brew/Library/Homebrew/rubocops/checksum.rb

# typed: true # rubocop:todo Sorbet/StrictSigil
# frozen_string_literal: true

require "rubocops/extend/formula_cop"

module RuboCop
  module Cop
    module FormulaAudit
      # This cop makes sure that deprecated checksums are not used.
      class Checksum < FormulaCop
        sig { override.params(formula_nodes: FormulaNodes).void }
        def audit_formula(formula_nodes)
          body_node = formula_nodes.body_node

          problem "MD5 checksums are deprecated, please use SHA-256" if method_called_ever?(body_node, :md5)

          problem "SHA1 checksums are deprecated, please use SHA-256" if method_called_ever?(body_node, :sha1)

          sha256_calls = find_every_method_call_by_name(body_node, :sha256)
          sha256_calls.each do |sha256_call|
            sha256_node = get_checksum_node(sha256_call)
            audit_sha256(sha256_node)
          end
        end

        def audit_sha256(checksum)
          return if checksum.nil?

          if regex_match_group(checksum, /^$/)
            problem "sha256 is empty"
            return
          end

          if string_content(checksum).size != 64 && regex_match_group(checksum, /^\w*$/)
            problem "sha256 should be 64 characters"
          end

          return unless regex_match_group(checksum, /[^a-f0-9]+/i)

          add_offense(@offensive_source_range, message: "sha256 contains invalid characters")
        end
      end

      # This cop makes sure that checksum strings are lowercase.
      class ChecksumCase < FormulaCop
        extend AutoCorrector

        sig { override.params(formula_nodes: FormulaNodes).void }
        def audit_formula(formula_nodes)
          sha256_calls = find_every_method_call_by_name(formula_nodes.body_node, :sha256)
          sha256_calls.each do |sha256_call|
            checksum = get_checksum_node(sha256_call)
            next if checksum.nil?
            next unless regex_match_group(checksum, /[A-F]+/)

            add_offense(@offensive_source_range, message: "sha256 should be lowercase") do |corrector|
              correction = @offensive_node.source.downcase
              corrector.insert_before(@offensive_node.source_range, correction)
              corrector.remove(@offensive_node.source_range)
            end
          end
        end
      end
    end
  end
end
rubocop: Use `Sorbet/StrictSigil` as it's better than comments - Previously I thought that comments were fine to discourage people from wasting their time trying to bump things that used `undef` that Sorbet didn't support. But RuboCop is better at this since it'll complain if the comments are unnecessary. - Suggested in https://github.com/Homebrew/brew/pull/18018#issuecomment-2283369501. - I've gone for a mixture of `rubocop:disable` for the files that can't be `typed: strict` (use of undef, required before everything else, etc) and `rubocop:todo` for everything else that should be tried to make strictly typed. There's no functional difference between the two as `rubocop:todo` is `rubocop:disable` with a different name. - And I entirely disabled the cop for the docs/ directory since `typed: strict` isn't going to gain us anything for some Markdown linting config files. - This means that now it's easier to track what needs to be done rather than relying on checklists of files in our big Sorbet issue: ```shell $ git grep 'typed: true # rubocop:todo Sorbet/StrictSigil' \| wc -l 268 ``` - And this is confirmed working for new files: ```shell $ git status On branch use-rubocop-for-sorbet-strict-sigils Untracked files: (use "git add <file>..." to include in what will be committed) Library/Homebrew/bad.rb Library/Homebrew/good.rb nothing added to commit but untracked files present (use "git add" to track) $ brew style Offenses: bad.rb:1:1: C: Sorbet/StrictSigil: Sorbet sigil should be at least strict got true. ^^^^^^^^^^^^^ 1340 files inspected, 1 offense detected ``` 2024-08-12 10:30:59 +01:00			`# typed: true # rubocop:todo Sorbet/StrictSigil`
Add frozen_string_literal to all files. 2019-04-19 15:38:03 +09:00			`# frozen_string_literal: true`

