diff --git a/Library/Homebrew/cask/audit.rb b/Library/Homebrew/cask/audit.rb index 504c73e3be..70821958b5 100644 --- a/Library/Homebrew/cask/audit.rb +++ b/Library/Homebrew/cask/audit.rb @@ -733,20 +733,24 @@ module Cask def check_https_availability return unless download - check_url_for_https_availability(cask.url, user_agents: [cask.url.user_agent]) if cask.url && !cask.url.using + if cask.url && !cask.url.using + check_url_for_https_availability(cask.url, "binary URL", + user_agents: [cask.url.user_agent]) + end - check_url_for_https_availability(cask.appcast, check_content: true) if cask.appcast && appcast? + check_url_for_https_availability(cask.appcast, "appcast URL", check_content: true) if cask.appcast && appcast? return unless cask.homepage check_url_for_https_availability(cask.homepage, + "homepage URL", user_agents: [:browser, :default], check_content: true, strict: strict?) end - def check_url_for_https_availability(url_to_check, **options) - problem = curl_check_http_content(url_to_check.to_s, **options) + def check_url_for_https_availability(url_to_check, url_type, **options) + problem = curl_check_http_content(url_to_check.to_s, url_type, **options) add_error problem if problem end end diff --git a/Library/Homebrew/formula_auditor.rb b/Library/Homebrew/formula_auditor.rb index f04c164ac2..e4ff85db0b 100644 --- a/Library/Homebrew/formula_auditor.rb +++ b/Library/Homebrew/formula_auditor.rb @@ -380,6 +380,7 @@ module Homebrew return unless DevelopmentTools.curl_handles_most_https_certificates? if (http_content_problem = curl_check_http_content(homepage, + "homepage URL", user_agents: [:browser, :default], check_content: true, strict: @strict)) diff --git a/Library/Homebrew/resource_auditor.rb b/Library/Homebrew/resource_auditor.rb index 569d6a988a..f18652715f 100644 --- a/Library/Homebrew/resource_auditor.rb +++ b/Library/Homebrew/resource_auditor.rb @@ -101,7 +101,7 @@ module Homebrew strategy = DownloadStrategyDetector.detect(url, using) if strategy <= CurlDownloadStrategy && !url.start_with?("file") - if (http_content_problem = curl_check_http_content(url, specs: specs)) + if (http_content_problem = curl_check_http_content(url, "source URL", specs: specs)) problem http_content_problem end elsif strategy <= GitDownloadStrategy diff --git a/Library/Homebrew/utils/curl.rb b/Library/Homebrew/utils/curl.rb index 0a25609653..eafc5ae81f 100644 --- a/Library/Homebrew/utils/curl.rb +++ b/Library/Homebrew/utils/curl.rb @@ -168,7 +168,8 @@ module Utils details[:headers].match?(/^Set-Cookie: incap_ses_/i) end - def curl_check_http_content(url, specs: {}, user_agents: [:default], check_content: false, strict: false) + def curl_check_http_content(url, url_type, specs: {}, user_agents: [:default], + check_content: false, strict: false) return unless url.start_with? "http" secure_url = url.sub(/\Ahttp:/, "https:") @@ -202,18 +203,18 @@ module Utils # Hack around https://github.com/Homebrew/brew/issues/3199 return if MacOS.version == :el_capitan - return "The URL #{url} is not reachable" + return "The #{url_type} #{url} is not reachable" end unless http_status_ok?(details[:status]) return if url_protected_by_cloudflare?(details) || url_protected_by_incapsula?(details) - return "The URL #{url} is not reachable (HTTP status code #{details[:status]})" + return "The #{url_type} #{url} is not reachable (HTTP status code #{details[:status]})" end if url.start_with?("https://") && Homebrew::EnvConfig.no_insecure_redirect? && !details[:final_url].start_with?("https://") - return "The URL #{url} redirects back to HTTP" + return "The #{url_type} #{url} redirects back to HTTP" end return unless secure_details @@ -230,7 +231,7 @@ module Utils if (etag_match || content_length_match || file_match) && secure_details[:final_url].start_with?("https://") && url.start_with?("http://") - return "The URL #{url} should use HTTPS rather than HTTP" + return "The #{url_type} #{url} should use HTTPS rather than HTTP" end return unless check_content @@ -242,7 +243,7 @@ module Utils # Check for the same content after removing all protocols if (http_content && https_content) && (http_content == https_content) && url.start_with?("http://") && secure_details[:final_url].start_with?("https://") - return "The URL #{url} should use HTTPS rather than HTTP" + return "The #{url_type} #{url} should use HTTPS rather than HTTP" end return unless strict @@ -250,13 +251,13 @@ module Utils # Same size, different content after normalization # (typical causes: Generated ID, Timestamp, Unix time) if http_content.length == https_content.length - return "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser." + return "The #{url_type} #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser." end lenratio = (100 * https_content.length / http_content.length).to_i return unless (90..110).cover?(lenratio) - "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser." + "The #{url_type} #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser." end def curl_http_content_headers_and_checksum(url, specs: {}, hash_needed: false, user_agent: :default)