From 3acebc5b62044460c028fe09ad6a19c1c7b5e3c8 Mon Sep 17 00:00:00 2001 From: "L. E. Segovia" <13498015+amyspark@users.noreply.github.com> Date: Wed, 10 Oct 2018 21:36:02 +0000 Subject: [PATCH 1/8] Cask: recover Git-Jiro's old audit work --- Library/Homebrew/cask/audit.rb | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/Library/Homebrew/cask/audit.rb b/Library/Homebrew/cask/audit.rb index d9de5e8580..bf43109cc5 100644 --- a/Library/Homebrew/cask/audit.rb +++ b/Library/Homebrew/cask/audit.rb @@ -1,6 +1,7 @@ require "cask/checkable" require "cask/download" require "digest" +require "utils/curl" require "utils/git" module Cask @@ -30,6 +31,7 @@ module Cask check_generic_artifacts check_token_conflicts check_download + check_https_availability check_single_pre_postflight check_single_uninstall_zap check_untrusted_pkg @@ -317,5 +319,16 @@ module Cask rescue => e add_error "download not possible: #{e.message}" end + + def check_https_availability + check_url_for_https_availability(cask.url, user_agents: [cask.url.user_agent]) unless cask.url.to_s.empty? + check_url_for_https_availability(cask.appcast) unless cask.appcast.to_s.empty? + check_url_for_https_availability(cask.homepage) unless cask.homepage.to_s.empty? + end + + def check_url_for_https_availability(url_to_check, user_agents: [:default]) + problem = curl_check_http_content(url_to_check.to_s, user_agents: user_agents) + add_error problem unless problem.nil? + end end end From 4fe0a634825be718782fda20eec101b49ef8f4bd Mon Sep 17 00:00:00 2001 From: "L. E. Segovia" <13498015+amyspark@users.noreply.github.com> Date: Wed, 10 Oct 2018 21:36:06 +0000 Subject: [PATCH 2/8] Cask: address HTTPS->HTTP redirections --- Library/Homebrew/utils/curl.rb | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/Library/Homebrew/utils/curl.rb b/Library/Homebrew/utils/curl.rb index 6917cc1923..2ebd11a7e2 100644 --- a/Library/Homebrew/utils/curl.rb +++ b/Library/Homebrew/utils/curl.rb @@ -111,7 +111,7 @@ def curl_check_http_content(url, user_agents: [:default], check_content: false, file_match = details[:file_hash] == secure_details[:file_hash] if etag_match || content_length_match || file_match - return "The URL #{url} should use HTTPS rather than HTTP" + return curl_check_http_redirections(secure_url, original_url: url, user_agents: user_agents) end return unless check_content @@ -122,7 +122,7 @@ def curl_check_http_content(url, user_agents: [:default], check_content: false, # Check for the same content after removing all protocols if details[:file] == secure_details[:file] - return "The URL #{url} should use HTTPS rather than HTTP" + return curl_check_http_redirections(secure_url, original_url: url, user_agents: user_agents) end return unless strict @@ -142,7 +142,7 @@ end def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: :default) max_time = hash_needed ? "600" : "25" output, = curl_output( - "--connect-timeout", "15", "--include", "--max-time", max_time, "--location", url, + "--connect-timeout", "15", "--include", "--max-time", max_time, "--location", url, "--head", user_agent: user_agent ) @@ -162,3 +162,31 @@ def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: file: output, } end + +def curl_check_http_redirections(url, original_url: nil, user_agents: [:default]) + out, _, status= curl_output("--location", "--silent", "--head", url.to_s) + + lines = status.success? ? out.lines.map(&:chomp) : [] + + locations = lines.map { |line| line[/^Location:\s*(.*)$/i, 1] } + .compact + + redirect_url = locations.reduce(url) do |current_url, location| + if location.start_with?("/") + uri = URI(current_url) + "#{uri.scheme}://#{uri.host}#{location}" + else + location + end + end + + if original_url.start_with?("https://") + unless redirect_url.start_with?("https://") + return "The URL #{original_url} redirects back to HTTP" + end + elsif url.start_with?("https://") + if redirect_url.start_with?