| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  | # typed: strict | 
					
						
							| 
									
										
										
										
											2019-04-19 15:38:03 +09:00
										 |  |  | # frozen_string_literal: true | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-06 21:10:16 +01:00
										 |  |  | require "cask/denylist" | 
					
						
							| 
									
										
										
										
											2018-09-03 19:39:07 +01:00
										 |  |  | require "cask/download" | 
					
						
							| 
									
										
										
										
											2025-08-11 22:59:48 +10:00
										 |  |  | require "cask/installer" | 
					
						
							| 
									
										
										
										
											2025-08-14 03:31:30 +00:00
										 |  |  | require "cask/quarantine" | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | require "digest" | 
					
						
							| 
									
										
										
										
											2020-12-14 14:30:36 +01:00
										 |  |  | require "livecheck/livecheck" | 
					
						
							| 
									
										
										
										
											2023-05-19 19:43:15 +02:00
										 |  |  | require "source_location" | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  | require "system_command" | 
					
						
							| 
									
										
										
										
											2024-07-14 08:49:39 -04:00
										 |  |  | require "utils/backtrace" | 
					
						
							| 
									
										
										
										
											2024-07-30 21:43:30 +02:00
										 |  |  | require "formula_name_cask_token_auditor" | 
					
						
							| 
									
										
										
										
											2018-10-10 21:36:02 +00:00
										 |  |  | require "utils/curl" | 
					
						
							| 
									
										
										
										
											2017-05-07 06:41:40 +02:00
										 |  |  | require "utils/git" | 
					
						
							| 
									
										
										
										
											2020-08-26 09:42:39 +02:00
										 |  |  | require "utils/shared_audits" | 
					
						
							| 
									
										
										
										
											2025-08-20 19:20:19 +01:00
										 |  |  | require "utils/output" | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-06 08:29:14 +02:00
										 |  |  | module Cask | 
					
						
							| 
									
										
										
										
											2020-08-24 21:32:40 +02:00
										 |  |  |   # Audit a cask for various problems. | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |   class Audit | 
					
						
							| 
									
										
										
										
											2024-01-26 17:33:55 -08:00
										 |  |  |     include SystemCommand::Mixin | 
					
						
							| 
									
										
										
										
											2023-09-06 00:12:57 +08:00
										 |  |  |     include ::Utils::Curl | 
					
						
							| 
									
										
										
										
											2025-08-20 19:20:19 +01:00
										 |  |  |     include ::Utils::Output::Mixin | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |     Error = T.type_alias do | 
					
						
							|  |  |  |       { | 
					
						
							|  |  |  |         message:   T.nilable(String), | 
					
						
							|  |  |  |         location:  T.nilable(Homebrew::SourceLocation), | 
					
						
							|  |  |  |         corrected: T::Boolean, | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |     sig { returns(Cask) } | 
					
						
							|  |  |  |     attr_reader :cask | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T.nilable(Download)) } | 
					
						
							|  |  |  |     attr_reader :download | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-02-24 14:49:33 -08:00
										 |  |  |     sig { | 
					
						
							|  |  |  |       params( | 
					
						
							| 
									
										
										
										
											2025-06-23 16:08:13 +01:00
										 |  |  |         cask: ::Cask::Cask, download: T::Boolean, quarantine: T::Boolean, | 
					
						
							| 
									
										
										
										
											2025-02-24 14:49:33 -08:00
										 |  |  |         online: T.nilable(T::Boolean), strict: T.nilable(T::Boolean), signing: T.nilable(T::Boolean), | 
					
						
							|  |  |  |         new_cask: T.nilable(T::Boolean), only: T::Array[String], except: T::Array[String] | 
					
						
							|  |  |  |       ).void | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def initialize( | 
					
						
							|  |  |  |       cask, | 
					
						
							| 
									
										
										
										
											2025-02-24 14:49:33 -08:00
										 |  |  |       download: false, quarantine: false, | 
					
						
							| 
									
										
										
										
											2025-06-23 16:08:13 +01:00
										 |  |  |       online: nil, strict: nil, signing: nil, | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |       new_cask: nil, only: [], except: [] | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2025-06-23 16:08:13 +01:00
										 |  |  |       # `new_cask` implies `online`, `strict` and `signing` | 
					
						
							| 
									
										
										
										
											2020-09-04 04:14:37 +02:00
										 |  |  |       online = new_cask if online.nil? | 
					
						
							|  |  |  |       strict = new_cask if strict.nil? | 
					
						
							| 
									
										
										
										
											2022-08-01 14:30:04 +02:00
										 |  |  |       signing = new_cask if signing.nil? | 
					
						
							| 
									
										
										
										
											2020-09-04 04:14:37 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-03-29 20:49:29 +02:00
										 |  |  |       # `online` and `signing` imply `download` | 
					
						
							| 
									
										
										
										
											2025-02-24 14:49:33 -08:00
										 |  |  |       download ||= online || signing | 
					
						
							| 
									
										
										
										
											2020-09-04 04:14:37 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |       @cask = cask | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       @download = T.let(nil, T.nilable(Download)) | 
					
						
							| 
									
										
										
										
											2024-03-07 16:20:20 +00:00
										 |  |  |       @download = Download.new(cask, quarantine:) if download | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |       @online = online | 
					
						
							|  |  |  |       @strict = strict | 
					
						
							| 
									
										
										
										
											2022-08-01 14:30:04 +02:00
										 |  |  |       @signing = signing | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |       @new_cask = new_cask | 
					
						
							| 
									
										
										
										
											2025-02-24 14:49:33 -08:00
										 |  |  |       @only = only | 
					
						
							|  |  |  |       @except = except | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-02-24 14:49:33 -08:00
										 |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def new_cask? = !!@new_cask | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def online? =!!@online | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def signing? = !!@signing | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def strict? = !!@strict | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(::Cask::Audit) } | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |     def run! | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |       only_audits = @only | 
					
						
							|  |  |  |       except_audits = @except | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |       private_methods.map(&:to_s).grep(/^audit_/).each do |audit_method_name| | 
					
						
							|  |  |  |         name = audit_method_name.delete_prefix("audit_") | 
					
						
							| 
									
										
										
										
											2025-02-24 14:49:33 -08:00
										 |  |  |         next if !only_audits.empty? && only_audits.exclude?(name) | 
					
						
							|  |  |  |         next if except_audits.include?(name) | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |         send(audit_method_name) | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |       self | 
					
						
							| 
									
										
										
										
											2018-09-02 20:14:54 +01:00
										 |  |  |     rescue => e | 
					
						
							| 
									
										
										
										
											2023-09-11 21:54:27 -07:00
										 |  |  |       odebug e, ::Utils::Backtrace.clean(e) | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |       add_error "exception while auditing #{cask}: #{e.message}" | 
					
						
							|  |  |  |       self | 
					
						
							|  |  |  |     end | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |     sig { returns(T::Array[Error]) } | 
					
						
							| 
									
										
										
										
											2020-07-28 09:08:37 +02:00
										 |  |  |     def errors | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       @errors ||= T.let([], T.nilable(T::Array[Error])) | 
					
						
							| 
									
										
										
										
											2020-07-28 09:08:37 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def errors? | 
					
						
							|  |  |  |       errors.any? | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def success? | 
					
						
							| 
									
										
										
										
											2023-03-30 23:52:24 +01:00
										 |  |  |       !errors? | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-19 19:43:15 +02:00
										 |  |  |     sig { | 
					
						
							|  |  |  |       params( | 
					
						
							|  |  |  |         message:     T.nilable(String), | 
					
						
							|  |  |  |         location:    T.nilable(Homebrew::SourceLocation), | 
					
						
							|  |  |  |         strict_only: T::Boolean, | 
					
						
							|  |  |  |       ).void | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2023-04-04 17:22:00 +01:00
										 |  |  |     def add_error(message, location: nil, strict_only: false) | 
					
						
							| 
									
										
										
										
											2023-03-31 01:25:36 +01:00
										 |  |  |       # Only raise non-critical audits if the user specified `--strict`. | 
					
						
							| 
									
										
										
										
											2023-04-04 17:22:00 +01:00
										 |  |  |       return if strict_only && !@strict | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       errors << { message:, location:, corrected: false } | 
					
						
							| 
									
										
										
										
											2020-07-28 09:08:37 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |     sig { returns(T.nilable(String)) } | 
					
						
							| 
									
										
										
										
											2020-07-28 09:08:37 +02:00
										 |  |  |     def result | 
					
						
							| 
									
										
										
										
											2023-03-30 23:52:24 +01:00
										 |  |  |       Formatter.error("failed") if errors? | 
					
						
							| 
									
										
										
										
											2020-07-28 09:08:37 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-03-30 23:52:24 +01:00
										 |  |  |     sig { returns(T.nilable(String)) } | 
					
						
							|  |  |  |     def summary | 
					
						
							| 
									
										
										
										
											2023-03-29 00:40:46 +01:00
										 |  |  |       return if success? | 
					
						
							| 
									
										
										
										
											2021-03-21 13:59:43 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-28 09:08:37 +02:00
										 |  |  |       summary = ["audit for #{cask}: #{result}"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       errors.each do |error| | 
					
						
							| 
									
										
										
										
											2021-04-03 03:49:41 +02:00
										 |  |  |         summary << " #{Formatter.error("-")} #{error[:message]}" | 
					
						
							| 
									
										
										
										
											2020-07-28 09:08:37 +02:00
										 |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       summary.join("\n") | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |     private | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_untrusted_pkg | 
					
						
							| 
									
										
										
										
											2018-03-25 15:30:16 +10:00
										 |  |  |       odebug "Auditing pkg stanza: allow_untrusted" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       return if @cask.sourcefile_path.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       tap = @cask.tap | 
					
						
							| 
									
										
										
										
											2018-05-15 16:52:10 +02:00
										 |  |  |       return if tap.nil? | 
					
						
							| 
									
										
										
										
											2018-05-25 18:03:16 +02:00
										 |  |  |       return if tap.user != "Homebrew" | 
					
						
							| 
									
										
										
										
											2018-03-25 15:30:16 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-07 13:49:05 -08:00
										 |  |  |       return if cask.artifacts.none? { |k| k.is_a?(Artifact::Pkg) && k.stanza_options.key?(:allow_untrusted) } | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-14 01:26:06 +02:00
										 |  |  |       add_error "allow_untrusted is not permitted in official Homebrew Cask taps" | 
					
						
							| 
									
										
										
										
											2018-03-25 15:30:16 +10:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_stanza_requires_uninstall | 
					
						
							| 
									
										
										
										
											2018-05-19 12:38:47 +10:00
										 |  |  |       odebug "Auditing stanzas which require an uninstall" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-06 06:47:29 +02:00
										 |  |  |       return if cask.artifacts.none? { |k| k.is_a?(Artifact::Pkg) || k.is_a?(Artifact::Installer) } | 
					
						
							| 
									
										
										
