brew/Library/Homebrew/cask/cmd/audit.rb

# typed: false
# frozen_string_literal: true

require "utils/github/actions"

module Cask
  class Cmd
    # Cask implementation of the `brew audit` command.
    #
    # @api private
    class Audit < AbstractCommand
      extend T::Sig

      def self.parser
        super do
          switch "--[no-]download",
                 description: "Audit the downloaded file"
          switch "--[no-]appcast",
                 description: "Audit the appcast"
          switch "--[no-]token-conflicts",
                 description: "Audit for token conflicts"
          switch "--[no-]signing",
                 description: "Audit for signed apps, which is required on ARM"
          switch "--[no-]strict",
                 description: "Run additional, stricter style checks"
          switch "--[no-]online",
                 description: "Run additional, slower style checks that require a network connection"
          switch "--new-cask",
                 description: "Run various additional style checks to determine if a new cask is eligible " \
                              "for Homebrew. This should be used when creating new casks and implies " \
                              "`--strict` and `--online`"
          switch "--display-failures-only",
                 description: "Only display casks that fail the audit. This is the default for formulae."
        end
      end

      sig { void }
      def run
        casks = args.named.flat_map do |name|
          next name if File.exist?(name)
          next Tap.fetch(name).cask_files if name.count("/") == 1

          name
        end
        casks = casks.map { |c| CaskLoader.load(c, config: Config.from_args(args)) }
        any_named_args = casks.any?
        casks = Cask.to_a if casks.empty?

        results = self.class.audit_casks(
          *casks,
          download:              args.download?,
          appcast:               args.appcast?,
          online:                args.online?,
          strict:                args.strict?,
          signing:               args.signing?,
          new_cask:              args.new_cask?,
          token_conflicts:       args.token_conflicts?,
          quarantine:            args.quarantine?,
          any_named_args:        any_named_args,
          language:              args.language,
          display_passes:        args.verbose? || args.named.count == 1,
          display_failures_only: args.display_failures_only?,
        )

        failed_casks = results.reject { |_, result| result[:errors].empty? }.map(&:first)
        return if failed_casks.empty?

        raise CaskError, "audit failed for casks: #{failed_casks.join(" ")}"
      end

      def self.audit_casks(
        *casks,
        download: nil,
        appcast: nil,
        online: nil,
        strict: nil,
        signing: nil,
        new_cask: nil,
        token_conflicts: nil,
        quarantine: nil,
        any_named_args: nil,
        language: nil,
        display_passes: nil,
        display_failures_only: nil
      )
        options = {
          audit_download:        download,
          audit_appcast:         appcast,
          audit_online:          online,
          audit_strict:          strict,
          audit_signing:         signing,
          audit_new_cask:        new_cask,
          audit_token_conflicts: token_conflicts,
          quarantine:            quarantine,
          language:              language,
          any_named_args:        any_named_args,
          display_passes:        display_passes,
          display_failures_only: display_failures_only,
        }.compact

        options[:quarantine] = true if options[:quarantine].nil?

        Homebrew.auditing = true

        require "cask/auditor"

        casks.to_h do |cask|
          odebug "Auditing Cask #{cask}"
          [cask.sourcefile_path, Auditor.audit(cask, **options)]
        end
      end
    end
  end
end
Move type annotations into files. 2020-10-10 14:16:11 +02:00			`# typed: false`
Add frozen_string_literal to all files. 2019-04-19 15:38:03 +09:00			`# frozen_string_literal: true`

Output annotations for `brew cask audit`. 2020-09-09 20:41:29 +02:00			`require "utils/github/actions"`

Rename `Hbc` module to `Cask`. 2018-09-06 08:29:14 +02:00			`module Cask`
Rename Cask::CLI to Cask::Cmd. 2018-09-04 08:45:48 +01:00			`class Cmd`
Homebrew 3.0.0 deprecations/disables 2021-01-25 09:18:10 +00:00			# Cask implementation of the `brew audit` command.
Document `Cask::Cmd`. 2020-08-19 10:34:07 +02:00			`#`
			`# @api private`
Rename `Base` and `InternalUseBase`. 2017-05-20 19:08:03 +02:00			`class Audit < AbstractCommand`
Add more type signatures. 2020-10-20 12:03:48 +02:00			`extend T::Sig`