("https://") + return "The URL #{original_url} should use HTTPS rather than HTTP" + end + end +end From 70fc2af6470acd116d24882bb1cbb922b40e2d73 Mon Sep 17 00:00:00 2001 From: "L. E. Segovia" <13498015+amyspark@users.noreply.github.com> Date: Wed, 10 Oct 2018 21:36:06 +0000 Subject: [PATCH 3/8] Cask: fix all homepages now that they are audited --- Library/Homebrew/test/cask/cmd/home_spec.rb | 6 +++--- Library/Homebrew/test/cask/cmd/info_spec.rb | 14 +++++++------- .../Homebrew/test/cask/cmd/internal_stanza_spec.rb | 2 +- .../support/fixtures/cask/Casks/bad-checksum.rb | 2 +- .../cask/Casks/installer-with-uninstall.rb | 2 +- .../cask/Casks/invalid/invalid-header-format.rb | 2 +- .../Casks/invalid/invalid-header-token-mismatch.rb | 2 +- .../cask/Casks/invalid/invalid-header-version.rb | 2 +- .../cask/Casks/invalid/invalid-two-homepage.rb | 2 +- .../fixtures/cask/Casks/invalid/invalid-two-url.rb | 2 +- .../cask/Casks/invalid/invalid-two-version.rb | 2 +- .../support/fixtures/cask/Casks/local-caffeine.rb | 2 +- .../fixtures/cask/Casks/local-transmission.rb | 2 +- .../fixtures/cask/Casks/missing-checksum.rb | 2 +- .../support/fixtures/cask/Casks/no-checksum.rb | 2 +- .../fixtures/cask/Casks/outdated/bad-checksum.rb | 2 +- .../fixtures/cask/Casks/outdated/local-caffeine.rb | 2 +- .../cask/Casks/outdated/local-transmission.rb | 2 +- .../fixtures/cask/Casks/outdated/version-latest.rb | 2 +- .../support/fixtures/cask/Casks/version-latest.rb | 2 +- .../fixtures/cask/Casks/will-fail-if-upgraded.rb | 2 +- .../support/fixtures/cask/Casks/with-alt-target.rb | 2 +- .../support/fixtures/cask/Casks/with-caveats.rb | 2 +- .../cask/Casks/with-conditional-caveats.rb | 2 +- .../fixtures/cask/Casks/with-installer-manual.rb | 2 +- .../support/fixtures/cask/Casks/with-languages.rb | 2 +- .../fixtures/cask/Casks/with-two-apps-correct.rb | 2 +- .../fixtures/cask/Casks/with-two-apps-subdir.rb | 2 +- .../fixtures/cask/Casks/without-languages.rb | 2 +- 29 files changed, 37 insertions(+), 37 deletions(-) diff --git a/Library/Homebrew/test/cask/cmd/home_spec.rb b/Library/Homebrew/test/cask/cmd/home_spec.rb index 563d829d12..5fd8abd243 100644 --- a/Library/Homebrew/test/cask/cmd/home_spec.rb +++ b/Library/Homebrew/test/cask/cmd/home_spec.rb @@ -8,13 +8,13 @@ describe Cask::Cmd::Home, :cask do it_behaves_like "a command that handles invalid options" it "opens the homepage for the specified Cask" do - expect(described_class).to receive(:open_url).with("https://example.com/local-caffeine") + expect(described_class).to receive(:open_url).with("https://example.com") described_class.run("local-caffeine") end it "works for multiple Casks" do - expect(described_class).to receive(:open_url).with("https://example.com/local-caffeine") - expect(described_class).to receive(:open_url).with("https://example.com/local-transmission") + expect(described_class).to receive(:open_url).with("https://example.com") + expect(described_class).to receive(:open_url).with("https://example.com") described_class.run("local-caffeine", "local-transmission") end diff --git a/Library/Homebrew/test/cask/cmd/info_spec.rb b/Library/Homebrew/test/cask/cmd/info_spec.rb index f774fe2c5c..99b4d98f8b 100644 --- a/Library/Homebrew/test/cask/cmd/info_spec.rb +++ b/Library/Homebrew/test/cask/cmd/info_spec.rb @@ -10,7 +10,7 @@ describe Cask::Cmd::Info, :cask do described_class.run("local-caffeine") }.to output(<<~EOS).to_stdout local-caffeine: 1.2.3 - https://example.com/local-caffeine + https://example.com Not installed From: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/local-caffeine.rb ==> Name @@ -39,7 +39,7 @@ describe Cask::Cmd::Info, :cask do let(:expected_output) { <<~EOS local-caffeine: 1.2.3 - https://example.com/local-caffeine + https://example.com Not installed From: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/local-caffeine.rb ==> Name @@ -47,7 +47,7 @@ describe Cask::Cmd::Info, :cask do ==> Artifacts Caffeine.app (App) local-transmission: 2.61 - https://example.com/local-transmission + https://example.com Not installed From: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/local-transmission.rb ==> Name @@ -69,7 +69,7 @@ describe Cask::Cmd::Info, :cask do described_class.run("with-caveats") }.to output(<<~EOS).to_stdout with-caveats: 1.2.3 - https://example.com/local-caffeine + https://example.com Not installed From: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/with-caveats.rb ==> Name @@ -95,7 +95,7 @@ describe Cask::Cmd::Info, :cask do described_class.run("with-conditional-caveats") }.to output(<<~EOS).to_stdout with-conditional-caveats: 1.2.3 - https://example.com/local-caffeine + https://example.com Not