										
											2021-03-01 13:43:47 +00:00
										 |  |  |       return if cask.artifacts.any?(Artifact::Uninstall) | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-14 01:26:06 +02:00
										 |  |  |       add_error "installer and pkg stanzas require an uninstall stanza" | 
					
						
							| 
									
										
										
										
											2018-05-19 12:38:47 +10:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_single_pre_postflight | 
					
						
							| 
									
										
										
										
											2017-10-30 20:47:22 -03:00
										 |  |  |       odebug "Auditing preflight and postflight stanzas" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-06 06:47:29 +02:00
										 |  |  |       if cask.artifacts.count { |k| k.is_a?(Artifact::PreflightBlock) && k.directives.key?(:preflight) } > 1
 | 
					
						
							| 
									
										
										
										
											2020-09-14 01:26:06 +02:00
										 |  |  |         add_error "only a single preflight stanza is allowed" | 
					
						
							| 
									
										
										
										
											2017-11-01 22:35:41 -03:00
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2017-10-30 20:47:22 -03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-02 16:15:09 +01:00
										 |  |  |       count = cask.artifacts.count do |k| | 
					
						
							| 
									
										
										
										
											2018-09-06 06:47:29 +02:00
										 |  |  |         k.is_a?(Artifact::PostflightBlock) && | 
					
						
							| 
									
										
										
										
											2018-09-02 16:15:09 +01:00
										 |  |  |           k.directives.key?(:postflight) | 
					
						
							|  |  |  |       end | 
					
						
							| 
									
										
										
										
											2023-04-18 15:06:50 -07:00
										 |  |  |       return if count <= 1
 | 
					
						
							| 
									
										
										
										
											2018-09-02 16:15:09 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-14 01:26:06 +02:00
										 |  |  |       add_error "only a single postflight stanza is allowed" | 
					
						
							| 
									
										
										
										
											2017-10-30 20:47:22 -03:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_single_uninstall_zap | 
					
						
							| 
									
										
										
										
											2017-10-27 16:53:22 -03:00
										 |  |  |       odebug "Auditing single uninstall_* and zap stanzas" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-02 16:15:09 +01:00
										 |  |  |       count = cask.artifacts.count do |k| | 
					
						
							| 
									
										
										
										
											2018-09-06 06:47:29 +02:00
										 |  |  |         k.is_a?(Artifact::PreflightBlock) && | 
					
						
							| 
									
										
										
										
											2018-09-02 16:15:09 +01:00
										 |  |  |           k.directives.key?(:uninstall_preflight) | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-14 01:26:06 +02:00
										 |  |  |       add_error "only a single uninstall_preflight stanza is allowed" if count > 1
 | 
					
						
							| 
									
										
										
										
											2017-10-27 16:53:22 -03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-02 16:15:09 +01:00
										 |  |  |       count = cask.artifacts.count do |k| | 
					
						
							| 
									
										
										
										
											2018-09-06 06:47:29 +02:00
										 |  |  |         k.is_a?(Artifact::PostflightBlock) && | 
					
						
							| 
									
										
										
										
											2018-09-02 16:15:09 +01:00
										 |  |  |           k.directives.key?(:uninstall_postflight) | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-14 01:26:06 +02:00
										 |  |  |       add_error "only a single uninstall_postflight stanza is allowed" if count > 1
 | 
					
						
							| 
									
										
										
										
											2017-10-27 16:53:22 -03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-18 15:06:50 -07:00
										 |  |  |       return if cask.artifacts.count { |k| k.is_a?(Artifact::Zap) } <= 1
 | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-14 01:26:06 +02:00
										 |  |  |       add_error "only a single zap stanza is allowed" | 
					
						
							| 
									
										
										
										
											2017-10-27 16:53:22 -03:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_required_stanzas | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |       odebug "Auditing required stanzas" | 
					
						
							| 
									
										
										
										
											2016-10-14 20:17:25 +02:00
										 |  |  |       [:version, :sha256, :url, :homepage].each do |sym| | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |         add_error "a #{sym} stanza is required" unless cask.send(sym) | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  |       add_error "at least one name stanza is required" if cask.name.empty? | 
					
						
							|  |  |  |       # TODO: specific DSL knowledge should not be spread around in various files like this | 
					
						
							| 
									
										
										
										
											2020-09-11 10:29:21 +01:00
										 |  |  |       rejected_artifacts = [:uninstall, :zap] | 
					
						
							|  |  |  |       installable_artifacts = cask.artifacts.reject { |k| rejected_artifacts.include?(k) } | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |       add_error "at least one activatable artifact stanza is required" if installable_artifacts.empty? | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_description | 
					
						
							|  |  |  |       # Fonts seldom benefit from descriptions and requiring them disproportionately | 
					
						
							|  |  |  |       # increases the maintenance burden. | 
					
						
							| 
									
										
										
										
											2024-05-15 21:39:13 -07:00
										 |  |  |       return if cask.tap == "homebrew/cask" && cask.token.include?("font-") | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-04 17:22:00 +01:00
										 |  |  |       add_error("Cask should have a description. Please add a `desc` stanza.", strict_only: true) if cask.desc.blank? | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-13 21:15:59 +01:00
										 |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_version_special_characters | 
					
						
							|  |  |  |       return unless cask.version | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       return if cask.version.latest? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       raw_version = cask.version.raw_version | 
					
						
							|  |  |  |       return if raw_version.exclude?(":") && raw_version.exclude?("/") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       add_error "version should not contain colons or slashes" | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_no_string_version_latest | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |       return unless cask.version | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing version :latest does not appear as a string ('latest')" | 
					
						
							| 
									
										
										
										
											2023-04-18 15:06:50 -07:00
										 |  |  |       return if cask.version.raw_version != "latest" | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |       add_error "you should use version :latest instead of version 'latest'" | 
					
						
							|  |  |  |     end | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_sha256_no_check_if_latest | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |       return unless cask.sha256 | 
					
						
							| 
									
										
										
										
											2023-09-06 22:30:43 -07:00
										 |  |  |       return unless cask.version | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |       odebug "Auditing sha256 :no_check with version :latest" | 
					
						
							| 
									
										
										
										
											2018-09-10 19:35:08 +02:00
										 |  |  |       return unless cask.version.latest? | 
					
						
							|  |  |  |       return if cask.sha256 == :no_check | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |       add_error "you should use sha256 :no_check when version is :latest" | 
					
						
							|  |  |  |     end | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_sha256_no_check_if_unversioned | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |       return unless cask.sha256 | 
					
						
							| 
									
										
										
										
											2020-12-07 23:02:55 +01:00
										 |  |  |       return if cask.sha256 == :no_check | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-19 19:43:15 +02:00
										 |  |  |       return unless cask.url&.unversioned? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       add_error "Use `sha256 :no_check` when URL is unversioned." | 
					
						
							| 
									
										
										
										
											2020-12-07 23:02:55 +01:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_sha256_actually_256 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |       return unless cask.sha256 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing sha256 string is a legal SHA-256 digest" | 
					
						
							| 
									
										
										
										
											2020-11-19 18:12:16 +01:00
										 |  |  |       return unless cask.sha256.is_a?(Checksum) | 
					
						
							|  |  |  |       return if cask.sha256.length == 64 && cask.sha256[/^[0-9a-f]+$/i] | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-11-19 18:12:16 +01:00
										 |  |  |       add_error "sha256 string must be of 64 hexadecimal characters" | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_sha256_invalid | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |       return unless cask.sha256 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing sha256 is not a known invalid value" | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |       empty_sha256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" | 
					
						
							| 
									
										
										
										
											2023-04-18 15:06:50 -07:00
										 |  |  |       return if cask.sha256 != empty_sha256 | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-11-19 18:12:16 +01:00
										 |  |  |       add_error "cannot use the sha256 for an empty string: #{empty_sha256}" | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-03-29 20:49:29 +02:00
										 |  |  |     def audit_latest_with_livecheck | 
					
						
							| 
									
										
										
										
											2023-09-06 22:30:43 -07:00
										 |  |  |       return unless cask.version&.latest? | 
					
						
							| 
									
										
											  
											
												livecheck: clarify livecheckable language
Formulae, casks, and resources have a `#livecheckable?` method that
indicates whether they contain a `livecheck` block. This is intended
to be read as "has a livecheckable?", not "is livecheckable?" (as
livecheck can find versions for some packages/resources without a
`livecheck` block). Unfortunately, correct understanding of this
method's behavior [outside of documentation] relies on historical
knowledge that few people possess, so this is often confusing to
anyone who hasn't been working on livecheck since 2020.
In the olden days, a "livecheckable" was a Ruby file containing a
`livecheck` block (originally a hash) with a filename that
corresponded to a related formula. The `livecheck` blocks in
livecheckable files were integrated into their respective formulae in
August 2020, so [first-party] livecheckables ceased to exist at that
time. From that point forward, we simply referred to these as
`livecheck` blocks.
With that in mind, this clarifies the situation by replacing
"livecheckable" language. This includes renaming `#livecheckable?` to
`#livecheck_defined?`, replacing usage of "livecheckable" as a noun
with "`livecheck` block", replacing "livecheckable" as a boolean with
"livecheck_defined", and replacing incorrect usage of "livecheckable"
as an adjective with "checkable".
											
										 
											2024-11-27 18:20:56 -05:00
										 |  |  |       return unless cask.livecheck_defined? | 
					
						
							| 
									
										
										
										
											2023-02-28 10:29:28 +01:00
										 |  |  |       return if cask.livecheck.skip? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       add_error "Casks with a `livecheck` should not use `version :latest`." | 
					
						
							| 
									
										
										
										
											2018-03-27 20:56:01 +10:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_latest_with_auto_updates | 
					
						
							| 
									
										
										
										
											2023-09-06 22:30:43 -07:00
										 |  |  |       return unless cask.version&.latest? | 
					
						
							| 
									
										
										
										
											2018-07-12 16:13:46 +10:00
										 |  |  |       return unless cask.auto_updates | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-08 03:48:53 +01:00
										 |  |  |       add_error "Casks with `version :latest` should not use `auto_updates`." | 
					
						
							| 
									
										
										
										
											2018-07-12 16:13:46 +10:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-23 13:23:18 -07:00
										 |  |  |     LIVECHECK_REFERENCE_URL = "https://docs.brew.sh/Cask-Cookbook#stanza-livecheck" | 
					
						
							| 
									
										
										
										
											2025-02-17 18:34:18 -08:00
										 |  |  |     private_constant :LIVECHECK_REFERENCE_URL | 
					
						
							| 
									
										
										
										
											2021-01-28 16:17:40 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-24 16:20:51 -08:00
										 |  |  |     sig { params(livecheck_result: T.any(NilClass, T::Boolean, Symbol)).void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_hosting_with_livecheck(livecheck_result: audit_livecheck_version) | 
					
						
							| 
									
										
										
										
											2024-05-07 12:01:26 +01:00
										 |  |  |       return if cask.deprecated? || cask.disabled? | 
					
						
							| 
									
										
										
										
											2023-09-06 22:30:43 -07:00
										 |  |  |       return if cask.version&.latest? | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							| 
									
										
											  
											
												livecheck: clarify livecheckable language
Formulae, casks, and resources have a `#livecheckable?` method that
indicates whether they contain a `livecheck` block. This is intended
to be read as "has a livecheckable?", not "is livecheckable?" (as
livecheck can find versions for some packages/resources without a
`livecheck` block). Unfortunately, correct understanding of this
method's behavior [outside of documentation] relies on historical
knowledge that few people possess, so this is often confusing to
anyone who hasn't been working on livecheck since 2020.
In the olden days, a "livecheckable" was a Ruby file containing a
`livecheck` block (originally a hash) with a filename that
corresponded to a related formula. The `livecheck` blocks in
livecheckable files were integrated into their respective formulae in
August 2020, so [first-party] livecheckables ceased to exist at that
time. From that point forward, we simply referred to these as
`livecheck` blocks.
With that in mind, this clarifies the situation by replacing
"livecheckable" language. This includes renaming `#livecheckable?` to
`#livecheck_defined?`, replacing usage of "livecheckable" as a noun
with "`livecheck` block", replacing "livecheckable" as a boolean with
"livecheck_defined", and replacing incorrect usage of "livecheckable"
as an adjective with "checkable".
											
