From 7eec6a3a255d7d7ca0c29814345ee9358f6fd300 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Thu, 8 Dec 2016 21:41:24 +0000 Subject: [PATCH 01/16] Updated resource auditing to detect invalid mirrors when using --online --- Library/Homebrew/dev-cmd/audit.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 5ed363f7c4..3a4429c86f 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1490,6 +1490,11 @@ class ResourceAuditor return unless @online urls.each do |url| + begin + nostdout { curl "--connect-timeout", "15", "-o", "/dev/null", "-r", "0-0", url } + rescue ErrorDuringExecution + problem "The mirror #{u} is not reachable (curl exit code #{$?.exitstatus})" + end check_insecure_mirror(url) if url.start_with? "http:" end end From ea440ca3284138ebe3be26d5763f8c6af93749b1 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Sat, 10 Dec 2016 11:10:29 +0000 Subject: [PATCH 02/16] Markups to online mirror auditing --- Library/Homebrew/dev-cmd/audit.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 3a4429c86f..db7973eb3c 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1491,9 +1491,9 @@ class ResourceAuditor return unless @online urls.each do |url| begin - nostdout { curl "--connect-timeout", "15", "-o", "/dev/null", "-r", "0-0", url } + nostdout { curl "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", url } rescue ErrorDuringExecution - problem "The mirror #{u} is not reachable (curl exit code #{$?.exitstatus})" + problem "The mirror #{url} is not reachable (curl exit code #{$?.exitstatus})" end check_insecure_mirror(url) if url.start_with? "http:" end From ed9f775b778bad961a9e2fb178fce3a7af201e75 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Sat, 10 Dec 2016 14:20:47 +0000 Subject: [PATCH 03/16] Added support for returning HTTP status codes and for git and svn URLs --- Library/Homebrew/dev-cmd/audit.rb | 18 ++++++++++++++---- Library/Homebrew/utils.rb | 1 + Library/Homebrew/utils/git.rb | 5 +++++ Library/Homebrew/utils/svn.rb | 11 +++++++++++ 4 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 Library/Homebrew/utils/svn.rb diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index db7973eb3c..839d1c429b 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1490,10 +1490,20 @@ class ResourceAuditor return unless @online urls.each do |url| - begin - nostdout { curl "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", url } - rescue ErrorDuringExecution - problem "The mirror #{url} is not reachable (curl exit code #{$?.exitstatus})" + if url.start_with? "http", "ftp" + status_code, _, _ = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \ + "--write-out", "%{http_code}", url + unless status_code.start_with? "20" + problem "The mirror #{url} is not reachable (HTTP status code #{status_code})" + end + elsif url.start_with? "git" + unless Utils.git_remote_exists url + problem "The mirror #{url} is not a valid git URL" + end + elsif url.start_with? "svn" + unless Utils.svn_remote_exists url + problem "The mirror #{url} is not a valid svn URL" + end end check_insecure_mirror(url) if url.start_with? "http:" end diff --git a/Library/Homebrew/utils.rb b/Library/Homebrew/utils.rb index 70d2787d97..b129c73287 100644 --- a/Library/Homebrew/utils.rb +++ b/Library/Homebrew/utils.rb @@ -10,6 +10,7 @@ require "utils/github" require "utils/hash" require "utils/inreplace" require "utils/popen" +require "utils/svn" require "utils/tty" require "time" diff --git a/Library/Homebrew/utils/git.rb b/Library/Homebrew/utils/git.rb index dfe47f890f..1b4d248946 100644 --- a/Library/Homebrew/utils/git.rb +++ b/Library/Homebrew/utils/git.rb @@ -40,4 +40,9 @@ module Utils @git_path = nil @git_version = nil end + + def self.git_remote_exists(url) + return true unless git_available? + quiet_system "git", "ls-remote", url + end end diff --git a/Library/Homebrew/utils/svn.rb b/Library/Homebrew/utils/svn.rb new file mode 100644 index 0000000000..fb49ac2e99 --- /dev/null +++ b/Library/Homebrew/utils/svn.rb @@ -0,0 +1,11 @@ +module Utils + def self.svn_available? + return @svn if instance_variable_defined?