installed From: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/with-conditional-caveats.rb ==> Name @@ -110,7 +110,7 @@ describe Cask::Cmd::Info, :cask do described_class.run("with-languages") }.to output(<<~EOS).to_stdout with-languages: 1.2.3 - https://example.com/local-caffeine + https://example.com Not installed From: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/with-languages.rb ==> Name @@ -127,7 +127,7 @@ describe Cask::Cmd::Info, :cask do described_class.run("without-languages") }.to output(<<~EOS).to_stdout without-languages: 1.2.3 - https://example.com/local-caffeine + https://example.com Not installed From: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/without-languages.rb ==> Name diff --git a/Library/Homebrew/test/cask/cmd/internal_stanza_spec.rb b/Library/Homebrew/test/cask/cmd/internal_stanza_spec.rb index b7255debd7..edc230e178 100644 --- a/Library/Homebrew/test/cask/cmd/internal_stanza_spec.rb +++ b/Library/Homebrew/test/cask/cmd/internal_stanza_spec.rb @@ -3,7 +3,7 @@ describe Cask::Cmd::InternalStanza, :cask do command = described_class.new("homepage", "local-caffeine") expect { command.run - }.to output("https://example.com/local-caffeine\n").to_stdout + }.to output("https://example.com\n").to_stdout end it "raises an exception when stanza is unknown/unsupported" do diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/bad-checksum.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/bad-checksum.rb index 96e680159a..66d2c2f8f4 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/bad-checksum.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/bad-checksum.rb @@ -3,7 +3,7 @@ cask 'bad-checksum' do sha256 'badbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadb' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/installer-with-uninstall.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/installer-with-uninstall.rb index 6b09429a4b..afb29f7caf 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/installer-with-uninstall.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/installer-with-uninstall.rb @@ -3,7 +3,7 @@ cask 'installer-with-uninstall' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' installer manual: 'Caffeine.app' diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-format.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-format.rb index 1841c53be6..56aa3c28f8 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-format.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-format.rb @@ -3,7 +3,7 @@ cask => 'invalid-header-format' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-token-mismatch.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-token-mismatch.rb index d10c18ae13..e7e879d02f 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-token-mismatch.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-token-mismatch.rb @@ -3,7 +3,7 @@ cask 'invalid-header-token-mismatch-this-text-does-not-belong' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-version.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-version.rb index 2429f4c789..ed9d941e6f 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-version.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-header-version.rb @@ -3,7 +3,7 @@ cask 'invalid-header-version' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-homepage.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-homepage.rb index 3d4a6650db..33669fb493 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-homepage.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-homepage.rb @@ -3,7 +3,7 @@ cask 'invalid-two-homepage' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' homepage 'https://www.example.com/local-caffeine' app 'Caffeine.app' diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-url.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-url.rb index 488dc4cce1..aa4f80148e 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-url.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-url.rb @@ -4,7 +4,7 @@ cask 'invalid-two-url' do url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" url 'https://example.com/caffeine.zip' - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-version.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-version.rb index 03939067c5..82668b8c43 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-version.