										 
											2024-11-27 18:20:56 -05:00
										 |  |  |       return if cask.livecheck_defined? | 
					
						
							| 
									
										
										
										
											2021-03-31 07:17:37 +02:00
										 |  |  |       return if livecheck_result == :auto_detected | 
					
						
							| 
									
										
										
										
											2018-06-05 16:42:15 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-31 07:17:37 +02:00
										 |  |  |       add_livecheck = "please add a livecheck. See #{Formatter.url(LIVECHECK_REFERENCE_URL)}" | 
					
						
							| 
									
										
										
										
											2018-06-15 17:01:27 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       case url.to_s | 
					
						
							| 
									
										
										
										
											2018-06-15 17:01:27 +10:00
										 |  |  |       when %r{sourceforge.net/(\S+)} | 
					
						
							| 
									
										
										
										
											2021-04-07 02:19:16 +02:00
										 |  |  |         return unless online? | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |         add_error "Download is hosted on SourceForge, #{add_livecheck}", location: url.location | 
					
						
							| 
									
										
										
										
											2018-06-15 17:01:27 +10:00
										 |  |  |       when %r{dl.devmate.com/(\S+)} | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |         add_error "Download is hosted on DevMate, #{add_livecheck}", location: url.location | 
					
						
							| 
									
										
										
										
											2018-06-15 17:01:27 +10:00
										 |  |  |       when %r{rink.hockeyapp.net/(\S+)} | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |         add_error "Download is hosted on HockeyApp, #{add_livecheck}", location: url.location | 
					
						
							| 
									
										
										
										
											2018-06-15 17:01:27 +10:00
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2018-06-05 16:42:15 +10:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-06 11:46:40 +01:00
										 |  |  |     SOURCEFORGE_OSDN_REFERENCE_URL = "https://docs.brew.sh/Cask-Cookbook#sourceforgeosdn-urls" | 
					
						
							| 
									
										
										
										
											2025-02-17 18:34:18 -08:00
										 |  |  |     private_constant :SOURCEFORGE_OSDN_REFERENCE_URL | 
					
						
							| 
									
										
										
										
											2022-09-06 11:46:40 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_download_url_format | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |       odebug "Auditing URL format" | 
					
						
							| 
									
										
										
										
											2024-05-27 12:22:48 +08:00
										 |  |  |       return unless bad_sourceforge_url? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       add_error "SourceForge URL format incorrect. See #{Formatter.url(SOURCEFORGE_OSDN_REFERENCE_URL)}", | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |                 location: url.location | 
					
						
							| 
									
										
										
										
											2024-05-27 12:22:48 +08:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2024-05-27 12:22:48 +08:00
										 |  |  |     def audit_download_url_is_osdn | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2024-05-27 12:22:48 +08:00
										 |  |  |       return unless bad_osdn_url? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       add_error "OSDN download urls are disabled.", location: url.location, strict_only: true | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-11-07 01:23:31 +00:00
										 |  |  |     VERIFIED_URL_REFERENCE_URL = "https://docs.brew.sh/Cask-Cookbook#when-url-and-homepage-domains-differ-add-verified" | 
					
						
							| 
									
										
										
										
											2025-02-17 18:34:18 -08:00
										 |  |  |     private_constant :VERIFIED_URL_REFERENCE_URL | 
					
						
							| 
									
										
										
										
											2021-01-28 16:17:40 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_unnecessary_verified | 
					
						
							| 
									
										
										
										
											2023-09-06 22:30:43 -07:00
										 |  |  |       return unless cask.url | 
					
						
							| 
									
										
										
										
											2020-09-08 22:12:26 +08:00
										 |  |  |       return unless verified_present? | 
					
						
							|  |  |  |       return unless url_match_homepage? | 
					
						
							|  |  |  |       return unless verified_matches_url? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-28 16:17:40 -08:00
										 |  |  |       add_error "The URL's domain #{Formatter.url(domain)} matches the homepage domain " \ | 
					
						
							|  |  |  |                 "#{Formatter.url(homepage)}, the 'verified' parameter of the 'url' stanza is unnecessary. " \ | 
					
						
							|  |  |  |                 "See #{Formatter.url(VERIFIED_URL_REFERENCE_URL)}" | 
					
						
							| 
									
										
										
										
											2020-09-08 22:12:26 +08:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_missing_verified | 
					
						
							| 
									
										
										
										
											2023-09-06 22:30:43 -07:00
										 |  |  |       return unless cask.url | 
					
						
							| 
									
										
										
										
											2020-12-12 05:55:39 +01:00
										 |  |  |       return if file_url? | 
					
						
							| 
									
										
										
										
											2020-09-08 22:12:26 +08:00
										 |  |  |       return if url_match_homepage? | 
					
						
							|  |  |  |       return if verified_present? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-28 16:17:40 -08:00
										 |  |  |       add_error "The URL's domain #{Formatter.url(domain)} does not match the homepage domain " \ | 
					
						
							|  |  |  |                 "#{Formatter.url(homepage)}, a 'verified' parameter has to be added to the 'url' stanza. " \ | 
					
						
							|  |  |  |                 "See #{Formatter.url(VERIFIED_URL_REFERENCE_URL)}" | 
					
						
							| 
									
										
										
										
											2020-09-08 22:12:26 +08:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_no_match | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2020-09-08 22:12:26 +08:00
										 |  |  |       return unless verified_present? | 
					
						
							| 
									
										
										
										
											2021-01-28 15:27:00 -08:00
										 |  |  |       return if verified_matches_url? | 
					
						
							| 
									
										
										
										
											2020-09-08 22:12:26 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-28 16:17:40 -08:00
										 |  |  |       add_error "Verified URL #{Formatter.url(url_from_verified)} does not match URL " \ | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |                 "#{Formatter.url(strip_url_scheme(url.to_s))}. " \ | 
					
						
							| 
									
										
										
										
											2023-05-19 19:43:15 +02:00
										 |  |  |                 "See #{Formatter.url(VERIFIED_URL_REFERENCE_URL)}", | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |                 location: url.location | 
					
						
							| 
									
										
										
										
											2020-09-08 22:12:26 +08:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_generic_artifacts | 
					
						
							| 
									
										
										
										
											2018-09-06 06:47:29 +02:00
										 |  |  |       cask.artifacts.select { |a| a.is_a?(Artifact::Artifact) }.each do |artifact| | 
					
						
							| 
									
										
										
										
											2017-04-06 00:33:31 +02:00
										 |  |  |         unless artifact.target.absolute? | 
					
						
							|  |  |  |           add_error "target must be absolute path for #{artifact.class.english_name} #{artifact.source}" | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |         end | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  |       end | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_languages | 
					
						
							| 
									
										
										
										
											2020-06-04 23:37:54 +02:00
										 |  |  |       @cask.languages.each do |language| | 
					
						
							| 
									
										
										
										
											2020-08-12 00:04:20 +02:00
										 |  |  |         Locale.parse(language) | 
					
						
							|  |  |  |       rescue Locale::ParserError | 
					
						
							|  |  |  |         add_error "Locale '#{language}' is invalid." | 
					
						
							| 
									
										
										
										
											2020-06-04 23:37:54 +02:00
										 |  |  |       end | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-06-25 22:08:48 +02:00
										 |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_token | 
					
						
							| 
									
										
										
										
											2024-07-30 21:43:30 +02:00
										 |  |  |       token_auditor = Homebrew::FormulaNameCaskTokenAuditor.new(cask.token) | 
					
						
							| 
									
										
										
										
											2024-07-30 21:48:59 +02:00
										 |  |  |       return if (errors = token_auditor.errors).none? | 
					
						
							| 
									
										
										
										
											2024-06-25 22:08:48 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       add_error "Cask token '#{cask.token}' must not contain #{errors.to_sentence(two_words_connector: " or ", | 
					
						
							|  |  |  |                                                                                   last_word_connector: " or ")}."
 | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_token_conflicts | 
					
						
							| 
									
										
										
										
											2023-08-04 16:21:31 +01:00
										 |  |  |       Homebrew.with_no_api_env do | 
					
						
							|  |  |  |         return unless core_formula_names.include?(cask.token) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-06-23 16:08:13 +01:00
										 |  |  |         add_error("cask token conflicts with an existing homebrew/core formula: #{Formatter.url(core_formula_url)}") | 
					
						
							| 
									
										
										
										
											2023-08-04 16:21:31 +01:00
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_token_bad_words | 
					
						
							| 
									
										
										
										
											2020-09-14 02:55:47 +02:00
										 |  |  |       return unless new_cask? | 
					
						
							| 
									
										
										
										
											2020-06-04 23:11:51 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       token = cask.token | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-14 01:26:06 +02:00
										 |  |  |       add_error "cask token contains .app" if token.end_with? ".app" | 
					
						
							| 
									
										
										
										
											2020-06-04 23:11:51 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-24 16:20:51 -08:00
										 |  |  |       match_data = /-(?<designation>alpha|beta|rc|release-candidate)$/.match(cask.token) | 
					
						
							| 
									
										
										
										
											2024-05-02 16:59:33 -04:00
										 |  |  |       if match_data && cask.tap&.official? | 
					
						
							| 
									
										
										
										
											2023-02-24 16:20:51 -08:00
										 |  |  |         add_error "cask token contains version designation '#{match_data[:designation]}'" | 
					
						
							| 
									
										
										
										
											2020-06-04 23:11:51 +02:00
										 |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-04 17:22:00 +01:00
										 |  |  |       add_error("cask token mentions launcher", strict_only: true) if token.end_with? "launcher" | 
					
						
							| 
									
										
										
										
											2020-06-04 23:11:51 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-04 17:22:00 +01:00
										 |  |  |       add_error("cask token mentions desktop", strict_only: true) if token.end_with? "desktop" | 
					
						
							| 
									
										
										
										
											2020-06-04 23:11:51 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-04 17:22:00 +01:00
										 |  |  |       add_error("cask token mentions platform", strict_only: true) if token.end_with? "mac", "osx", "macos" | 
					
						
							| 
									
										
										
