| 
									
										
										
										
											2020-10-10 14:16:11 +02:00
										 |  |  | # typed: true | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  | # frozen_string_literal: true | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | require "utils/curl" | 
					
						
							| 
									
										
										
										
											2023-09-04 22:17:57 -04:00
										 |  |  | require "utils/github/api" | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-08-26 09:42:39 +02:00
										 |  |  | # Auditing functions for rules common to both casks and formulae. | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # @api private | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  | module SharedAudits | 
					
						
							| 
									
										
										
										
											2022-09-18 23:29:15 -05:00
										 |  |  |   URL_TYPE_HOMEPAGE = "homepage URL" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |   module_function | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-20 21:52:35 +02:00
										 |  |  |   def github_repo_data(user, repo) | 
					
						
							|  |  |  |     @github_repo_data ||= {} | 
					
						
							|  |  |  |     @github_repo_data["#{user}/#{repo}"] ||= GitHub.repository(user, repo) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-22 14:21:06 +02:00
										 |  |  |     @github_repo_data["#{user}/#{repo}"] | 
					
						
							| 
									
										
										
										
											2021-02-15 21:48:21 +05:30
										 |  |  |   rescue GitHub::API::HTTPNotFoundError | 
					
						
							| 
									
										
										
										
											2020-07-20 21:52:35 +02:00
										 |  |  |     nil | 
					
						
							| 
									
										
										
										
											2023-08-25 13:58:51 +01:00
										 |  |  |   rescue GitHub::API::AuthenticationFailedError => e | 
					
						
							| 
									
										
										
										
											2023-08-26 17:16:43 +01:00
										 |  |  |     raise unless e.message.match?(GitHub::API::GITHUB_IP_ALLOWLIST_ERROR) | 
					
						
							| 
									
										
										
										
											2020-07-20 21:52:35 +02:00
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |   def github_release_data(user, repo, tag) | 
					
						
							|  |  |  |     id = "#{user}/#{repo}/#{tag}" | 
					
						
							| 
									
										
										
										
											2021-02-17 23:22:26 +05:30
										 |  |  |     url = "#{GitHub::API_URL}/repos/#{user}/#{repo}/releases/tags/#{tag}" | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |     @github_release_data ||= {} | 
					
						
							| 
									
										
										
										
											2021-02-17 23:22:26 +05:30
										 |  |  |     @github_release_data[id] ||= GitHub::API.open_rest(url) | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     @github_release_data[id] | 
					
						
							| 
									
										
										
										
											2021-02-15 21:48:21 +05:30
										 |  |  |   rescue GitHub::API::HTTPNotFoundError | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |     nil | 
					
						
							| 
									
										
										
										
											2023-08-25 13:58:51 +01:00
										 |  |  |   rescue GitHub::API::AuthenticationFailedError => e | 
					
						
							| 
									
										
										
										
											2023-08-26 17:16:43 +01:00
										 |  |  |     raise unless e.message.match?(GitHub::API::GITHUB_IP_ALLOWLIST_ERROR) | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-05 05:41:58 +02:00
										 |  |  |   def github_release(user, repo, tag, formula: nil, cask: nil) | 
					
						
							|  |  |  |     release = github_release_data(user, repo, tag) | 
					
						
							|  |  |  |     return unless release | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-12-22 10:51:29 -05:00
										 |  |  |     exception, name, version = if formula | 
					
						
							| 
									
										
										
										
											2021-10-04 21:45:20 -04:00
										 |  |  |       [formula.tap&.audit_exception(:github_prerelease_allowlist, formula.name), formula.name, formula.version] | 
					
						
							| 
									
										
										
										
											2020-12-22 10:51:29 -05:00
										 |  |  |     elsif cask | 
					
						
							| 
									
										
										
										
											2021-10-04 21:45:20 -04:00
										 |  |  |       [cask.tap&.audit_exception(:github_prerelease_allowlist, cask.token), cask.token, cask.version] | 
					
						
							| 
									
										
										