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/invalid/invalid-two-version.rb @@ -4,7 +4,7 @@ cask 'invalid-two-version' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/local-caffeine.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/local-caffeine.rb index ce4863a0f0..37b71412b4 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/local-caffeine.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/local-caffeine.rb @@ -3,7 +3,7 @@ cask 'local-caffeine' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/local-transmission.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/local-transmission.rb index 6cc69624d8..b9d33cfe37 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/local-transmission.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/local-transmission.rb @@ -4,7 +4,7 @@ cask 'local-transmission' do sha256 'e44ffa103fbf83f55c8d0b1bea309a43b2880798dae8620b1ee8da5e1095ec68' url "file://#{TEST_FIXTURE_DIR}/cask/transmission-2.61.dmg" - homepage 'https://example.com/local-transmission' + homepage 'https://example.com' app 'Transmission.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/missing-checksum.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/missing-checksum.rb index 2aed2cba36..c244872b6f 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/missing-checksum.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/missing-checksum.rb @@ -2,7 +2,7 @@ cask 'missing-checksum' do version '1.2.3' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/no-checksum.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/no-checksum.rb index 425c7c2447..f093a8c66c 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/no-checksum.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/no-checksum.rb @@ -3,7 +3,7 @@ cask 'no-checksum' do sha256 :no_check url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/bad-checksum.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/bad-checksum.rb index faafa7d1ce..50cde6ecf9 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/bad-checksum.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/bad-checksum.rb @@ -3,7 +3,7 @@ cask 'bad-checksum' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/local-caffeine.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/local-caffeine.rb index 8655e7cd12..3f8e36e687 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/local-caffeine.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/local-caffeine.rb @@ -3,7 +3,7 @@ cask 'local-caffeine' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/local-transmission.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/local-transmission.rb index b9f0a7b8b7..8090de23c7 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/local-transmission.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/local-transmission.rb @@ -3,7 +3,7 @@ cask 'local-transmission' do sha256 'e44ffa103fbf83f55c8d0b1bea309a43b2880798dae8620b1ee8da5e1095ec68' url "file://#{TEST_FIXTURE_DIR}/cask/transmission-2.61.dmg" - homepage 'https://example.com/local-transmission' + homepage 'https://example.com' app 'Transmission.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/version-latest.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/version-latest.rb index 0fab0385e7..5ff04530cf 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/version-latest.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/outdated/version-latest.rb @@ -3,7 +3,7 @@ cask 'version-latest' do sha256 :no_check url "file://#{TEST_FIXTURE_DIR}/cask/caffeines.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine Mini.app' app 'Caffeine Pro.app' diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/version-latest.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/version-latest.rb index 0fab0385e7..5ff04530cf 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/version-latest.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/version-latest.rb @@ -3,7 +3,7 @@ cask 'version-latest' do sha256 :no_check url "file://#{TEST_FIXTURE_DIR}/cask/caffeines.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine Mini.app' app 'Caffeine Pro.app' diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/will-fail-if-upgraded.