										
											2020-06-04 23:11:51 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-04 17:22:00 +01:00
										 |  |  |       add_error("cask token mentions architecture", strict_only: true) if token.end_with? "x86", "32_bit", "x86_64", | 
					
						
							|  |  |  |                                                                                           "64_bit" | 
					
						
							| 
									
										
										
										
											2020-06-04 23:11:51 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-07 13:49:05 -08:00
										 |  |  |       frameworks = %w[cocoa qt gtk wx java] | 
					
						
							|  |  |  |       return if frameworks.include?(token) || !token.end_with?(*frameworks) | 
					
						
							| 
									
										
										
										
											2020-06-04 23:11:51 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-04 17:22:00 +01:00
										 |  |  |       add_error("cask token mentions framework", strict_only: true) | 
					
						
							| 
									
										
										
										
											2020-06-04 23:11:51 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_download | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (download = self.download).blank? || (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2018-09-17 02:45:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-19 19:43:15 +02:00
										 |  |  |       begin | 
					
						
							|  |  |  |         download.fetch | 
					
						
							|  |  |  |       rescue => e | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |         add_error "download not possible: #{e}", location: url.location | 
					
						
							| 
									
										
										
										
											2023-05-19 19:43:15 +02:00
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2016-09-24 13:52:43 +02:00
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2018-10-10 21:36:02 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-21 17:02:01 +01:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-03-29 20:49:29 +02:00
										 |  |  |     def audit_livecheck_unneeded_long_version | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if cask.version.nil? || (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2023-04-18 15:06:50 -07:00
										 |  |  |       return if cask.livecheck.strategy != :sparkle | 
					
						
							| 
									
										
										
										
											2023-02-21 17:02:01 +01:00
										 |  |  |       return unless cask.version.csv.second | 
					
						
							|  |  |  |       return if cask.url.to_s.include? cask.version.csv.second | 
					
						
							| 
									
										
										
										
											2023-02-22 19:43:02 +01:00
										 |  |  |       return if cask.version.csv.third.present? && cask.url.to_s.include?(cask.version.csv.third) | 
					
						
							| 
									
										
										
										
											2023-02-21 17:02:01 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-19 19:43:15 +02:00
										 |  |  |       add_error "Download does not require additional version components. Use `&:short_version` in the livecheck", | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |                 location:    url.location, | 
					
						
							| 
									
										
										
										
											2023-05-19 19:43:15 +02:00
										 |  |  |                 strict_only: true | 
					
						
							| 
									
										
										
										
											2023-02-21 17:02:01 +01:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_signing | 
					
						
							| 
									
										
										
										
											2025-07-21 18:49:29 +10:00
										 |  |  |       return if download.blank? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       url = cask.url | 
					
						
							|  |  |  |       return if url.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       return if !cask.tap.official? && !signing? | 
					
						
							| 
									
										
										
										
											2025-08-13 00:13:57 +10:00
										 |  |  |       return if cask.deprecated? && cask.deprecation_reason != :fails_gatekeeper_check | 
					
						
							| 
									
										
										
										
											2022-08-01 14:30:04 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-14 03:31:30 +00:00
										 |  |  |       unless Quarantine.available? | 
					
						
							|  |  |  |         odebug "Quarantine support is not available, skipping signing audit" | 
					
						
							|  |  |  |         return | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-08-01 14:30:04 +02:00
										 |  |  |       odebug "Auditing signing" | 
					
						
							| 
									
										
										
										
											2023-03-04 15:55:39 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-11 22:08:05 +10:00
										 |  |  |       is_in_skiplist = cask.tap&.audit_exception(:signing_audit_skiplist, cask.token) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  |       extract_artifacts do |artifacts, tmpdir| | 
					
						
							| 
									
										
										
										
											2024-04-03 17:08:09 -04:00
										 |  |  |         is_container = artifacts.any? { |a| a.is_a?(Artifact::App) || a.is_a?(Artifact::Pkg) } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-11 12:37:44 +10:00
										 |  |  |         any_signing_failure = artifacts.any? do |artifact| | 
					
						
							|  |  |  |           next false if artifact.is_a?(Artifact::Binary) && is_container == true | 
					
						
							| 
									
										
										
										
											2024-04-03 17:08:09 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-04-13 18:48:07 +01:00
										 |  |  |           artifact_path = artifact.is_a?(Artifact::Pkg) ? artifact.path : artifact.source | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-04-03 17:08:09 -04:00
										 |  |  |           path = tmpdir/artifact_path.relative_path_from(cask.staged_path) | 
					
						
							| 
									
										
										
										
											2023-04-13 18:48:07 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-14 03:31:30 +00:00
										 |  |  |           unless Quarantine.detect(path) | 
					
						
							|  |  |  |             odebug "#{path} does not have quarantine attributes, skipping signing audit" | 
					
						
							|  |  |  |             next false | 
					
						
							|  |  |  |           end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-04-03 17:08:09 -04:00
										 |  |  |           result = case artifact | 
					
						
							|  |  |  |           when Artifact::Pkg | 
					
						
							|  |  |  |             system_command("spctl", args: ["--assess", "--type", "install", path], print_stderr: false) | 
					
						
							|  |  |  |           when Artifact::App | 
					
						
							| 
									
										
										
										
											2025-07-25 14:23:38 +10:00
										 |  |  |             next opoo "gktool not found, skipping app signing audit" unless which("gktool") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             system_command("gktool", args: ["scan", path], print_stderr: false) | 
					
						
							| 
									
										
										
										
											2024-04-03 17:08:09 -04:00
										 |  |  |           when Artifact::Binary | 
					
						
							| 
									
										
										
										
											2025-07-23 11:28:26 +10:00
										 |  |  |             # Shell scripts cannot be signed, so we skip them | 
					
						
							| 
									
										
										
										
											2025-08-11 12:37:44 +10:00
										 |  |  |             next false if path.text_executable? | 
					
						
							| 
									
										
										
										
											2025-07-23 11:28:26 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-15 22:42:54 -04:00
										 |  |  |             system_command("codesign", args:         ["--verify", "-R=notarized", "--check-notarization", path], | 
					
						
							|  |  |  |                                        print_stderr: false) | 
					
						
							| 
									
										
										
										
											2024-04-03 17:08:09 -04:00
										 |  |  |           else | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |             add_error "Unknown artifact type: #{artifact.class}", location: url.location | 
					
						
							| 
									
										
										
										
											2025-08-31 11:09:44 -07:00
										 |  |  |             next | 
					
						
							| 
									
										
										
										
											2024-04-03 17:08:09 -04:00
										 |  |  |           end | 
					
						
							| 
									
										
										
										
											2023-04-13 18:48:07 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-11 12:37:44 +10:00
										 |  |  |           next false if result.success? | 
					
						
							| 
									
										
										
										
											2025-08-13 00:13:57 +10:00
										 |  |  |           next true if cask.deprecated? && cask.deprecation_reason == :fails_gatekeeper_check | 
					
						
							| 
									
										
										
										
											2025-08-11 22:08:05 +10:00
										 |  |  |           next true if is_in_skiplist | 
					
						
							| 
									
										
										
										
											2023-04-13 18:48:07 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-21 18:49:29 +10:00
										 |  |  |           add_error <<~EOS, location: url.location | 
					
						
							| 
									
										
										
										
											2023-04-13 18:48:07 +01:00
										 |  |  |             Signature verification failed: | 
					
						
							|  |  |  |             #{result.merged_output} | 
					
						
							|  |  |  |             macOS on ARM requires software to be signed. | 
					
						
							|  |  |  |             Please contact the upstream developer to let them know they should sign and notarize their software. | 
					
						
							|  |  |  |           EOS | 
					
						
							| 
									
										
										
										
											2025-08-11 12:37:44 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  |           true | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-11 15:26:44 +10:00
										 |  |  |         return if any_signing_failure | 
					
						
							| 
									
										
										
										
											2025-08-11 22:08:05 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  |         add_error "Cask is in the signing audit skiplist, but does not need to be skipped!" if is_in_skiplist | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-11 15:26:44 +10:00
										 |  |  |         return unless cask.deprecated? | 
					
						
							| 
									
										
										
										
											2025-08-13 00:13:57 +10:00
										 |  |  |         return if cask.deprecation_reason != :fails_gatekeeper_check | 
					
						
							| 
									
										
										
										
											2025-08-11 15:26:44 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  |         add_error <<~EOS | 
					
						
							| 
									
										
										
										
											2025-08-13 00:13:57 +10:00
										 |  |  |           Cask is deprecated because it failed Gatekeeper checks but all artifacts now pass! | 
					
						
							| 
									
										
										
										
											2025-08-11 15:26:44 +10:00
										 |  |  |           Remove the deprecate/disable stanza or update the deprecate/disable reason. | 
					
						
							|  |  |  |         EOS | 
					
						
							| 
									
										
										
										
											2022-08-01 14:30:04 +02:00
										 |  |  |       end | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |     sig { | 
					
						
							|  |  |  |       params( | 
					
						
							|  |  |  |         _block: T.nilable(T.proc.params( | 
					
						
							|  |  |  |           arg0: T::Array[T.any(Artifact::Pkg, Artifact::Relocated)], | 
					
						
							|  |  |  |           arg1: Pathname, | 
					
						
							|  |  |  |         ).void), | 
					
						
							|  |  |  |       ).void | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     def extract_artifacts(&_block) | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  |       return unless online? | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (download = self.download).nil? | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  |       artifacts = cask.artifacts.select do |artifact| | 
					
						
							|  |  |  |         artifact.is_a?(Artifact::Pkg) || artifact.is_a?(Artifact::App) || artifact.is_a?(Artifact::Binary) | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       if @artifacts_extracted && @tmpdir | 
					
						
							|  |  |  |         yield artifacts, @tmpdir if block_given? | 
					
						
							|  |  |  |         return | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       return if artifacts.empty? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       @tmpdir ||= T.let(Pathname(Dir.mktmpdir("cask-audit", HOMEBREW_TEMP)), T.nilable(Pathname)) | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-05-27 13:09:46 -04:00
										 |  |  |       # Clean up tmp dir when @tmpdir object is destroyed | 
					
						
							|  |  |  |       ObjectSpace.define_finalizer( | 
					
						
							|  |  |  |         @tmpdir, | 
					
						
							|  |  |  |         proc { FileUtils.remove_entry(@tmpdir) }, | 
					
						
							|  |  |  |       ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  |       ohai "Downloading and extracting artifacts" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       downloaded_path = download.fetch | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       primary_container = UnpackStrategy.detect(downloaded_path, type: @cask.container&.type, merge_xattrs: true) | 
					
						
							|  |  |  |       return if primary_container.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-04-02 15:49:02 +11:00
										 |  |  |       # If the container has any dependencies we need to install them or unpacking will fail. | 
					
						
							|  |  |  |       if primary_container.dependencies.any? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         install_options = { | 
					
						
							|  |  |  |           show_header:             true, | 
					
						
							|  |  |  |           installed_as_dependency: true, | 
					
						
							|  |  |  |           installed_on_request:    false, | 
					
						
							|  |  |  |           verbose:                 false, | 
					
						
							|  |  |  |         }.compact | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         Homebrew::Install.perform_preinstall_checks_once | 
					
						
							| 
									
										
										