(:@svn) + @svn = quiet_system HOMEBREW_SHIMS_PATH/"scm/svn", "--version" + end + + def self.svn_remote_exists(url) + return true unless svn_available? + quiet_system "svn", "ls", url, "--depth", "empty" + end +end From 3e7dfe4aaba2aa41d01f6fd06a9dd40298d118d3 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Sun, 11 Dec 2016 21:36:58 +0000 Subject: [PATCH 04/16] Updated mirror audit problem message --- Library/Homebrew/dev-cmd/audit.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 839d1c429b..460302fb72 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1494,15 +1494,15 @@ class ResourceAuditor status_code, _, _ = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \ "--write-out", "%{http_code}", url unless status_code.start_with? "20" - problem "The mirror #{url} is not reachable (HTTP status code #{status_code})" + problem "The URL #{url} is not reachable (HTTP status code #{status_code})" end elsif url.start_with? "git" unless Utils.git_remote_exists url - problem "The mirror #{url} is not a valid git URL" + problem "The URL #{url} is not a valid git URL" end elsif url.start_with? "svn" unless Utils.svn_remote_exists url - problem "The mirror #{url} is not a valid svn URL" + problem "The URL #{url} is not a valid svn URL" end end check_insecure_mirror(url) if url.start_with? "http:" From d3ac333197de4d2fcb560bf95e5cd4df81871bbd Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Mon, 12 Dec 2016 21:18:22 +0000 Subject: [PATCH 05/16] Rubocop styling fixes --- Library/Homebrew/dev-cmd/audit.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 460302fb72..b323297e4d 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1491,8 +1491,8 @@ class ResourceAuditor return unless @online urls.each do |url| if url.start_with? "http", "ftp" - status_code, _, _ = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \ - "--write-out", "%{http_code}", url + status_code, = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \ + "--write-out", "%{http_code}", url unless status_code.start_with? "20" problem "The URL #{url} is not reachable (HTTP status code #{status_code})" end From a731f4e17cc45bed5ed0f1121326551c558ce583 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Tue, 10 Jan 2017 20:13:14 +0000 Subject: [PATCH 06/16] Updated HTTP mirror check to use new url_status_code method --- Library/Homebrew/dev-cmd/audit.rb | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index b323297e4d..f187f17f52 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -174,7 +174,7 @@ class FormulaAuditor @specs = %w[stable devel head].map { |s| formula.send(s) }.compact end - def url_status_code(url, range: false) + def self.url_status_code(url, range: false) # The system Curl is too old and unreliable with HTTPS homepages on # Yosemite and below. return "200" unless DevelopmentTools.curl_handles_most_https_homepages? @@ -195,7 +195,7 @@ class FormulaAuditor user_agent: user_agent, ) status_code = Open3.popen3(*args) { |_, stdout, _, _| stdout.read } - break if status_code.start_with? "20" + break if status_code.start_with? "2" end status_code end @@ -619,7 +619,7 @@ class FormulaAuditor return unless @online - status_code = url_status_code(homepage) + status_code = FormulaAuditor.url_status_code(homepage, user_agent: :browser) return if status_code.start_with? "20" problem "The homepage #{homepage} is not reachable (HTTP status code #{status_code})" end @@ -1491,9 +1491,8 @@ class ResourceAuditor return unless @online urls.each do |url| if url.start_with? "http", "ftp" - status_code, = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \ - "--write-out", "%{http_code}", url - unless status_code.start_with? "20" + status_code = FormulaAuditor.url_status_code url + unless status_code.start_with? "2" problem "The URL #{url} is not reachable (HTTP status code #{status_code})" end elsif url.start_with? "git" From 81b3368c9cba0f9db93af5732d8f10e75d00cdf9 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Tue, 24 Jan 2017 20:35:07 +0000 Subject: [PATCH 07/16] Added better check for HTTP git URLs --- Library/Homebrew/dev-cmd/audit.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index f187f17f52..c685dacae4 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1490,15 +1490,15 @@ class ResourceAuditor return unless @online urls.each do |url| - if url.start_with? "http", "ftp" + if url.start_with?