256_no_check_if_latest`
			`odebug "Verifying sha256 :no_check with version :latest"`
			`return unless cask.version.latest? && cask.sha256 != :no_check`
			`add_error "you should use sha256 :no_check when version is :latest"`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_sha256_actually_256(sha256: cask.sha256, stanza: "sha256")`
			`odebug "Verifying #{stanza} string is a legal SHA-256 digest"`
			`return unless sha256.is_a?(String)`
Use slash-delimited regular expressions. 2016-10-14 20:03:34 +02:00			`return if sha256.length == 64 && sha256[/^[0-9a-f]+$/i]`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`add_error "#{stanza} string must be of 64 hexadecimal characters"`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_sha256_invalid(sha256: cask.sha256, stanza: "sha256")`
			`odebug "Verifying #{stanza} is not a known invalid value"`
			`empty_sha256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"`
			`return unless sha256 == empty_sha256`
			`add_error "cannot use the sha256 for an empty string in #{stanza}: #{empty_sha256}"`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_appcast`
			`return unless cask.appcast`
			`odebug "Auditing appcast"`
			`check_appcast_has_checkpoint`
			`return unless cask.appcast.checkpoint`
			`check_sha256_actually_256(sha256: cask.appcast.checkpoint, stanza: "appcast :checkpoint")`
			`check_sha256_invalid(sha256: cask.appcast.checkpoint, stanza: "appcast :checkpoint")`
			`return unless download`
			`check_appcast_http_code`
			`check_appcast_checkpoint_accuracy`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_appcast_has_checkpoint`
			`odebug "Verifying appcast has :checkpoint key"`
			`add_error "a checkpoint sha256 is required for appcast" unless cask.appcast.checkpoint`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_appcast_http_code`
			`odebug "Verifying appcast returns 200 HTTP response code"`
Simplify CurlDownloadStrategy. 2017-08-08 18:10:13 +02:00
			`curl_executable, *args = curl_args(`
			`"--compressed", "--location", "--fail",`
			`"--write-out", "%{http_code}",`
			`"--output", "/dev/null",`
			`cask.appcast,`
			`user_agent: :fake`
			`)`
			`result = @command.run(curl_executable, args: args, print_stderr: false)`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`if result.success?`
			`http_code = result.stdout.chomp`
			`add_warning "unexpected HTTP response code retrieving appcast: #{http_code}" unless http_code == "200"`
			`else`
			`add_warning "error retrieving appcast: #{result.stderr}"`
			`end`
init 2016-08-18 22:11:42 +03:00			`end`

Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_appcast_checkpoint_accuracy`
			`odebug "Verifying appcast checkpoint is accurate"`
Add internal command to calculate appcast checkpoint. 2017-01-22 04:28:33 +01:00			`result = cask.appcast.calculate_checkpoint`

			`actual_checkpoint = result[:checkpoint]`

			`if actual_checkpoint.nil?`
			`add_warning "error retrieving appcast: #{result[:command_result].stderr}"`
			`else`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`expected = cask.appcast.checkpoint`
Use “squiggly” heredocs. 2017-10-15 02:28:32 +02:00			`add_warning <<~EOS unless expected == actual_checkpoint`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`appcast checkpoint mismatch`
			`Expected: #{expected}`
Add internal command to calculate appcast checkpoint. 2017-01-22 04:28:33 +01:00			`Actual: #{actual_checkpoint}`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`EOS`
			`end`
init 2016-08-18 22:11:42 +03:00			`end`

cask audit: check for :latest with appcast 2018-03-27 20:56:01 +10:00			`def check_latest_with_appcast`
			`return unless cask.version.latest?`
			`return unless cask.appcast`

			`add_warning "Casks with an appcast should not use version :latest"`
			`end`

cask audit: check for appcast if the cask uses github releases 2018-03-26 21:25:00 +10:00			`def check_github_releases_appcast`
			`return if cask.appcast`
			`return unless cask.url.to_s =~ %r{github.com/([^/]+)/([^/]+)/releases/download/(\S+)}`

			`add_warning "Cask uses GitHub releases, please add an appcast. See https://github.com/caskroom/homebrew-cask/blob/master/doc/cask_language_reference/stanzas/appcast.md"`
			`end`

Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_url`
			`return unless cask.url`
			`check_download_url_format`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_download_url_format`
			`odebug "Auditing URL format"`
			`if bad_sourceforge_url?`
			`add_warning "SourceForge URL format incorrect. See https://github.com/caskroom/homebrew-cask/blob/master/doc/cask_language_reference/stanzas/url.md#sourceforgeosdn-urls"`
			`elsif bad_osdn_url?`
			`add_warning "OSDN URL format incorrect. See https://github.com/caskroom/homebrew-cask/blob/master/doc/cask_language_reference/stanzas/url.md#sourceforgeosdn-urls"`
			`end`
init 2016-08-18 22:11:42 +03:00			`end`

Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def bad_url_format?(regex, valid_formats_array)`
			`return false unless cask.url.to_s =~ regex`
			`valid_formats_array.none? { \|format\| cask.url.to_s =~ format }`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def bad_sourceforge_url?`
Use slash-delimited regular expressions. 2016-10-14 20:03:34 +02:00			`bad_url_format?(/sourceforge/,`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`[`
			`%r{\Ahttps://sourceforge\.net/projects/[^/]+/files/latest/download\Z},`
			`%r{\Ahttps://downloads\.sourceforge\.net/(?!(project\|sourceforge)\/)},`
			`# special cases: cannot find canonical format URL`
			`%r{\Ahttps?://brushviewer\.sourceforge\.net/brushviewql\.zip\Z},`
			`%r{\Ahttps?://doublecommand\.sourceforge\.net/files/},`
			`%r{\Ahttps?://excalibur\.sourceforge\.net/get\.php\?id=},`
			`])`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def bad_osdn_url?`
Use slash-delimited regular expressions. 2016-10-14 20:03:34 +02:00			`bad_url_format?(/osd/, [%r{\Ahttps?://([^/]+.)?dl\.osdn\.jp/}])`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_generic_artifacts`
Directly save artifacts in DSL. 2017-10-04 17:08:35 +02:00			`cask.artifacts.select { \|a\| a.is_a?(Hbc::Artifact::Artifact) }.each do \|artifact\|`
Treat every `Artifact` instance as a single artifact. 2017-04-06 00:33:31 +02:00			`unless artifact.target.absolute?`
			`add_error "target must be absolute path for #{artifact.class.english_name} #{artifact.source}"`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`end`
init 2016-08-18 22:11:42 +03:00			`end`
			`end`

Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_token_conflicts`
			`return unless check_token_conflicts?`
			`return unless core_formula_names.include?(cask.token)`
			`add_warning "possible duplicate, cask token conflicts with Homebrew core formula: #{core_formula_url}"`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def core_tap`
			`@core_tap \|\|= CoreTap.instance`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def core_formula_names`
			`core_tap.formula_names`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def core_formula_url`
			`"#{core_tap.default_remote}/blob/master/Formula/#{cask.token}.rb"`
			`end`
init 2016-08-18 22:11:42 +03:00
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def check_download`
			`return unless download && cask.url`
			`odebug "Auditing download"`
			`downloaded_path = download.perform`
			`Verify.all(cask, downloaded_path)`
			`rescue => e`
			`add_error "download not possible: #{e.message}"`
			`end`
init 2016-08-18 22:11:42 +03:00			`end`
			`end`