										
											2025-09-02 16:33:04 +08:00
										 |  |  |         formula_installers = primary_container.dependencies.map do |dep| | 
					
						
							|  |  |  |           FormulaInstaller.new( | 
					
						
							| 
									
										
										
										
											2025-04-02 15:49:02 +11:00
										 |  |  |             dep, | 
					
						
							|  |  |  |             **install_options, | 
					
						
							|  |  |  |           ) | 
					
						
							| 
									
										
										
										
											2025-09-02 16:33:04 +08:00
										 |  |  |         end | 
					
						
							|  |  |  |         valid_formula_installers = Homebrew::Install.fetch_formulae(formula_installers) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         formula_installers.each do |fi| | 
					
						
							|  |  |  |           next unless valid_formula_installers.include?(fi) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-04-02 15:49:02 +11:00
										 |  |  |           fi.install | 
					
						
							|  |  |  |           fi.finish | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  |       # Extract the container to the temporary directory. | 
					
						
							|  |  |  |       primary_container.extract_nestedly(to: @tmpdir, basename: downloaded_path.basename, verbose: false) | 
					
						
							| 
									
										
										
										
											2024-05-29 11:36:32 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |       if (nested_container = @cask.container&.nested) | 
					
						
							|  |  |  |         FileUtils.chmod_R "+rw", @tmpdir/nested_container, force: true, verbose: false | 
					
						
							|  |  |  |         UnpackStrategy.detect(@tmpdir/nested_container, merge_xattrs: true) | 
					
						
							|  |  |  |                       .extract_nestedly(to: @tmpdir, verbose: false) | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-11 22:59:48 +10:00
										 |  |  |       # Process rename operations after extraction | 
					
						
							|  |  |  |       # Create a temporary installer to process renames in the audit directory | 
					
						
							|  |  |  |       temp_installer = Installer.new(@cask) | 
					
						
							|  |  |  |       temp_installer.process_rename_operations(target_dir: @tmpdir) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       # Set the flag to indicate that extraction has occurred. | 
					
						
							|  |  |  |       @artifacts_extracted = T.let(true, T.nilable(TrueClass)) | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  |       # Yield the artifacts and temp directory to the block if provided. | 
					
						
							|  |  |  |       yield artifacts, @tmpdir if block_given? | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_rosetta | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  |       return unless online? | 
					
						
							| 
									
										
										
										
											2025-05-20 16:09:23 -04:00
										 |  |  |       # Rosetta 2 is only for ARM-capable macOS versions, which are Big Sur (11.x) and later | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  |       return if Homebrew::SimulateSystem.current_arch != :arm | 
					
						
							| 
									
										
										
										
											2025-05-20 16:09:23 -04:00
										 |  |  |       return if MacOSVersion::SYMBOLS.fetch(Homebrew::SimulateSystem.current_os, "10") < "11" | 
					
						
							|  |  |  |       return if cask.depends_on.macos&.maximum_version.to_s < "11" | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing Rosetta 2 requirement" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       extract_artifacts do |artifacts, tmpdir| | 
					
						
							| 
									
										
										
										
											2024-06-27 12:13:31 -04:00
										 |  |  |         is_container = artifacts.any? { |a| a.is_a?(Artifact::App) || a.is_a?(Artifact::Pkg) } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-11 12:37:44 +10:00
										 |  |  |         mentions_rosetta = cask.caveats.include?("requires Rosetta 2") | 
					
						
							|  |  |  |         requires_intel = cask.depends_on.arch&.any? { |arch| arch[:type] == :intel } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-18 13:22:20 +10:00
										 |  |  |         artifacts_to_test = artifacts.filter do |artifact| | 
					
						
							| 
									
										
										
										
											2025-08-11 12:37:44 +10:00
										 |  |  |           next false if !artifact.is_a?(Artifact::App) && !artifact.is_a?(Artifact::Binary) | 
					
						
							|  |  |  |           next false if artifact.is_a?(Artifact::Binary) && is_container | 
					
						
							| 
									
										
										
										
											2024-06-27 12:13:31 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-18 13:22:20 +10:00
										 |  |  |           true | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         next if artifacts_to_test.blank? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         any_requires_rosetta = artifacts_to_test.any? do |artifact| | 
					
						
							|  |  |  |           artifact = T.cast(artifact, T.any(Artifact::App, Artifact::Binary)) | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  |           path = tmpdir/artifact.source.relative_path_from(cask.staged_path) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           result = case artifact | 
					
						
							|  |  |  |           when Artifact::App | 
					
						
							| 
									
										
										
										
											2024-06-28 08:33:20 +01:00
										 |  |  |             files = Dir[path/"Contents/MacOS/*"].select do |f| | 
					
						
							|  |  |  |               File.executable?(f) && !File.directory?(f) && !f.end_with?(".dylib") | 
					
						
							| 
									
										
										
										
											2024-06-27 12:13:31 -04:00
										 |  |  |             end | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |             add_error "No binaries in App: #{artifact.source}", location: url.location if files.empty? | 
					
						
							| 
									
										
										
										
											2024-08-21 09:50:15 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |             main_binary = get_plist_main_binary(path) | 
					
						
							| 
									
										
										
										
											2025-08-31 11:09:44 -07:00
										 |  |  |             main_binary ||= files.fetch(0) | 
					
						
							| 
									
										
										
										
											2024-08-21 09:50:15 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |             system_command("lipo", args: ["-archs", main_binary], print_stderr: false) | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  |           when Artifact::Binary | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |             binary_path = path.to_s.gsub(cask.appdir, tmpdir.to_s) | 
					
						
							| 
									
										
										
										
											2024-06-28 09:28:55 +02:00
										 |  |  |             system_command("lipo", args: ["-archs", binary_path], print_stderr: true) | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  |           else | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |             T.absurd(artifact) | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  |           end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-06-28 09:28:55 +02:00
										 |  |  |           # binary stanza can contain shell scripts, so we just continue if lipo fails. | 
					
						
							| 
									
										
										
										
											2025-08-11 12:37:44 +10:00
										 |  |  |           next false unless result.success? | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-05-20 16:09:23 -04:00
										 |  |  |           odebug "Architectures: #{result.merged_output}" | 
					
						
							| 
									
										
										
										
											2024-06-27 20:36:51 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |           unless /arm64|x86_64/.match?(result.merged_output) | 
					
						
							|  |  |  |             add_error "Artifacts architecture is no longer supported by macOS!", | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |                       location: url.location | 
					
						
							| 
									
										
										
										
											2024-06-27 20:36:51 +02:00
										 |  |  |             next | 
					
						
							|  |  |  |           end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-11 15:26:36 +10:00
										 |  |  |           result.merged_output.exclude?("arm64") && result.merged_output.include?("x86_64") | 
					
						
							| 
									
										
										
										
											2025-08-11 12:37:44 +10:00
										 |  |  |         end | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-11 12:37:44 +10:00
										 |  |  |         if any_requires_rosetta | 
					
						
							|  |  |  |           if !mentions_rosetta && !requires_intel | 
					
						
							|  |  |  |             add_error "At least one artifact requires Rosetta 2 but this is not indicated by the caveats!", | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |                       location: url.location | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  |           end | 
					
						
							| 
									
										
										
										
											2025-08-11 12:37:44 +10:00
										 |  |  |         elsif mentions_rosetta | 
					
						
							|  |  |  |           add_error "No artifacts require Rosetta 2 but the caveats say otherwise!", | 
					
						
							|  |  |  |                     location: url.location | 
					
						
							| 
									
										
										
										
											2024-06-27 13:58:00 +02:00
										 |  |  |         end | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-02-24 16:20:51 -08:00
										 |  |  |     sig { returns(T.any(NilClass, T::Boolean, Symbol)) } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_livecheck_version | 
					
						
							| 
									
										
										
										
											2023-03-29 20:49:29 +02:00
										 |  |  |       return unless online? | 
					
						
							| 
									
										
										
										
											2023-09-06 22:30:43 -07:00
										 |  |  |       return unless cask.version | 
					
						
							| 
									
										
										
										
											2021-06-14 12:05:32 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-11-02 12:09:56 -04:00
										 |  |  |       referenced_cask, = Homebrew::Livecheck.resolve_livecheck_reference(cask) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       # Respect skip conditions for a referenced cask | 
					
						
							|  |  |  |       if referenced_cask | 
					
						
							|  |  |  |         skip_info = Homebrew::Livecheck::SkipConditions.referenced_skip_information( | 
					
						
							|  |  |  |           referenced_cask, | 
					
						
							| 
									
										
										
										
											2024-08-23 03:15:57 +01:00
										 |  |  |           Homebrew::Livecheck.package_or_resource_name(cask), | 
					
						
							| 
									
										
										
										
											2021-11-02 12:09:56 -04:00
										 |  |  |         ) | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-12-04 13:43:33 -05:00
										 |  |  |       # Respect cask skip conditions (e.g. deprecated, disabled, latest, unversioned) | 
					
						
							| 
									
										
										
										
											2021-11-02 12:09:56 -04:00
										 |  |  |       skip_info ||= Homebrew::Livecheck::SkipConditions.skip_information(cask) | 
					
						
							| 
									
										
										
										
											2021-06-14 12:05:32 -04:00
										 |  |  |       return :skip if skip_info.present? | 
					
						
							| 
									
										
										
										
											2020-12-14 14:30:36 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-11-02 12:09:56 -04:00
										 |  |  |       latest_version = Homebrew::Livecheck.latest_version( | 
					
						
							|  |  |  |         cask, | 
					
						
							|  |  |  |         referenced_formula_or_cask: referenced_cask, | 
					
						
							| 
									
										
										
										
											2025-09-03 12:34:06 -04:00
										 |  |  |       )&.fetch(:latest, nil) | 
					
						
							| 
									
										
										
										
											2021-03-20 23:38:20 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-09-03 12:34:06 -04:00
										 |  |  |       return :auto_detected if latest_version && (cask.version.to_s == latest_version.to_s) | 
					
						
							| 
									
										
										
										
											2020-12-14 14:30:36 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |       add_error "Version '#{cask.version}' differs from '#{latest_version}' retrieved by livecheck." | 
					
						
							| 
									
										
										
										
											2021-03-31 07:17:37 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       false | 
					
						
							| 
									
										
										
										
											2020-12-14 14:30:36 +01:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_min_os | 
					
						
							|  |  |  |       return unless online? | 
					
						
							| 
									
										
										
