Merge pull request #9493 from reitermarkus/url-unversioned

Add audit for unversioned URLs with checksum.

Library/Homebrew/cask/audit.rb

@@ -248,6 +248,7 @@ module Cask
       return unless cask.sha256
 
       check_sha256_no_check_if_latest
+      check_sha256_no_check_if_unversioned
       check_sha256_actually_256
       check_sha256_invalid
     end
@@ -260,6 +261,12 @@ module Cask
       add_error "you should use sha256 :no_check when version is :latest"
     end
 
+    def check_sha256_no_check_if_unversioned
+      return if cask.sha256 == :no_check
+
+      add_error "Use `sha256 :no_check` when URL is unversioned." if cask.url&.unversioned?
+    end
+
     def check_sha256_actually_256
       odebug "Verifying sha256 string is a legal SHA-256 digest"
       return unless cask.sha256.is_a?(Checksum)

Library/Homebrew/test/cask/audit_spec.rb

@@ -232,14 +232,14 @@ describe Cask::Audit, :cask do
       let(:online) { false }
       let(:cask) do
         tmp_cask cask_token.to_s, <<~RUBY
-          cask '#{cask_token}' do
-            version '1.0'
-            sha256 '8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a'
-            url "https://brew.sh/"
-            name 'Audit'
-            desc 'Cask for testing tokens'
-            homepage 'https://brew.sh/'
-            app 'Audit.app'
+          cask "#{cask_token}" do
+            version "1.0"
+            sha256 "8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a"
+            url "https://brew.sh/v\#{version}.zip"
+            name "Audit"
+            desc "Cask for testing tokens"
+            homepage "https://brew.sh/"
+            app "Audit.app"
           end
         RUBY
       end
@@ -877,14 +877,14 @@ describe Cask::Audit, :cask do
       let(:cask_token) { "with-description" }
       let(:cask) do
         tmp_cask cask_token.to_s, <<~RUBY
-          cask '#{cask_token}' do
-            version '1.0'
-            sha256 '8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a'
-            url "https://brew.sh/"
-            name 'Audit'
-            desc 'Cask Auditor'
-            homepage 'https://brew.sh/'
-            app 'Audit.app'
+          cask "#{cask_token}" do
+            version "1.0"
+            sha256 "8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a"
+            url "https://brew.sh/\#{version}.zip"
+            name "Audit"
+            desc "Cask Auditor"
+            homepage "https://brew.sh/"
+            app "Audit.app"
           end
         RUBY
       end

Library/Homebrew/test/cask/cmd/cat_spec.rb

@@ -10,12 +10,12 @@ describe Cask::Cmd::Cat, :cask do
 
   describe "given a basic Cask" do
     let(:basic_cask_content) {
-      <<~RUBY
+      <<~'RUBY'
         cask "basic-cask" do
           version "1.2.3"
           sha256 "8c62a2b791cf5f0da6066a0a4b6e85f62949cd60975da062df44adf887f4370b"
 
-          url "https://brew.sh/TestCask.dmg"
+          url "https://brew.sh/TestCask-#{version}.dmg"
           name "Basic Cask"
           desc "Cask for testing basic functionality"
           homepage "https://brew.sh/"

Library/Homebrew/test/cask/dsl_spec.rb

@@ -7,7 +7,7 @@ describe Cask::DSL, :cask do
 
   context "stanzas" do
     it "lets you set url, homepage, and version" do
-      expect(cask.url.to_s).to eq("https://brew.sh/TestCask.dmg")
+      expect(cask.url.to_s).to eq("https://brew.sh/TestCask-1.2.3.dmg")
       expect(cask.homepage).to eq("https://brew.sh/")
       expect(cask.version.to_s).to eq("1.2.3")
     end
@@ -66,7 +66,7 @@ describe Cask::DSL, :cask do
 
       it "does not require a DSL version in the header" do
         expect(cask.token).to eq("no-dsl-version")
-        expect(cask.url.to_s).to eq("https://brew.sh/TestCask.dmg")
+        expect(cask.url.to_s).to eq("https://brew.sh/TestCask-1.2.3.dmg")
         expect(cask.homepage).to eq("https://brew.sh/")
         expect(cask.version.to_s).to eq("1.2.3")
       end

Library/Homebrew/test/support/fixtures/cask/Casks/adobe-air.rb

@@ -2,7 +2,7 @@ cask "adobe-air" do
   version "1.2.3"
   sha256 "8c62a2b791cf5f0da6066a0a4b6e85f62949cd60975da062df44adf887f4370b"
 
-  url "https://brew.sh/TestCask.dmg"
+  url "https://brew.sh/TestCask-#{version}.dmg"
   name "Adobe AIR"
   desc "Cross-platform application runtime"
   homepage "https://brew.sh/"

Library/Homebrew/test/support/fixtures/cask/Casks/adobe-illustrator.rb

@@ -2,7 +2,7 @@ cask "adobe-illustrator" do
   version "1.2.3"
   sha256 "8c62a2b791cf5f0da6066a0a4b6e85f62949cd60975da062df44adf887f4370b"
 
-  url "https://brew.sh/TestCask.dmg"
+  url "https://brew.sh/TestCask-#{version}.dmg"
   name "Adobe Illustrator"
   homepage "https://brew.sh/"
 

Library/Homebrew/test/support/fixtures/cask/Casks/basic-cask.rb

@@ -2,7 +2,7 @@ cask "basic-cask" do
   version "1.2.3"
   sha256 "8c62a2b791cf5f0da6066a0a4b6e85f62949cd60975da062df44adf887f4370b"
 
-  url "https://brew.sh/TestCask.dmg"
+  url "https://brew.sh/TestCask-#{version}.dmg"
   name "Basic Cask"
   desc "Cask for testing basic functionality"
   homepage "https://brew.sh/"

Library/Homebrew/test/support/fixtures/cask/Casks/no-dsl-version.rb

@@ -2,7 +2,7 @@ cask "no-dsl-version" do
   version "1.2.3"
   sha256 "8c62a2b791cf5f0da6066a0a4b6e85f62949cd60975da062df44adf887f4370b"
 
-  url "https://brew.sh/TestCask.dmg"
+  url "https://brew.sh/TestCask-#{version}.dmg"
   homepage "https://brew.sh/"
 
   app "TestCask.app"

Library/Homebrew/test/support/fixtures/third-party/Casks/pharo.rb

@@ -2,7 +2,7 @@ cask "pharo" do
   version "1.2.3"
   sha256 "8c62a2b791cf5f0da6066a0a4b6e85f62949cd60975da062df44adf887f4370b"
 
-  url "https://brew.sh/ThirdParty.dmg"
+  url "https://brew.sh/ThirdParty-#{version}.dmg"
   name "Pharo"
   desc "Cask from a third-party tap"
   homepage "https://brew.sh/"