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/will-fail-if-upgraded.rb index 712b502d1b..6ed0404788 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/will-fail-if-upgraded.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/will-fail-if-upgraded.rb @@ -3,7 +3,7 @@ cask 'will-fail-if-upgraded' do sha256 'e44ffa103fbf83f55c8d0b1bea309a43b2880798dae8620b1ee8da5e1095ec68' url "file://#{TEST_FIXTURE_DIR}/cask/transmission-2.61.dmg" - homepage 'https://example.com/local-transmission' + homepage 'https://example.com' app 'container' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/with-alt-target.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/with-alt-target.rb index 68898cd4c4..3efc4b2325 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/with-alt-target.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/with-alt-target.rb @@ -3,7 +3,7 @@ cask 'with-alt-target' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app', target: 'AnotherName.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/with-caveats.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/with-caveats.rb index 995699b370..8c8e9c3ea0 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/with-caveats.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/with-caveats.rb @@ -3,7 +3,7 @@ cask 'with-caveats' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/with-conditional-caveats.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/with-conditional-caveats.rb index dc547a2529..efe02241a5 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/with-conditional-caveats.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/with-conditional-caveats.rb @@ -3,7 +3,7 @@ cask 'with-conditional-caveats' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/with-installer-manual.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/with-installer-manual.rb index 733330abc7..a57c137a68 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/with-installer-manual.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/with-installer-manual.rb @@ -3,7 +3,7 @@ cask 'with-installer-manual' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' installer manual: 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/with-languages.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/with-languages.rb index fc277b6407..f06636f945 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/with-languages.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/with-languages.rb @@ -12,7 +12,7 @@ cask 'with-languages' do end url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/with-two-apps-correct.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/with-two-apps-correct.rb index 699de751c0..e82ab27705 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/with-two-apps-correct.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/with-two-apps-correct.rb @@ -3,7 +3,7 @@ cask 'with-two-apps-correct' do sha256 '3178fbfd1ea5d87a2a0662a4eb599ebc9a03888e73f37538d9f3f6ee69d2368e' url "file://#{TEST_FIXTURE_DIR}/cask/caffeines.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine Mini.app' app 'Caffeine Pro.app' diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/with-two-apps-subdir.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/with-two-apps-subdir.rb index 43ffe4838b..ea62ec5519 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/with-two-apps-subdir.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/with-two-apps-subdir.rb @@ -3,7 +3,7 @@ cask 'with-two-apps-subdir' do sha256 'd687c22a21c02bd8f07da9302c8292b93a04df9a929e3f04d09aea6c76f75c65' url "file://#{TEST_FIXTURE_DIR}/cask/caffeines-subdir.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeines/Caffeine Mini.app' app 'Caffeines/Caffeine Pro.app' diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/without-languages.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/without-languages.rb index 2a74e19ce4..359df73257 100644 --- a/Library/Homebrew/test/support/fixtures/cask/Casks/without-languages.rb +++ b/Library/Homebrew/test/support/fixtures/cask/Casks/without-languages.rb @@ -3,7 +3,7 @@ cask 'without-languages' do sha256 '67cdb8a02803ef37fdbf7e0be205863172e41a561ca446cd84f0d7ab35a99d94' url "file://#{TEST_FIXTURE_DIR}/cask/caffeine.zip" - homepage 'https://example.com/local-caffeine' + homepage 'https://example.com' app 'Caffeine.app' end From 32246dd09751cca45f5f85951238bc6d0ba28dad Mon Sep 17 00:00:00 2001 From: "L. E. Segovia" <13498015+amyspark@users.noreply.github.com> Date: Wed, 10 Oct 2018 21:36:06 +0000 Subject: [PATCH 4/8] Cask: do not audit non-file URLs --- Library/Homebrew/cask/audit.