										
											2023-10-26 15:45:06 -04:00
										 |  |  |       return unless strict? | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |       odebug "Auditing minimum macOS version" | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |       bundle_min_os = cask_bundle_min_os | 
					
						
							|  |  |  |       sparkle_min_os = cask_sparkle_min_os | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |       app_min_os = [bundle_min_os, sparkle_min_os].compact.max | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  |       debug_messages = [] | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |       debug_messages << "from artifact: #{bundle_min_os.to_sym}" if bundle_min_os | 
					
						
							|  |  |  |       debug_messages << "from upstream: #{sparkle_min_os.to_sym}" if sparkle_min_os | 
					
						
							|  |  |  |       odebug "Detected minimum macOS: #{app_min_os.to_sym} (#{debug_messages.join(" | ")})" if app_min_os | 
					
						
							|  |  |  |       return if app_min_os.nil? || app_min_os <= HOMEBREW_MACOS_OLDEST_ALLOWED | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       on_system_block_min_os = cask.on_system_block_min_os | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |       depends_on_min_os = cask.depends_on.macos&.minimum_version | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       cask_min_os = [on_system_block_min_os, depends_on_min_os].compact.max | 
					
						
							|  |  |  |       debug_messages = [] | 
					
						
							|  |  |  |       debug_messages << "from on_system block: #{on_system_block_min_os.to_sym}" if on_system_block_min_os | 
					
						
							|  |  |  |       if depends_on_min_os > HOMEBREW_MACOS_OLDEST_ALLOWED | 
					
						
							|  |  |  |         debug_messages << "from depends_on stanza: #{depends_on_min_os.to_sym}" | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  |       odebug "Declared minimum macOS: #{cask_min_os.to_sym} (#{debug_messages.join(" | ").presence || "default"})" | 
					
						
							|  |  |  |       return if cask_min_os.to_sym == app_min_os.to_sym | 
					
						
							|  |  |  |       # ignore declared minimum OS < 11.x when auditing as ARM a cask with arch-specific artifacts | 
					
						
							|  |  |  |       return if OnSystem.arch_condition_met?(:arm) && | 
					
						
							|  |  |  |                 cask.on_system_blocks_exist? && | 
					
						
							| 
									
										
										
										
											2024-07-15 21:34:27 +02:00
										 |  |  |                 cask_min_os.present? && | 
					
						
							| 
									
										
										
										
											2024-06-30 00:23:45 -04:00
										 |  |  |                 cask_min_os < MacOSVersion.new("11") | 
					
						
							| 
									
										
										
										
											2024-06-21 16:04:04 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |       min_os_definition = if cask_min_os > HOMEBREW_MACOS_OLDEST_ALLOWED | 
					
						
							|  |  |  |         definition = if T.must(on_system_block_min_os.to_s <=> depends_on_min_os.to_s).positive? | 
					
						
							|  |  |  |           "an on_system block" | 
					
						
							| 
									
										
										
										
											2024-06-21 16:04:04 -04:00
										 |  |  |         else | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |           "a depends_on stanza" | 
					
						
							| 
									
										
										
										
											2024-06-21 16:04:04 -04:00
										 |  |  |         end | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |         "#{definition} with a minimum macOS version of #{cask_min_os.to_sym.inspect}" | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  |       else | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |         "no minimum macOS version" | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |       source = T.must(bundle_min_os.to_s <=> sparkle_min_os.to_s).positive? ? "Artifact" : "Upstream" | 
					
						
							|  |  |  |       add_error "#{source} defined #{app_min_os.to_sym.inspect} as the minimum macOS version " \ | 
					
						
							| 
									
										
										
										
											2024-07-01 22:58:44 -04:00
										 |  |  |                 "but the cask declared #{min_os_definition}", | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  |                 strict_only: true | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  |     sig { returns(T.nilable(MacOSVersion)) } | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |     def cask_sparkle_min_os | 
					
						
							| 
									
										
										
										
											2022-10-31 09:00:43 +01:00
										 |  |  |       return unless online? | 
					
						
							| 
									
										
											  
											
												livecheck: clarify livecheckable language
Formulae, casks, and resources have a `#livecheckable?` method that
indicates whether they contain a `livecheck` block. This is intended
to be read as "has a livecheckable?", not "is livecheckable?" (as
livecheck can find versions for some packages/resources without a
`livecheck` block). Unfortunately, correct understanding of this
method's behavior [outside of documentation] relies on historical
knowledge that few people possess, so this is often confusing to
anyone who hasn't been working on livecheck since 2020.
In the olden days, a "livecheckable" was a Ruby file containing a
`livecheck` block (originally a hash) with a filename that
corresponded to a related formula. The `livecheck` blocks in
livecheckable files were integrated into their respective formulae in
August 2020, so [first-party] livecheckables ceased to exist at that
time. From that point forward, we simply referred to these as
`livecheck` blocks.
With that in mind, this clarifies the situation by replacing
"livecheckable" language. This includes renaming `#livecheckable?` to
`#livecheck_defined?`, replacing usage of "livecheckable" as a noun
with "`livecheck` block", replacing "livecheckable" as a boolean with
"livecheck_defined", and replacing incorrect usage of "livecheckable"
as an adjective with "checkable".
											
										 
											2024-11-27 18:20:56 -05:00
										 |  |  |       return unless cask.livecheck_defined? | 
					
						
							| 
									
										
										
										
											2023-04-18 15:06:50 -07:00
										 |  |  |       return if cask.livecheck.strategy != :sparkle | 
					
						
							| 
									
										
										
										
											2022-10-30 15:00:56 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-11-08 09:13:09 -05:00
										 |  |  |       # `Sparkle` strategy blocks that use the `items` argument (instead of | 
					
						
							|  |  |  |       # `item`) contain arbitrary logic that ignores/overrides the strategy's | 
					
						
							|  |  |  |       # sorting, so we can't identify which item would be first/newest here. | 
					
						
							|  |  |  |       return if cask.livecheck.strategy_block.present? && | 
					
						
							|  |  |  |                 cask.livecheck.strategy_block.parameters[0] == [:opt, :items] | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-11-08 09:29:10 -05:00
										 |  |  |       content = Homebrew::Livecheck::Strategy.page_content(cask.livecheck.url)[:content] | 
					
						
							|  |  |  |       return if content.blank? | 
					
						
							| 
									
										
										
										
											2022-10-30 15:00:56 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-11-01 20:47:51 +01:00
										 |  |  |       begin | 
					
						
							| 
									
										
										
										
											2023-11-08 09:29:10 -05:00
										 |  |  |         items = Homebrew::Livecheck::Strategy::Sparkle.sort_items( | 
					
						
							|  |  |  |           Homebrew::Livecheck::Strategy::Sparkle.filter_items( | 
					
						
							|  |  |  |             Homebrew::Livecheck::Strategy::Sparkle.items_from_content(content), | 
					
						
							|  |  |  |           ), | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |       rescue | 
					
						
							|  |  |  |         return | 
					
						
							| 
									
										
										
										
											2022-11-01 20:47:51 +01:00
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2023-11-08 09:29:10 -05:00
										 |  |  |       return if items.blank? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       min_os = items[0]&.minimum_system_version&.strip_patch | 
					
						
							|  |  |  |       # Big Sur is sometimes identified as 10.16, so we override it to the | 
					
						
							|  |  |  |       # expected macOS version (11). | 
					
						
							|  |  |  |       min_os = MacOSVersion.new("11") if min_os == "10.16" | 
					
						
							|  |  |  |       min_os | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2022-11-01 20:47:51 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  |     sig { returns(T.nilable(MacOSVersion)) } | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |     def cask_bundle_min_os | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  |       return unless online? | 
					
						
							| 
									
										
										
										
											2022-11-01 21:13:03 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |       min_os = T.let(nil, T.untyped) | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       @staged_path ||= T.let(cask.staged_path, T.nilable(Pathname)) | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-11-05 17:18:21 -05:00
										 |  |  |       extract_artifacts do |artifacts, tmpdir| | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  |         artifacts.each do |artifact| | 
					
						
							|  |  |  |           artifact_path = artifact.is_a?(Artifact::Pkg) ? artifact.path : artifact.source | 
					
						
							|  |  |  |           path = tmpdir/artifact_path.relative_path_from(cask.staged_path) | 
					
						
							|  |  |  |           plist_path = "#{path}/Contents/Info.plist" | 
					
						
							|  |  |  |           next unless File.exist?(plist_path) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           plist = system_command!("plutil", args: ["-convert", "xml1", "-o", "-", plist_path]).plist | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |           min_os = plist["LSMinimumSystemVersion"].presence | 
					
						
							|  |  |  |           break if min_os | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           next unless (main_binary = get_plist_main_binary(path)) | 
					
						
							|  |  |  |           next if !File.exist?(main_binary) || File.open(main_binary, "rb") { |f| f.read(2) == "#!" } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           macho = MachO.open(main_binary) | 
					
						
							|  |  |  |           min_os = case macho | 
					
						
							|  |  |  |           when MachO::MachOFile | 
					
						
							|  |  |  |             [ | 
					
						
							|  |  |  |               macho[:LC_VERSION_MIN_MACOSX].first&.version_string, | 
					
						
							|  |  |  |               macho[:LC_BUILD_VERSION].first&.minos_string, | 
					
						
							|  |  |  |             ] | 
					
						
							|  |  |  |           when MachO::FatFile | 
					
						
							|  |  |  |             macho.machos.map do |slice| | 
					
						
							|  |  |  |               [ | 
					
						
							|  |  |  |                 slice[:LC_VERSION_MIN_MACOSX].first&.version_string, | 
					
						
							|  |  |  |                 slice[:LC_BUILD_VERSION].first&.minos_string, | 
					
						
							|  |  |  |               ] | 
					
						
							|  |  |  |             end.flatten | 
					
						
							|  |  |  |           end.compact.min | 
					
						
							|  |  |  |           break if min_os | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  |         end | 
					
						
							|  |  |  |       end | 
					
						
							| 
									
										
										
										
											2023-10-26 15:45:06 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  |       begin | 
					
						
							| 
									
										
										
										
											2025-06-14 22:42:13 -04:00
										 |  |  |         MacOSVersion.new(min_os).strip_patch | 
					
						
							| 
									
										
										
										
											2023-09-18 12:38:10 -04:00
										 |  |  |       rescue MacOSVersion::Error | 
					
						
							|  |  |  |         nil | 
					
						
							| 
									
										
										
										
											2022-12-28 21:31:02 -08:00
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2022-10-30 15:00:56 +01:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-08-21 09:50:15 +02:00
										 |  |  |     sig { params(path: Pathname).returns(T.nilable(String)) } | 
					
						
							|  |  |  |     def get_plist_main_binary(path) | 
					
						
							|  |  |  |       return unless online? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       plist_path = "#{path}/Contents/Info.plist" | 
					
						
							|  |  |  |       return unless File.exist?(plist_path) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       plist = system_command!("plutil", args: ["-convert", "xml1", "-o", "-", plist_path]).plist | 
					
						
							| 
									
										
										
										
											2024-08-21 13:19:57 +02:00
										 |  |  |       binary = plist["CFBundleExecutable"].presence | 
					
						
							|  |  |  |       return unless binary | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       binary_path = "#{path}/Contents/MacOS/#{binary}" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       binary_path if File.exist?(binary_path) && File.executable?(binary_path) | 
					
						
							| 
									
										
										