("git") || url.end_with?(".git") + unless Utils.git_remote_exists url + problem "The URL #{url} is not a valid git URL" + end + elsif url.start_with? "http", "ftp" status_code = FormulaAuditor.url_status_code url unless status_code.start_with? "2" problem "The URL #{url} is not reachable (HTTP status code #{status_code})" end - elsif url.start_with? "git" - unless Utils.git_remote_exists url - problem "The URL #{url} is not a valid git URL" - end elsif url.start_with? "svn" unless Utils.svn_remote_exists url problem "The URL #{url} is not a valid svn URL" From a699d284d038907f884bb48f928f2e75ebadfc11 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Tue, 24 Jan 2017 23:11:50 +0000 Subject: [PATCH 08/16] Use DownloadStrategyDetector to classify mirror URLs --- Library/Homebrew/dev-cmd/audit.rb | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index c685dacae4..a7c9de576b 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1490,16 +1490,18 @@ class ResourceAuditor return unless @online urls.each do |url| - if url.start_with?("git") || url.end_with?(".git") - unless Utils.git_remote_exists url - problem "The URL #{url} is not a valid git URL" - end - elsif url.start_with? "http", "ftp" + strategy = DownloadStrategyDetector.detect(url) + if strategy <= CurlDownloadStrategy + problem url status_code = FormulaAuditor.url_status_code url unless status_code.start_with? "2" problem "The URL #{url} is not reachable (HTTP status code #{status_code})" end - elsif url.start_with? "svn" + elsif strategy <= GitDownloadStrategy + unless Utils.git_remote_exists url + problem "The URL #{url} is not a valid git URL" + end + elsif strategy <= SubversionDownloadStrategy unless Utils.svn_remote_exists url problem "The URL #{url} is not a valid svn URL" end From 12501b4046339b6becd42e37730873babeaa9dc2 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Mon, 30 Jan 2017 18:30:57 +0000 Subject: [PATCH 09/16] Prevent mirror curl for file:/// URL --- Library/Homebrew/dev-cmd/audit.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index a7c9de576b..180783f794 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1491,7 +1491,7 @@ class ResourceAuditor return unless @online urls.each do |url| strategy = DownloadStrategyDetector.detect(url) - if strategy <= CurlDownloadStrategy + if strategy <= CurlDownloadStrategy && !url.start_with?("file") problem url status_code = FormulaAuditor.url_status_code url unless status_code.start_with? "2" From 55bc2a30195db915a60c862bf1c3d4ba6cd3cd4a Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Mon, 20 Feb 2017 19:00:27 +0000 Subject: [PATCH 10/16] Merged 404 and security mirror auditing logic --- Library/Homebrew/dev-cmd/audit.rb | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 180783f794..6e454f4d2a 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -174,7 +174,7 @@ class FormulaAuditor @specs = %w[stable devel head].map { |s| formula.send(s) }.compact end - def self.url_status_code(url, range: false) + def url_status_code(url, range: false) # The system Curl is too old and unreliable with HTTPS homepages on # Yosemite and below. return "200" unless DevelopmentTools.curl_handles_most_https_homepages? @@ -619,8 +619,8 @@ class FormulaAuditor return unless @online - status_code = FormulaAuditor.url_status_code(homepage, user_agent: :browser) - return if status_code.start_with? "20" + status_code = url_status_code(homepage) + return if status_code.start_with? "2" problem "The homepage #{homepage} is not reachable (HTTP status code #{status_code})" end @@ -1492,11 +1492,7 @@ class ResourceAuditor urls.each do |url| strategy = DownloadStrategyDetector.detect(url) if strategy <= CurlDownloadStrategy && !url.start_with?