Refactor FormulaCop as a mixin 2023-02-20 10:22:39 -08:00			`require "rubocops/extend/formula_cop"`
audit: Port audit_checksum method to rubocop and add tests 2017-06-01 00:57:24 +05:30
			`module RuboCop`
			`module Cop`
			`module FormulaAudit`
Document `FormulaAudit::Checksum`. 2020-08-26 02:22:23 +02:00			`# This cop makes sure that deprecated checksums are not used.`
Use exclude_from_registry instead 2023-02-20 18:10:59 -08:00			`class Checksum < FormulaCop`
Use struct for `#audit_formula` args Adding type signatures to `#audit_formula` methods in formula cops would lead to verbose, repetitive signatures across the existing ~63 instances. This reworks `#audit_formula` to use a `T::Struct` for its arguments, which allows us to use a one-line signature for these methods. 2024-07-07 15:18:29 -04:00			`sig { override.params(formula_nodes: FormulaNodes).void }`
			`def audit_formula(formula_nodes)`
			`body_node = formula_nodes.body_node`
Update to RuboCop 0.59.1. 2018-09-17 02:45:00 +02:00
grammar fixes 2019-04-08 12:47:15 -04:00			`problem "MD5 checksums are deprecated, please use SHA-256" if method_called_ever?(body_node, :md5)`
audit: Port audit_checksum method to rubocop and add tests 2017-06-01 00:57:24 +05:30
grammar fixes 2019-04-08 12:47:15 -04:00			`problem "SHA1 checksums are deprecated, please use SHA-256" if method_called_ever?(body_node, :sha1)`
Simplify Checksum cop by auditing all checksums 2017-06-14 15:37:37 +05:30
			`sha256_calls = find_every_method_call_by_name(body_node, :sha256)`
			`sha256_calls.each do \|sha256_call\|`
			`sha256_node = get_checksum_node(sha256_call)`
			`audit_sha256(sha256_node)`
audit: Port audit_checksum method to rubocop and add tests 2017-06-01 00:57:24 +05:30			`end`
Simplify Checksum cop by auditing all checksums 2017-06-14 15:37:37 +05:30			`end`
audit: Port audit_checksum method to rubocop and add tests 2017-06-01 00:57:24 +05:30
Simplify Checksum cop by auditing all checksums 2017-06-14 15:37:37 +05:30			`def audit_sha256(checksum)`
			`return if checksum.nil?`
Update to RuboCop 0.59.1. 2018-09-17 02:45:00 +02:00
Simplify Checksum cop by auditing all checksums 2017-06-14 15:37:37 +05:30			`if regex_match_group(checksum, /^$/)`
			`problem "sha256 is empty"`
audit: Port audit_checksum method to rubocop and add tests 2017-06-01 00:57:24 +05:30			`return`
			`end`

style: re-enable sha256 checks for bottle blocks Follow up PR to #10450 2021-01-28 19:32:23 +01:00			`if string_content(checksum).size != 64 && regex_match_group(checksum, /^\w*$/)`
Simplify Checksum cop by auditing all checksums 2017-06-14 15:37:37 +05:30			`problem "sha256 should be 64 characters"`
audit: Port audit_checksum method to rubocop and add tests 2017-06-01 00:57:24 +05:30			`end`

Refactor Checksum cop to add autocorrect method 2017-06-16 19:44:14 +05:30			`return unless regex_match_group(checksum, /[^a-f0-9]+/i)`
Update to RuboCop 0.59.1. 2018-09-17 02:45:00 +02:00
rubocops/checksum: use rubocop v1 API 2021-01-12 11:05:37 +11:00			`add_offense(@offensive_source_range, message: "sha256 contains invalid characters")`
Refactor Checksum cop to add autocorrect method 2017-06-16 19:44:14 +05:30			`end`
			`end`

apidoc: update comment wording, punctuation, formatting 2020-11-05 17:17:03 -05:00			`# This cop makes sure that checksum strings are lowercase.`
Use exclude_from_registry instead 2023-02-20 18:10:59 -08:00			`class ChecksumCase < FormulaCop`
rubocops/checksum: use rubocop v1 API 2021-01-12 11:05:37 +11:00			`extend AutoCorrector`

Use struct for `#audit_formula` args Adding type signatures to `#audit_formula` methods in formula cops would lead to verbose, repetitive signatures across the existing ~63 instances. This reworks `#audit_formula` to use a `T::Struct` for its arguments, which allows us to use a one-line signature for these methods. 2024-07-07 15:18:29 -04:00			`sig { override.params(formula_nodes: FormulaNodes).void }`
			`def audit_formula(formula_nodes)`
			`sha256_calls = find_every_method_call_by_name(formula_nodes.body_node, :sha256)`
Refactor Checksum cop to add autocorrect method 2017-06-16 19:44:14 +05:30			`sha256_calls.each do \|sha256_call\|`
			`checksum = get_checksum_node(sha256_call)`
			`next if checksum.nil?`
			`next unless regex_match_group(checksum, /[A-F]+/)`
Update to RuboCop 0.59.1. 2018-09-17 02:45:00 +02:00
rubocops/checksum: use rubocop v1 API 2021-01-12 11:05:37 +11:00			`add_offense(@offensive_source_range, message: "sha256 should be lowercase") do \|corrector\|`
			`correction = @offensive_node.source.downcase`
			`corrector.insert_before(@offensive_node.source_range, correction)`
			`corrector.remove(@offensive_node.source_range)`
			`end`
Refactor Checksum cop to add autocorrect method 2017-06-16 19:44:14 +05:30			`end`
audit: Port audit_checksum method to rubocop and add tests 2017-06-01 00:57:24 +05:30			`end`
			`end`
			`end`
			`end`
			`end`