										
											2024-08-21 09:50:15 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_github_prerelease_version | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |       odebug "Auditing GitHub prerelease" | 
					
						
							| 
									
										
										
										
											2021-03-31 06:15:06 +02:00
										 |  |  |       user, repo = get_repo_data(%r{https?://github\.com/([^/]+)/([^/]+)/?.*}) if online? | 
					
						
							| 
									
										
										
										
											2024-08-10 15:54:49 +01:00
										 |  |  |       return if user.nil? || repo.nil? | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       tag = SharedAudits.github_tag_from_url(url.to_s) | 
					
						
							| 
									
										
										
										
											2020-09-09 08:57:56 -07:00
										 |  |  |       tag ||= cask.version | 
					
						
							| 
									
										
										
										
											2024-03-07 16:20:20 +00:00
										 |  |  |       error = SharedAudits.github_release(user, repo, tag, cask:) | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       add_error error, location: url.location if error | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_gitlab_prerelease_version | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-31 06:15:06 +02:00
										 |  |  |       user, repo = get_repo_data(%r{https?://gitlab\.com/([^/]+)/([^/]+)/?.*}) if online? | 
					
						
							| 
									
										
										
										
											2024-08-10 15:54:49 +01:00
										 |  |  |       return if user.nil? || repo.nil? | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing GitLab prerelease" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       tag = SharedAudits.gitlab_tag_from_url(url.to_s) | 
					
						
							| 
									
										
										
										
											2020-09-09 08:57:56 -07:00
										 |  |  |       tag ||= cask.version | 
					
						
							| 
									
										
										
										
											2024-03-07 16:20:20 +00:00
										 |  |  |       error = SharedAudits.gitlab_release(user, repo, tag, cask:) | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       add_error error, location: url.location if error | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-17 14:23:12 +02:00
										 |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_forgejo_prerelease_version | 
					
						
							|  |  |  |       return if (url = cask.url).nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing Forgejo prerelease" | 
					
						
							|  |  |  |       user, repo = get_repo_data(%r{https?://codeberg\.org/([^/]+)/([^/]+)/?.*}) if online? | 
					
						
							|  |  |  |       return if user.nil? || repo.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       tag = SharedAudits.forgejo_tag_from_url(url.to_s) | 
					
						
							|  |  |  |       tag ||= cask.version | 
					
						
							|  |  |  |       error = SharedAudits.forgejo_release(user, repo, tag, cask:) | 
					
						
							|  |  |  |       add_error error, location: url.location if error | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_github_repository_archived | 
					
						
							| 
									
										
										
										
											2024-04-30 11:10:23 +02:00
										 |  |  |       # Deprecated/disabled casks may have an archived repository. | 
					
						
							| 
									
										
										
										
											2024-05-07 12:01:26 +01:00
										 |  |  |       return if cask.deprecated? || cask.disabled? | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2023-04-14 18:55:29 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-31 06:15:06 +02:00
										 |  |  |       user, repo = get_repo_data(%r{https?://github\.com/([^/]+)/([^/]+)/?.*}) if online? | 
					
						
							| 
									
										
										
										
											2024-08-10 15:54:49 +01:00
										 |  |  |       return if user.nil? || repo.nil? | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       metadata = SharedAudits.github_repo_data(user, repo) | 
					
						
							|  |  |  |       return if metadata.nil? | 
					
						
							| 
									
										
										
										
											2020-11-07 21:29:06 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       add_error "GitHub repo is archived", location: url.location if metadata["archived"] | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_gitlab_repository_archived | 
					
						
							| 
									
										
										
										
											2024-04-30 11:10:23 +02:00
										 |  |  |       # Deprecated/disabled casks may have an archived repository. | 
					
						
							| 
									
										
										
										
											2024-05-07 12:01:26 +01:00
										 |  |  |       return if cask.deprecated? || cask.disabled? | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2023-04-14 18:55:29 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-31 06:15:06 +02:00
										 |  |  |       user, repo = get_repo_data(%r{https?://gitlab\.com/([^/]+)/([^/]+)/?.*}) if online? | 
					
						
							| 
									
										
										
										
											2024-08-10 15:54:49 +01:00
										 |  |  |       return if user.nil? || repo.nil? | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing GitLab repo archived" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       metadata = SharedAudits.gitlab_repo_data(user, repo) | 
					
						
							|  |  |  |       return if metadata.nil? | 
					
						
							| 
									
										
										
										
											2020-11-07 21:29:06 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       add_error "GitLab repo is archived", location: url.location if metadata["archived"] | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-17 14:23:12 +02:00
										 |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_forgejo_repository_archived | 
					
						
							|  |  |  |       return if cask.deprecated? || cask.disabled? | 
					
						
							|  |  |  |       return if (url = cask.url).nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       user, repo = get_repo_data(%r{https?://codeberg\.org/([^/]+)/([^/]+)/?.*}) if online? | 
					
						
							|  |  |  |       return if user.nil? || repo.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       metadata = SharedAudits.forgejo_repo_data(user, repo) | 
					
						
							|  |  |  |       return if metadata.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       return unless metadata["archived"] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       add_error "Forgejo repository is archived since #{metadata["archived_at"]}", | 
					
						
							|  |  |  |                 location: url.location | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_github_repository | 
					
						
							| 
									
										
										
										
											2020-09-21 04:40:32 -05:00
										 |  |  |       return unless new_cask? | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |       user, repo = get_repo_data(%r{https?://github\.com/([^/]+)/([^/]+)/?.*}) | 
					
						
							| 
									
										
										
										
											2024-08-10 15:54:49 +01:00
										 |  |  |       return if user.nil? || repo.nil? | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing GitHub repo" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       error = SharedAudits.github(user, repo) | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       add_error error, location: url.location if error | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_gitlab_repository | 
					
						
							| 
									
										
										
										
											2020-09-02 19:13:46 +02:00
										 |  |  |       return unless new_cask? | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |       user, repo = get_repo_data(%r{https?://gitlab\.com/([^/]+)/([^/]+)/?.*}) | 
					
						
							| 
									
										
										
										
											2024-08-10 15:54:49 +01:00
										 |  |  |       return if user.nil? || repo.nil? | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing GitLab repo" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       error = SharedAudits.gitlab(user, repo) | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       add_error error, location: url.location if error | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_bitbucket_repository | 
					
						
							| 
									
										
										
										
											2020-09-21 04:40:32 -05:00
										 |  |  |       return unless new_cask? | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       return if (url = cask.url).nil? | 
					
						
							| 
									
										
										
										
											2020-08-13 16:17:47 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |       user, repo = get_repo_data(%r{https?://bitbucket\.org/([^/]+)/([^/]+)/?.*}) | 
					
						
							| 
									
										
										
										
											2024-08-10 15:54:49 +01:00
										 |  |  |       return if user.nil? || repo.nil? | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing Bitbucket repo" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       error = SharedAudits.bitbucket(user, repo) | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       add_error error, location: url.location if error | 
					
						
							| 
									
										
										
										
											2020-04-23 21:16:17 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-17 14:23:12 +02:00
										 |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_forgejo_repository | 
					
						
							|  |  |  |       return unless new_cask? | 
					
						
							|  |  |  |       return if (url = cask.url).nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       user, repo = get_repo_data(%r{https?://codeberg\.org/([^/]+)/([^/]+)/?.*}) | 
					
						
							|  |  |  |       return if user.nil? || repo.nil? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       odebug "Auditing Forgejo repo" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       error = SharedAudits.forgejo(user, repo) | 
					
						
							|  |  |  |       add_error error, location: url.location if error | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_denylist | 
					
						
							| 
									
										
										
										
											2021-01-26 01:16:00 -08:00
										 |  |  |       return unless cask.tap | 
					
						
							|  |  |  |       return unless cask.tap.official? | 
					
						
							| 
									
										
										
										
											2021-02-12 18:33:37 +05:30
										 |  |  |       return unless (reason = Denylist.reason(cask.token)) | 
					
						
							| 
									
										
										
										
											2019-09-08 09:09:37 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-06 21:10:16 +01:00
										 |  |  |       add_error "#{cask.token} is not allowed: #{reason}" | 
					
						
							| 
									
										
										
										
											2019-09-08 09:09:37 -04:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2023-02-05 15:22:06 +01:00
										 |  |  |     def audit_reverse_migration | 
					
						
							| 
									
										
										
										
											2021-01-26 01:16:00 -08:00
										 |  |  |       return unless new_cask? | 
					
						
							|  |  |  |       return unless cask.tap | 
					
						
							|  |  |  |       return unless cask.tap.official? | 
					
						
							|  |  |  |       return unless cask.tap.tap_migrations.key?(cask.token) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       add_error "#{cask.token} is listed in tap_migrations.json" | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     sig { void } | 
					
						
							| 
									
										
										
										
											2024-01-06 11:39:04 +01:00
										 |  |  |     def audit_homepage_https_availability | 
					
						
							|  |  |  |       return unless online? | 
					
						
							|  |  |  |       return unless (homepage = cask.homepage) | 
					
						
							| 
									
										
										
										
											2021-03-10 13:30:13 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-12-16 21:48:38 +03:00
										 |  |  |       user_agents = if cask.tap&.audit_exception(:simple_user_agent_for_homepage, cask.token) | 
					
						
							|  |  |  |         ["curl"] | 
					
						
							|  |  |  |       else | 
					
						
							|  |  |  |         [:browser, :default] | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-01-06 11:39:04 +01:00
										 |  |  |       validate_url_for_https_availability( | 
					
						
							|  |  |  |         homepage, SharedAudits::URL_TYPE_HOMEPAGE, | 
					
						
							| 
									
										
										
										
											2024-03-07 16:20:20 +00:00
										 |  |  |         user_agents:, | 
					
						
							| 
									
										
										
										
											2024-01-06 11:39:04 +01:00
										 |  |  |         check_content: true, | 
					
						
							|  |  |  |         strict:        strict? | 
					
						
							|  |  |  |       ) | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_url_https_availability | 
					
						
							|  |  |  |       return unless online? | 
					
						
							|  |  |  |       return unless (url = cask.url) | 
					
						
							|  |  |  |       return if url.using | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       validate_url_for_https_availability( | 
					
						
							|  |  |  |         url, "binary URL", | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |         location:    url.location, | 
					
						
							|  |  |  |         user_agents: [url.user_agent], | 
					
						
							|  |  |  |         referer:     url.referer | 
					
						
							| 
									
										
										
										
											2024-01-06 11:39:04 +01:00
										 |  |  |       ) | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_livecheck_https_availability | 
					
						
							|  |  |  |       return unless online? | 
					
						
							| 
									
										
											  
											
												livecheck: clarify livecheckable language
Formulae, casks, and resources have a `#livecheckable?` method that
indicates whether they contain a `livecheck` block. This is intended
to be read as "has a livecheckable?", not "is livecheckable?" (as
livecheck can find versions for some packages/resources without a
`livecheck` block). Unfortunately, correct understanding of this
method's behavior [outside of documentation] relies on historical
knowledge that few people possess, so this is often confusing to
anyone who hasn't been working on livecheck since 2020.
In the olden days, a "livecheckable" was a Ruby file containing a
`livecheck` block (originally a hash) with a filename that
corresponded to a related formula. The `livecheck` blocks in
livecheckable files were integrated into their respective formulae in
August 2020, so [first-party] livecheckables ceased to exist at that
time. From that point forward, we simply referred to these as
`livecheck` blocks.
With that in mind, this clarifies the situation by replacing
"livecheckable" language. This includes renaming `#livecheckable?` to
`#livecheck_defined?`, replacing usage of "livecheckable" as a noun
with "`livecheck` block", replacing "livecheckable" as a boolean with
"livecheck_defined", and replacing incorrect usage of "livecheckable"
as an adjective with "checkable".
											