										
											2020-09-05 05:41:58 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-12-22 10:51:29 -05:00
										 |  |  |     return "#{tag} is a GitHub pre-release." if release["prerelease"] && [version, "all"].exclude?(exception) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-12-24 13:36:18 -05:00
										 |  |  |     if !release["prerelease"] && exception | 
					
						
							|  |  |  |       return "#{tag} is not a GitHub pre-release but '#{name}' is in the GitHub prerelease allowlist." | 
					
						
							|  |  |  |     end | 
					
						
							| 
									
										
										
										
											2020-09-05 05:41:58 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     return "#{tag} is a GitHub draft." if release["draft"] | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-20 21:52:35 +02:00
										 |  |  |   def gitlab_repo_data(user, repo) | 
					
						
							|  |  |  |     @gitlab_repo_data ||= {} | 
					
						
							|  |  |  |     @gitlab_repo_data["#{user}/#{repo}"] ||= begin | 
					
						
							| 
									
										
										
										
											2023-09-04 22:17:57 -04:00
										 |  |  |       out, _, status = Utils::Curl.curl_output("https://gitlab.com/api/v4/projects/#{user}%2F#{repo}") | 
					
						
							| 
									
										
										
										
											2023-09-13 09:31:34 +01:00
										 |  |  |       json = JSON.parse(out) if status.success? | 
					
						
							|  |  |  |       json = nil if json&.dig("message")&.include?("404 Project Not Found") | 
					
						
							|  |  |  |       json | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2020-07-20 21:52:35 +02:00
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |   def gitlab_release_data(user, repo, tag) | 
					
						
							|  |  |  |     id = "#{user}/#{repo}/#{tag}" | 
					
						
							|  |  |  |     @gitlab_release_data ||= {} | 
					
						
							|  |  |  |     @gitlab_release_data[id] ||= begin | 
					
						
							| 
									
										
										
										
											2023-09-04 22:17:57 -04:00
										 |  |  |       out, _, status = Utils::Curl.curl_output( | 
					
						
							| 
									
										
										
										
											2020-09-05 13:29:48 -04:00
										 |  |  |         "https://gitlab.com/api/v4/projects/#{user}%2F#{repo}/releases/#{tag}", "--fail" | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |       ) | 
					
						
							| 
									
										
										
										
											2020-11-10 00:11:22 +11:00
										 |  |  |       JSON.parse(out) if status.success? | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-12-21 12:53:12 -05:00
										 |  |  |   def gitlab_release(user, repo, tag, formula: nil, cask: nil) | 
					
						
							| 
									
										
										
										
											2020-09-05 06:07:55 +02:00
										 |  |  |     release = gitlab_release_data(user, repo, tag) | 
					
						
							|  |  |  |     return unless release | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-08-24 20:10:01 -07:00
										 |  |  |     return if DateTime.parse(release["released_at"]) <= DateTime.now | 
					
						
							| 
									
										
										
										
											2020-12-21 12:53:12 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-12-22 10:51:29 -05:00
										 |  |  |     exception, version = if formula | 
					
						
							| 
									
										
										
										
											2021-10-04 21:45:20 -04:00
										 |  |  |       [formula.tap&.audit_exception(:gitlab_prerelease_allowlist, formula.name), formula.version] | 
					
						
							| 
									
										
										
										
											2020-12-21 12:53:12 -05:00
										 |  |  |     elsif cask | 
					
						
							| 
									
										
										
										
											2021-10-04 21:45:20 -04:00
										 |  |  |       [cask.tap&.audit_exception(:gitlab_prerelease_allowlist, cask.token), cask.version] | 
					
						
							| 
									
										
										
										
											2020-12-21 12:53:12 -05:00
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2020-12-22 10:51:29 -05:00
										 |  |  |     return if [version, "all"].include?(exception) | 
					
						
							| 
									
										
										
										
											2020-09-05 06:07:55 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     "#{tag} is a GitLab pre-release." | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-20 21:52:35 +02:00
										 |  |  |   def github(user, repo) | 
					
						
							|  |  |  |     metadata = github_repo_data(user, repo) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |     return if metadata.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-12-21 12:53:12 -05:00
										 |  |  |     return "GitHub fork (not canonical repository)" if metadata["fork"] | 
					
						
							| 
									
										
										