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Library/Homebrew/cask/audit.rb b/Library/Homebrew/cask/audit.rb index bf43109cc5..1e17220dba 100644 --- a/Library/Homebrew/cask/audit.rb +++ b/Library/Homebrew/cask/audit.rb @@ -321,7 +321,9 @@ module Cask end def check_https_availability - check_url_for_https_availability(cask.url, user_agents: [cask.url.user_agent]) unless cask.url.to_s.empty? + unless cask.url.to_s.empty? || cask.url.using + check_url_for_https_availability(cask.url, user_agents: [cask.url.user_agent]) + end check_url_for_https_availability(cask.appcast) unless cask.appcast.to_s.empty? check_url_for_https_availability(cask.homepage) unless cask.homepage.to_s.empty? end From 094cab89febdb41d1de41ac01c95b851b197d839 Mon Sep 17 00:00:00 2001 From: "L. E. Segovia" <13498015+amyspark@users.noreply.github.com> Date: Wed, 10 Oct 2018 21:36:06 +0000 Subject: [PATCH 5/8] Cask: remove curl calls, use them with --download --- Library/Homebrew/cask/audit.rb | 1 + Library/Homebrew/cask/auditor.rb | 2 +- Library/Homebrew/utils/curl.rb | 54 ++++++++++++++------------------ 3 files changed, 25 insertions(+), 32 deletions(-) diff --git a/Library/Homebrew/cask/audit.rb b/Library/Homebrew/cask/audit.rb index 1e17220dba..2367925e9e 100644 --- a/Library/Homebrew/cask/audit.rb +++ b/Library/Homebrew/cask/audit.rb @@ -321,6 +321,7 @@ module Cask end def check_https_availability + return unless download unless cask.url.to_s.empty? || cask.url.using check_url_for_https_availability(cask.url, user_agents: [cask.url.user_agent]) end diff --git a/Library/Homebrew/cask/auditor.rb b/Library/Homebrew/cask/auditor.rb index 4de53cd573..4fb30e7acd 100644 --- a/Library/Homebrew/cask/auditor.rb +++ b/Library/Homebrew/cask/auditor.rb @@ -60,7 +60,7 @@ module Cask download = audit_download? && Download.new(cask, quarantine: quarantine?) audit = Audit.new(cask, download: download, check_token_conflicts: check_token_conflicts?, - commit_range: commit_range) + commit_range: commit_range) audit.run! puts audit.summary audit.success? diff --git a/Library/Homebrew/utils/curl.rb b/Library/Homebrew/utils/curl.rb index 2ebd11a7e2..0df6cf8fb3 100644 --- a/Library/Homebrew/utils/curl.rb +++ b/Library/Homebrew/utils/curl.rb @@ -92,6 +92,12 @@ def curl_check_http_content(url, user_agents: [:default], check_content: false, return "The URL #{url} is not reachable (HTTP status code #{details[:status]})" end + if url.start_with?("https://") && ENV["HOMEBREW_NO_INSECURE_REDIRECT"] + unless details[:final_url].start_with?("https://") + return "The URL #{url} redirects back to HTTP" + end + end + return unless hash_needed secure_url = url.sub "http", "https" @@ -111,7 +117,9 @@ def curl_check_http_content(url, user_agents: [:default], check_content: false, file_match = details[:file_hash] == secure_details[:file_hash] if etag_match || content_length_match || file_match - return curl_check_http_redirections(secure_url, original_url: url, user_agents: user_agents) + if secure_details[:final_url].start_with?("https://") + return "The URL #{url} should use HTTPS rather than HTTP" if url.start_with?("http://") + end end return unless check_content @@ -122,7 +130,9 @@ def curl_check_http_content(url, user_agents: [:default], check_content: false, # Check for the same content after removing all protocols if details[:file] == secure_details[:file] - return curl_check_http_redirections(secure_url, original_url: url, user_agents: user_agents) + if secure_details[:final_url].start_with?("https://") + return "The URL #{url} should use HTTPS rather than HTTP" if url.start_with?("http://") + end end return unless strict @@ -142,7 +152,7 @@ end def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: :default) max_time = hash_needed ? "600" : "25" output, = curl_output( - "--connect-timeout", "15", "--include", "--max-time", max_time, "--location", url, "--head", + "--connect-timeout", "15", "--include", "--max-time", max_time, "--location", url, user_agent: user_agent ) @@ -150,11 +160,21 @@ def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: while status_code == :unknown || status_code.to_s.start_with?