										 
											2024-11-27 18:20:56 -05:00
										 |  |  |       return unless cask.livecheck_defined? | 
					
						
							| 
									
										
										
										
											2024-01-07 15:45:24 -08:00
										 |  |  |       return unless (url = cask.livecheck.url) | 
					
						
							|  |  |  |       return if url.is_a?(Symbol) | 
					
						
							| 
									
										
										
										
											2024-01-06 11:39:04 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-03-06 11:33:43 -05:00
										 |  |  |       options = cask.livecheck.options | 
					
						
							|  |  |  |       return if options.post_form || options.post_json | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-01-06 11:39:04 +01:00
										 |  |  |       validate_url_for_https_availability( | 
					
						
							| 
									
										
										
										
											2024-01-07 15:45:24 -08:00
										 |  |  |         url, "livecheck URL", | 
					
						
							| 
									
										
										
										
											2024-06-08 10:33:48 -04:00
										 |  |  |         check_content: true, | 
					
						
							|  |  |  |         user_agents:   [:default, :browser] | 
					
						
							| 
									
										
										
										
											2024-01-06 11:39:04 +01:00
										 |  |  |       ) | 
					
						
							| 
									
										
										
										
											2018-10-10 21:36:02 +00:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-08-09 14:52:30 -04:00
										 |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_cask_path | 
					
						
							| 
									
										
										
										
											2023-12-13 13:17:12 +00:00
										 |  |  |       return unless cask.tap.core_cask_tap? | 
					
						
							| 
									
										
										
										
											2023-08-09 14:52:30 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-05-16 11:29:58 +10:00
										 |  |  |       expected_path = cask.tap.new_cask_path(cask.token) | 
					
						
							| 
									
										
										
										
											2023-08-09 14:52:30 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-08-09 15:27:36 -04:00
										 |  |  |       return if cask.sourcefile_path.to_s.end_with?(expected_path) | 
					
						
							| 
									
										
										
										
											2023-08-09 14:52:30 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |       add_error "Cask should be located in '#{expected_path}'" | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-09-30 22:22:41 +10:00
										 |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_deprecate_disable | 
					
						
							|  |  |  |       error = SharedAudits.check_deprecate_disable_reason(cask) | 
					
						
							|  |  |  |       add_error error if error | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-16 23:46:05 +02:00
										 |  |  |     sig { void } | 
					
						
							|  |  |  |     def audit_no_autobump | 
					
						
							|  |  |  |       return if cask.autobump? | 
					
						
							|  |  |  |       return unless new_cask? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       error = SharedAudits.no_autobump_new_package_message(cask.no_autobump_message) | 
					
						
							|  |  |  |       add_error error if error | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-01-06 11:39:04 +01:00
										 |  |  |     sig { | 
					
						
							|  |  |  |       params( | 
					
						
							|  |  |  |         url_to_check: T.any(String, URL), | 
					
						
							|  |  |  |         url_type:     String, | 
					
						
							|  |  |  |         location:     T.nilable(Homebrew::SourceLocation), | 
					
						
							|  |  |  |         options:      T.untyped, | 
					
						
							|  |  |  |       ).void | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     def validate_url_for_https_availability(url_to_check, url_type, location: nil, **options) | 
					
						
							| 
									
										
										
										
											2023-09-06 00:12:57 +08:00
										 |  |  |       problem = curl_check_http_content(url_to_check.to_s, url_type, **options) | 
					
						
							| 
									
										
										
										
											2024-01-06 11:39:04 +01:00
										 |  |  |       exception = cask.tap&.audit_exception(:secure_connection_audit_skiplist, cask.token, url_to_check.to_s) | 
					
						
							| 
									
										
										
										
											2021-10-04 19:22:30 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |       if problem | 
					
						
							| 
									
										
										
										
											2023-05-19 19:43:15 +02:00
										 |  |  |         add_error problem, location: location unless exception | 
					
						
							| 
									
										
										
										
											2021-10-04 19:22:30 -04:00
										 |  |  |       elsif exception | 
					
						
							| 
									
										
										
										
											2023-05-19 19:43:15 +02:00
										 |  |  |         add_error "#{url_to_check} is in the secure connection audit skiplist but does not need to be skipped", | 
					
						
							| 
									
										
										
										
											2024-03-07 16:20:20 +00:00
										 |  |  |                   location: | 
					
						
							| 
									
										
										
										
											2021-10-04 19:22:30 -04:00
										 |  |  |       end | 
					
						
							|  |  |  |     end | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     sig { params(regex: T.any(String, Regexp)).returns(T.nilable(T::Array[String])) } | 
					
						
							|  |  |  |     def get_repo_data(regex) | 
					
						
							|  |  |  |       return unless online? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       _, user, repo = *regex.match(cask.url.to_s) | 
					
						
							|  |  |  |       _, user, repo = *regex.match(cask.homepage) unless user | 
					
						
							|  |  |  |       return if !user || !repo | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       repo.gsub!(/.git$/, "") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       [user, repo] | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { | 
					
						
							|  |  |  |       params(regex: T.any(String, Regexp), valid_formats_array: T::Array[T.any(String, Regexp)]).returns(T::Boolean) | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     def bad_url_format?(regex, valid_formats_array) | 
					
						
							|  |  |  |       return false unless cask.url.to_s.match?(regex) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-12-27 15:29:33 -08:00
										 |  |  |       valid_formats_array.none? { |format| cask.url.to_s.match?(format) } | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def bad_sourceforge_url? | 
					
						
							| 
									
										
										
										
											2024-05-06 22:56:28 -04:00
										 |  |  |       bad_url_format?(%r{((downloads|\.dl)\.|//)sourceforge}, | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |                       [ | 
					
						
							|  |  |  |                         %r{\Ahttps://sourceforge\.net/projects/[^/]+/files/latest/download\Z}, | 
					
						
							|  |  |  |                         %r{\Ahttps://downloads\.sourceforge\.net/(?!(project|sourceforge)/)}, | 
					
						
							|  |  |  |                       ]) | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def bad_osdn_url? | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       T.must(domain).match?(%r{^(?:\w+\.)*osdn\.jp(?=/|$)}) | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |     sig { returns(T.nilable(String)) } | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     def homepage | 
					
						
							|  |  |  |       URI(cask.homepage.to_s).host | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |     sig { returns(T.nilable(String)) } | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     def domain | 
					
						
							|  |  |  |       URI(cask.url.to_s).host | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def url_match_homepage? | 
					
						
							|  |  |  |       host = cask.url.to_s | 
					
						
							|  |  |  |       host_uri = URI(host) | 
					
						
							|  |  |  |       host = if host.match?(/:\d/) && host_uri.port != 80
 | 
					
						
							|  |  |  |         "#{host_uri.host}:#{host_uri.port}" | 
					
						
							|  |  |  |       else | 
					
						
							|  |  |  |         host_uri.host | 
					
						
							|  |  |  |       end | 
					
						
							| 
									
										
										
										
											2022-09-17 16:40:00 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       home = homepage | 
					
						
							|  |  |  |       return false if home.blank? | 
					
						
							| 
									
										
										
										
											2022-09-17 16:40:00 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       home.downcase! | 
					
						
							| 
									
										
										
										
											2023-02-24 16:20:51 -08:00
										 |  |  |       if (split_host = T.must(host).split(".")).length >= 3
 | 
					
						
							|  |  |  |         host = T.must(split_host[-2..]).join(".") | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       if (split_home = home.split(".")).length >= 3
 | 
					
						
							|  |  |  |         home = T.must(split_home[-2..]).join(".") | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |       end | 
					
						
							|  |  |  |       host == home | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |     sig { params(url: String).returns(String) } | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     def strip_url_scheme(url) | 
					
						
							|  |  |  |       url.sub(%r{^[^:/]+://(www\.)?}, "") | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-23 15:02:23 -04:00
										 |  |  |     sig { returns(T.nilable(String)) } | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     def url_from_verified | 
					
						
							| 
									
										
										
										
											2025-08-23 15:02:23 -04:00
										 |  |  |       return unless (verified_url = T.must(cask.url).verified) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       strip_url_scheme(verified_url) | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def verified_matches_url? | 
					
						
							|  |  |  |       url_domain, url_path = strip_url_scheme(cask.url.to_s).split("/", 2) | 
					
						
							| 
									
										
										
										
											2025-08-23 15:02:23 -04:00
										 |  |  |       verified_domain, verified_path = url_from_verified&.split("/", 2) | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       domains_match = (url_domain == verified_domain) || | 
					
						
							|  |  |  |                       (verified_domain && url_domain&.end_with?(".#{verified_domain}")) | 
					
						
							|  |  |  |       paths_match = !verified_path || url_path&.start_with?(verified_path) | 
					
						
							|  |  |  |       (domains_match && paths_match) || false | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def verified_present? | 
					
						
							| 
									
										
										
										
											2024-08-23 16:39:23 +01:00
										 |  |  |       cask.url&.verified.present? | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(T::Boolean) } | 
					
						
							|  |  |  |     def file_url? | 
					
						
							|  |  |  |       URI(cask.url.to_s).scheme == "file" | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(Tap) } | 
					
						
							|  |  |  |     def core_tap | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |       @core_tap ||= T.let(CoreTap.instance, T.nilable(Tap)) | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-07-28 20:36:43 -07:00
										 |  |  |     sig { returns(T::Array[String]) } | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     def core_formula_names | 
					
						
							|  |  |  |       core_tap.formula_names | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     sig { returns(String) } | 
					
						
							|  |  |  |     def core_formula_url | 
					
						
							| 
									
										
										
										
											2023-08-04 16:21:31 +01:00
										 |  |  |       formula_path = Formulary.core_path(cask.token) | 
					
						
							|  |  |  |                               .to_s | 
					
						
							|  |  |  |                               .delete_prefix(core_tap.path.to_s) | 
					
						
							| 
									
										
										
										
											2023-12-26 08:19:49 +02:00
										 |  |  |       "#{core_tap.default_remote}/blob/HEAD#{formula_path}" | 
					
						
							| 
									
										
										
										
											2022-09-13 10:54:05 +02:00
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2016-08-18 22:11:42 +03:00
										 |  |  |   end | 
					
						
							|  |  |  | end |