										
											2020-09-05 19:08:44 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |     if (metadata["forks_count"] < 30) && (metadata["subscribers_count"] < 30) && | 
					
						
							|  |  |  |        (metadata["stargazers_count"] < 75) | 
					
						
							|  |  |  |       return "GitHub repository not notable enough (<30 forks, <30 watchers and <75 stars)" | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return if Date.parse(metadata["created_at"]) <= (Date.today - 30) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     "GitHub repository too new (<30 days old)" | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   def gitlab(user, repo) | 
					
						
							| 
									
										
										
										
											2020-07-20 21:52:35 +02:00
										 |  |  |     metadata = gitlab_repo_data(user, repo) | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     return if metadata.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return "GitLab fork (not canonical repository)" if metadata["fork"] | 
					
						
							|  |  |  |     if (metadata["forks_count"] < 30) && (metadata["star_count"] < 75) | 
					
						
							|  |  |  |       return "GitLab repository not notable enough (<30 forks and <75 stars)" | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return if Date.parse(metadata["created_at"]) <= (Date.today - 30) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     "GitLab repository too new (<30 days old)" | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   def bitbucket(user, repo) | 
					
						
							|  |  |  |     api_url = "https://api.bitbucket.org/2.0/repositories/#{user}/#{repo}" | 
					
						
							| 
									
										
										
										
											2023-09-04 22:17:57 -04:00
										 |  |  |     out, _, status = Utils::Curl.curl_output("--request", "GET", api_url) | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |     return unless status.success? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     metadata = JSON.parse(out) | 
					
						
							|  |  |  |     return if metadata.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return "Uses deprecated mercurial support in Bitbucket" if metadata["scm"] == "hg" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return "Bitbucket fork (not canonical repository)" unless metadata["parent"].nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return "Bitbucket repository too new (<30 days old)" if Date.parse(metadata["created_on"]) >= (Date.today - 30) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-04 22:17:57 -04:00
										 |  |  |     forks_out, _, forks_status = Utils::Curl.curl_output("--request", "GET", "#{api_url}/forks") | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |     return unless forks_status.success? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-04 22:17:57 -04:00
										 |  |  |     watcher_out, _, watcher_status = Utils::Curl.curl_output("--request", "GET", "#{api_url}/watchers") | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |     return unless watcher_status.success? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     forks_metadata = JSON.parse(forks_out) | 
					
						
							|  |  |  |     return if forks_metadata.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     watcher_metadata = JSON.parse(watcher_out) | 
					
						
							|  |  |  |     return if watcher_metadata.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-10-19 12:02:59 -04:00
										 |  |  |     return if forks_metadata["size"] >= 30 || watcher_metadata["size"] >= 75
 | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     "Bitbucket repository not notable enough (<30 forks and <75 watchers)" | 
					
						
							|  |  |  |   end | 
					
						
							| 
									
										
										
										
											2020-09-09 08:57:56 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |   def github_tag_from_url(url) | 
					
						
							|  |  |  |     url = url.to_s | 
					
						
							|  |  |  |     tag = url.match(%r{^https://github\.com/[\w-]+/[\w-]+/archive/([^/]+)\.(tar\.gz|zip)$}) | 
					
						
							|  |  |  |              .to_a | 
					
						
							|  |  |  |              .second | 
					
						
							|  |  |  |     tag ||= url.match(%r{^https://github\.com/[\w-]+/[\w-]+/releases/download/([^/]+)/}) | 
					
						
							|  |  |  |                .to_a | 
					
						
							|  |  |  |                .second | 
					
						
							|  |  |  |     tag | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   def gitlab_tag_from_url(url) | 
					
						
							|  |  |  |     url = url.to_s | 
					
						
							|  |  |  |     url.match(%r{^https://gitlab\.com/[\w-]+/[\w-]+/-/archive/([^/]+)/}) | 
					
						
							|  |  |  |        .to_a | 
					
						
							|  |  |  |        .second | 
					
						
							|  |  |  |   end | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  | end |