("file") - problem url - status_code = FormulaAuditor.url_status_code url - unless status_code.start_with? "2" - problem "The URL #{url} is not reachable (HTTP status code #{status_code})" - end + check_http_mirror url elsif strategy <= GitDownloadStrategy unless Utils.git_remote_exists url problem "The URL #{url} is not a valid git URL" @@ -1506,12 +1502,20 @@ class ResourceAuditor problem "The URL #{url} is not a valid svn URL" end end - check_insecure_mirror(url) if url.start_with? "http:" end end - def check_insecure_mirror(url) + def check_http_mirror(url) details = get_content_details(url) + + if details[:status].nil? + problem "The URL #{url} is not reachable" + elsif !details[:status].start_with? "2" + problem "The URL #{url} is not reachable (HTTP status code #{details[:status]})" + end + + return unless url.start_with? "http:" + secure_url = url.sub "http", "https" secure_details = get_content_details(secure_url) From 125a6eee2165039d3b7329543d2e33e321c267d2 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Mon, 20 Feb 2017 22:48:03 +0000 Subject: [PATCH 11/16] audit: fix `brew style`. --- Library/Homebrew/dev-cmd/audit.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 6e454f4d2a..b63d399058 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1506,7 +1506,7 @@ class ResourceAuditor end def check_http_mirror(url) - details = get_content_details(url) + details = get_content_details(url) if details[:status].nil? problem "The URL #{url} is not reachable" From 5390897883f11fe2257e57bd5547cb1bbb144fb0 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Thu, 23 Feb 2017 09:09:33 +0000 Subject: [PATCH 12/16] audit: refactor http content checks. --- Library/Homebrew/dev-cmd/audit.rb | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index b63d399058..aa9dd775a7 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1492,7 +1492,7 @@ class ResourceAuditor urls.each do |url| strategy = DownloadStrategyDetector.detect(url) if strategy <= CurlDownloadStrategy && !url.start_with?("file") - check_http_mirror url + check_http_content url elsif strategy <= GitDownloadStrategy unless Utils.git_remote_exists url problem "The URL #{url} is not a valid git URL" @@ -1505,7 +1505,7 @@ class ResourceAuditor end end - def check_http_mirror(url) + def check_http_content(url) details = get_content_details(url) if details[:status].nil? @@ -1519,10 +1519,16 @@ class ResourceAuditor secure_url = url.sub "http", "https" secure_details = get_content_details(secure_url) - return if !details[:status].start_with?("2") || !secure_details[:status].start_with?("2") + if !details[:status].to_s.start_with?("2") || + !secure_details[:status].to_s.start_with?("2") + return + end - etag_match = details[:etag] && details[:etag] == secure_details[:etag] - content_length_match = details[:content_length] && details[:content_length] == secure_details[:content_length] + etag_match = details[:etag] && + details[:etag] == secure_details[:etag] + content_length_match = + details[:content_length] && + details[:content_length] == secure_details[:content_length] file_match = details[:file_hash] == secure_details[:file_hash] return if !etag_match && !content_length_match && !file_match From 5e9057500419d1a2b41efe784e9f12ae232e7f6e Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Thu, 23 Feb 2017 09:09:58 +0000 Subject: [PATCH 13/16] audit: handle redirects in get_content_details. --- Library/Homebrew/dev-cmd/audit.rb | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index aa9dd775a7..493f1eb09c 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1542,12 +1542,16 @@ class ResourceAuditor def get_content_details(url) out = {} output, = curl_output "--connect-timeout", "15", "--include", url - split = output.partition("\r\n\r\n") - headers = split.first - out[:status] = headers[%r{HTTP\/.* (\d+)}, 1] + status_code = :unknown + while status_code == :unknown || status_code.to_s.start_with?("3") + headers, _, output = output.partition("\r\n\r\n") + status_code = headers[%r{HTTP\/.* (\d+)}, 1] + end + + out[:status] = status_code out[:etag] = headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2] out[:content_length] = headers[/Content-Length: (\d+)/, 1] - out[:file_hash] = Digest::SHA256.digest split.last + out[:file_hash] = Digest::SHA256.digest output out end end From 9fa014710d22e30c0be05bddc78e073373def5bd Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Thu, 23 Feb 2017 10:15:06 +0000 Subject: [PATCH 14/16] audit: further refactor http content checks. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Check homepages and don’t check mirrors unless `—strict`. --- Library/Homebrew/dev-cmd/audit.rb | 144 ++++++++++++++---------------- 1 file changed, 69 insertions(+), 75 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 493f1eb09c..65b109f3b0 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -174,30 +174,62 @@ class FormulaAuditor @specs = %w[stable devel head].map { |s| formula.send(s) }.compact end - def url_status_code(url, range: false) - # The system Curl is too old and unreliable with HTTPS homepages on - # Yosemite and below. - return "200" unless DevelopmentTools.curl_handles_most_https_homepages? - - extra_args = [ - "--connect-timeout", "15", - "--output", "/dev/null", - "--write-out", "%{http_code}" - ] - extra_args << "--range" << "0-0" if range - extra_args << url - - status_code = nil - [:browser, :default].each do |user_agent| - args = curl_args( - extra_args: extra_args, - show_output: true, - user_agent: user_agent, - ) - status_code = Open3.popen3(*args) { |_, stdout, _, _| stdout.read } - break if status_code.start_with? "2" + def self.check_http_content(url, user_agents: [:default]) + details = nil + user_agent = nil + user_agents.each do |ua| + details = http_content_headers_and_checksum(url, user_agent: ua) + user_agent = ua + break if details[:status].to_s.start_with?("2") end - status_code + + return "The URL #{url} is not reachable" unless details[:status] + unless details[:status].start_with? "2" + return "The URL #{url} is not reachable (HTTP status code #{details[:status]})" + end + + return unless url.start_with? "http:" + + secure_url = url.sub "http", "https" + secure_details = + http_content_headers_and_checksum(secure_url, user_agent: user_agent) + + if !details[:status].to_s.start_with?("2") || + !secure_details[:status].to_s.start_with?("2") + return + end + + etag_match = details[:etag] && + details[:etag] == secure_details[:etag] + content_length_match = + details[:content_length] && + details[:content_length] == secure_details[:content_length] + file_match = details[:file_hash] == secure_details[:file_hash] + + return if !etag_match && !content_length_match && !file_match + "The URL #{url} could use HTTPS rather than HTTP" + end + + def self.http_content_headers_and_checksum(url, user_agent: :default) + args = curl_args( + extra_args: ["--connect-timeout", "15", "--include", url], + show_output: true, + user_agent: user_agent, + ) + output = Open3.popen3(*args) { |_, stdout, _, _| stdout.read } + + status_code = :unknown + while status_code == :unknown || status_code.to_s.start_with?("3") + headers, _, output = output.partition("\r\n\r\n") + status_code = headers[%r{HTTP\/.* (\d+)}, 1] + end + + { + status: status_code, + etag: headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2], + content_length: headers[/Content-Length: (\d+)/, 1], + file_hash: Digest::SHA256.digest(output), + } end def audit_style @@ -619,9 +651,13 @@ class FormulaAuditor return unless @online - status_code = url_status_code(homepage) - return if status_code.start_with? "2" - problem "The homepage #{homepage} is not reachable (HTTP status code #{status_code})" + # The system Curl is too old and unreliable with HTTPS homepages on + # Yosemite and below. + return unless DevelopmentTools.curl_handles_most_https_homepages? + if http_content_problem = FormulaAuditor.check_http_content(homepage, + user_agents: [:browser, :default]) + problem http_content_problem + end end def audit_bottle_spec @@ -671,11 +707,11 @@ class FormulaAuditor %w[Stable Devel HEAD].each do |name| next unless spec = formula.send(name.downcase) - ra = ResourceAuditor.new(spec, online: @online).audit + ra = ResourceAuditor.new(spec, online: @online, strict: @strict).audit problems.concat ra.problems.map { |problem| "#{name}: #{problem}" } spec.resources.each_value do |resource| - ra = ResourceAuditor.new(resource, online: @online).audit + ra = ResourceAuditor.new(resource, online: @online, strict: @strict).audit problems.concat ra.problems.map { |problem| "#{name} resource #{resource.name.inspect}: #{problem}" } @@ -1231,6 +1267,7 @@ class ResourceAuditor @using = resource.using @specs = resource.specs @online = options[:online] + @strict = options[:strict] @problems = [] end @@ -1492,7 +1529,10 @@ class ResourceAuditor urls.each do |url| strategy = DownloadStrategyDetector.detect(url) if strategy <= CurlDownloadStrategy && !url.start_with?