Use `CLI::Parser` for `cask` commands. 2020-08-01 02:30:46 +02:00			`def self.parser`
			`super do`
Stricter handling of CLI args 2021-03-18 14:46:48 +00:00			`switch "--[no-]download",`
Use `CLI::Parser` for `cask` commands. 2020-08-01 02:30:46 +02:00			`description: "Audit the downloaded file"`
Support `--no-appcast` for `brew cask audit`. 2020-09-04 04:15:18 +02:00			`switch "--[no-]appcast",`
Use `CLI::Parser` for `cask` commands. 2020-08-01 02:30:46 +02:00			`description: "Audit the appcast"`
Stricter handling of CLI args 2021-03-18 14:46:48 +00:00			`switch "--[no-]token-conflicts",`
Use `CLI::Parser` for `cask` commands. 2020-08-01 02:30:46 +02:00			`description: "Audit for token conflicts"`
cask: add audit for incorrect signing 2022-08-01 14:30:04 +02:00			`switch "--[no-]signing",`
			`description: "Audit for signed apps, which is required on ARM"`
Stricter handling of CLI args 2021-03-18 14:46:48 +00:00			`switch "--[no-]strict",`
Use `CLI::Parser` for `cask` commands. 2020-08-01 02:30:46 +02:00			`description: "Run additional, stricter style checks"`
Stricter handling of CLI args 2021-03-18 14:46:48 +00:00			`switch "--[no-]online",`
Use `CLI::Parser` for `cask` commands. 2020-08-01 02:30:46 +02:00			`description: "Run additional, slower style checks that require a network connection"`
			`switch "--new-cask",`
Cask audit help: breakup desc string 2020-08-18 16:14:30 +01:00			`description: "Run various additional style checks to determine if a new cask is eligible " \`
			`"for Homebrew. This should be used when creating new casks and implies " \`
			"`--strict` and `--online`"
audit: limit non-failure cask output 2021-03-21 13:59:43 -04:00			`switch "--display-failures-only",`
			`description: "Only display casks that fail the audit. This is the default for formulae."`
Use `CLI::Parser` for `cask` commands. 2020-08-01 02:30:46 +02:00			`end`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`end`

Add more type signatures. 2020-10-20 12:03:48 +02:00			`sig { void }`
Cask: Use nested classes and modules. 2016-09-24 13:52:43 +02:00			`def run`
Allow passing tap to `brew cask audit`. 2020-09-24 23:27:44 +02:00			`casks = args.named.flat_map do \|name\|`
Fix RuboCop offenses. 2020-11-13 17:21:51 +01:00			`next name if File.exist?(name)`
			`next Tap.fetch(name).cask_files if name.count("/") == 1`

			`name`
Refactor global `Cask::Config`. 2020-09-29 23:46:30 +02:00			`end`
			`casks = casks.map { \|c\| CaskLoader.load(c, config: Config.from_args(args)) }`
audit: quieten down and make casks audit consistent with formulae. The current casks audit is very noisy in the no-op case (i.e. no errors) https://github.com/Homebrew/brew/pull/10234/checks?check_run_id=1655630568#step:15:7 This means when there are errors and you're querying all casks it's pretty hard to quickly identify the problems. This commit silences the `passing`, `warning` and header/summary output when you're querying all casks (rather than a specific cask or tap). This is more consistent with `brew audit` for formulae which is silent unless there are audit failures. 2021-01-07 13:31:14 +00:00			`any_named_args = casks.any?`
Allow passing tap to `brew cask audit`. 2020-09-24 23:27:44 +02:00			`casks = Cask.to_a if casks.empty?`