("file") - check_http_content url + next if !@strict && mirrors.include?(url) + if http_content_problem = FormulaAuditor.check_http_content(url) + problem http_content_problem + end elsif strategy <= GitDownloadStrategy unless Utils.git_remote_exists url problem "The URL #{url} is not a valid git URL" @@ -1505,53 +1545,7 @@ class ResourceAuditor end end - def check_http_content(url) - details = get_content_details(url) - - if details[:status].nil? - problem "The URL #{url} is not reachable" - elsif !details[:status].start_with? "2" - problem "The URL #{url} is not reachable (HTTP status code #{details[:status]})" - end - - return unless url.start_with? "http:" - - secure_url = url.sub "http", "https" - secure_details = get_content_details(secure_url) - - if !details[:status].to_s.start_with?("2") || - !secure_details[:status].to_s.start_with?("2") - return - end - - etag_match = details[:etag] && - details[:etag] == secure_details[:etag] - content_length_match = - details[:content_length] && - details[:content_length] == secure_details[:content_length] - file_match = details[:file_hash] == secure_details[:file_hash] - - return if !etag_match && !content_length_match && !file_match - problem "The URL #{url} could use HTTPS rather than HTTP" - end - def problem(text) @problems << text end - - def get_content_details(url) - out = {} - output, = curl_output "--connect-timeout", "15", "--include", url - status_code = :unknown - while status_code == :unknown || status_code.to_s.start_with?("3") - headers, _, output = output.partition("\r\n\r\n") - status_code = headers[%r{HTTP\/.* (\d+)}, 1] - end - - out[:status] = status_code - out[:etag] = headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2] - out[:content_length] = headers[/Content-Length: (\d+)/, 1] - out[:file_hash] = Digest::SHA256.digest output - out - end end From b984be675ddd07ccbf7151355a22096de47c5c50 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Fri, 24 Feb 2017 08:45:39 +0000 Subject: [PATCH 15/16] audit: use using for HTTPS detection. --- Library/Homebrew/dev-cmd/audit.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 65b109f3b0..cf5bdcdc48 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1527,9 +1527,10 @@ class ResourceAuditor return unless @online urls.each do |url| - strategy = DownloadStrategyDetector.detect(url) + next if !@strict && mirrors.include?(url) + + strategy = DownloadStrategyDetector.detect(url, using) if strategy <= CurlDownloadStrategy && !url.start_with?("file") - next if !@strict && mirrors.include?(url) if http_content_problem = FormulaAuditor.check_http_content(url) problem http_content_problem end From 1284f29561d944e069d201db9043489417b85ff4 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Fri, 24 Feb 2017 08:51:15 +0000 Subject: [PATCH 16/16] audit: don't try to HTTP check non-HTTP content. --- Library/Homebrew/dev-cmd/audit.rb | 2 ++ Library/Homebrew/test/audit_test.rb | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index cf5bdcdc48..e49f65dd25 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -175,6 +175,8 @@ class FormulaAuditor end def self.check_http_content(url, user_agents: [:default]) + return unless url.start_with? "http" + details = nil user_agent = nil user_agents.each do |ua| diff --git a/Library/Homebrew/test/audit_test.rb b/Library/Homebrew/test/audit_test.rb index 9165edef1e..1d93c31e00 100644 --- a/Library/Homebrew/test/audit_test.rb +++ b/Library/Homebrew/test/audit_test.rb @@ -419,9 +419,8 @@ class FormulaAuditorTests < Homebrew::TestCase EOS fa.audit_homepage - assert_equal ["The homepage should start with http or https " \ - "(URL is #{fa.formula.homepage}).", "The homepage #{fa.formula.homepage} is not reachable " \ - "(HTTP status code 000)"], fa.problems + assert_equal ["The homepage should start with http or https (URL is #{fa.formula.homepage})."], + fa.problems formula_homepages = { "bar" => "http://www.freedesktop.org/wiki/bar",