Support casks in `brew audit`. 2020-11-18 12:41:18 +01:00			`results = self.class.audit_casks(`
Add `Cask::Cmd::Audit.audit_casks` method. 2020-11-18 09:57:45 +01:00			`*casks,`
audit: limit non-failure cask output 2021-03-21 13:59:43 -04:00			`download: args.download?,`
			`appcast: args.appcast?,`
			`online: args.online?,`
			`strict: args.strict?,`
cask: add audit for incorrect signing 2022-08-01 14:30:04 +02:00			`signing: args.signing?,`
audit: limit non-failure cask output 2021-03-21 13:59:43 -04:00			`new_cask: args.new_cask?,`
			`token_conflicts: args.token_conflicts?,`
			`quarantine: args.quarantine?,`
			`any_named_args: any_named_args,`
			`language: args.language,`
			`display_passes: args.verbose? \|\| args.named.count == 1,`
			`display_failures_only: args.display_failures_only?,`
Add `Cask::Cmd::Audit.audit_casks` method. 2020-11-18 09:57:45 +01:00			`)`
Support casks in `brew audit`. 2020-11-18 12:41:18 +01:00
			`failed_casks = results.reject { \|_, result\| result[:errors].empty? }.map(&:first)`
			`return if failed_casks.empty?`

			`raise CaskError, "audit failed for casks: #{failed_casks.join(" ")}"`
Add `Cask::Cmd::Audit.audit_casks` method. 2020-11-18 09:57:45 +01:00			`end`

			`def self.audit_casks(`
			`*casks,`
			`download: nil,`
			`appcast: nil,`
			`online: nil,`
			`strict: nil,`
cask: add audit for incorrect signing 2022-08-01 14:30:04 +02:00			`signing: nil,`
Add `Cask::Cmd::Audit.audit_casks` method. 2020-11-18 09:57:45 +01:00			`new_cask: nil,`
			`token_conflicts: nil,`
			`quarantine: nil,`
audit: quieten down and make casks audit consistent with formulae. The current casks audit is very noisy in the no-op case (i.e. no errors) https://github.com/Homebrew/brew/pull/10234/checks?check_run_id=1655630568#step:15:7 This means when there are errors and you're querying all casks it's pretty hard to quickly identify the problems. This commit silences the `passing`, `warning` and header/summary output when you're querying all casks (rather than a specific cask or tap). This is more consistent with `brew audit` for formulae which is silent unless there are audit failures. 2021-01-07 13:31:14 +00:00			`any_named_args: nil,`
audit: limit non-failure cask output 2021-03-21 13:59:43 -04:00			`language: nil,`
			`display_passes: nil,`
			`display_failures_only: nil`
Add `Cask::Cmd::Audit.audit_casks` method. 2020-11-18 09:57:45 +01:00			`)`
			`options = {`
			`audit_download: download,`
			`audit_appcast: appcast,`
			`audit_online: online,`
			`audit_strict: strict,`
cask: add audit for incorrect signing 2022-08-01 14:30:04 +02:00			`audit_signing: signing,`
Add `Cask::Cmd::Audit.audit_casks` method. 2020-11-18 09:57:45 +01:00			`audit_new_cask: new_cask,`
			`audit_token_conflicts: token_conflicts,`
			`quarantine: quarantine,`
			`language: language,`
audit: quieten down and make casks audit consistent with formulae. The current casks audit is very noisy in the no-op case (i.e. no errors) https://github.com/Homebrew/brew/pull/10234/checks?check_run_id=1655630568#step:15:7 This means when there are errors and you're querying all casks it's pretty hard to quickly identify the problems. This commit silences the `passing`, `warning` and header/summary output when you're querying all casks (rather than a specific cask or tap). This is more consistent with `brew audit` for formulae which is silent unless there are audit failures. 2021-01-07 13:31:14 +00:00			`any_named_args: any_named_args,`
audit: limit non-failure cask output 2021-03-21 13:59:43 -04:00			`display_passes: display_passes,`
			`display_failures_only: display_failures_only,`
Add `Cask::Cmd::Audit.audit_casks` method. 2020-11-18 09:57:45 +01:00			`}.compact`

			`options[:quarantine] = true if options[:quarantine].nil?`

			`Homebrew.auditing = true`

			`require "cask/auditor"`

Fix style 2021-12-23 14:49:05 -05:00			`casks.to_h do \|cask\|`
Add notibility checks for casks 2020-04-23 21:16:17 +02:00			`odebug "Auditing Cask #{cask}"`
Fix audit annotations for casks. 2021-04-03 03:49:41 +02:00			`[cask.sourcefile_path, Auditor.audit(cask, **options)]`
Fix style 2021-12-23 14:49:05 -05:00			`end`
Support casks in `brew audit`. 2020-11-18 12:41:18 +01:00			`end`
init 2016-08-18 22:11:42 +03:00			`end`
			`end`
			`end`