("3") headers, _, output = output.partition("\r\n\r\n") status_code = headers[%r{HTTP\/.* (\d+)}, 1] + location = headers[/^Location:\s*(.*)$/i, 1] + # puts "URL: #{url}, location: #{location.inspect}, status: #{status_code}" + # puts headers + unless location.nil? + final_url = location.chomp + end end output_hash = Digest::SHA256.digest(output) if hash_needed + final_url = url if final_url.nil? + { + url: url, + final_url: final_url, status: status_code, etag: headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2], content_length: headers[/Content-Length: (\d+)/, 1], @@ -162,31 +182,3 @@ def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: file: output, } end - -def curl_check_http_redirections(url, original_url: nil, user_agents: [:default]) - out, _, status= curl_output("--location", "--silent", "--head", url.to_s) - - lines = status.success? ? out.lines.map(&:chomp) : [] - - locations = lines.map { |line| line[/^Location:\s*(.*)$/i, 1] } - .compact - - redirect_url = locations.reduce(url) do |current_url, location| - if location.start_with?("/") - uri = URI(current_url) - "#{uri.scheme}://#{uri.host}#{location}" - else - location - end - end - - if original_url.start_with?("https://") - unless redirect_url.start_with?("https://") - return "The URL #{original_url} redirects back to HTTP" - end - elsif url.start_with?("https://") - if redirect_url.start_with?("https://") - return "The URL #{original_url} should use HTTPS rather than HTTP" - end - end -end From 6ac568230c3b8532b0fdda45dae133d0f0a8cc18 Mon Sep 17 00:00:00 2001 From: "L. E. Segovia" <13498015+amyspark@users.noreply.github.com> Date: Sat, 24 Nov 2018 01:46:55 +0000 Subject: [PATCH 6/8] Fix styling issues --- Library/Homebrew/utils/curl.rb | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) diff --git a/Library/Homebrew/utils/curl.rb b/Library/Homebrew/utils/curl.rb index 12360748cc..343e8a125f 100644 --- a/Library/Homebrew/utils/curl.rb +++ b/Library/Homebrew/utils/curl.rb @@ -92,10 +92,9 @@ def curl_check_http_content(url, user_agents: [:default], check_content: false, return "The URL #{url} is not reachable (HTTP status code #{details[:status]})" end - if url.start_with?("https://") && ENV["HOMEBREW_NO_INSECURE_REDIRECT"] - unless details[:final_url].start_with?("https://") - return "The URL #{url} redirects back to HTTP" - end + if url.start_with?("https://") && ENV["HOMEBREW_NO_INSECURE_REDIRECT"] && + !details[:final_url].start_with?("https://") + return "The URL #{url} redirects back to HTTP" end return unless hash_needed @@ -116,10 +115,9 @@ def curl_check_http_content(url, user_agents: [:default], check_content: false, details[:content_length] == secure_details[:content_length] file_match = details[:file_hash] == secure_details[:file_hash] - if etag_match || content_length_match || file_match - if secure_details[:final_url].start_with?("https://") - return "The URL #{url} should use HTTPS rather than HTTP" if url.start_with?("http://") - end + if (etag_match || content_length_match || file_match) && + secure_details[:final_url].start_with?("https://") + return "The URL #{url} should use HTTPS rather than HTTP" if url.start_with?("http://") end return unless check_content @@ -129,10 +127,9 @@ def curl_check_http_content(url, user_agents: [:default], check_content: false, secure_details[:file] = secure_details[:file].gsub(no_protocol_file_contents, "/") # Check for the same content after removing all protocols - if details[:file] == secure_details[:file] - if secure_details[:final_url].start_with?("https://") - return "The URL #{url} should use HTTPS rather than HTTP" if url.start_with?("http://") - end + if (details[:file] == secure_details[:file]) && + secure_details[:final_url].start_with?("https://") + return "The URL #{url} should use HTTPS rather than HTTP" if url.start_with?("http://") end return unless strict @@ -161,20 +158,16 @@ def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: headers, _, output = output.partition("\r\n\r\n") status_code = headers[%r{HTTP\/.* (\d+)}, 1] location = headers[/^Location:\s*(.*)$/i, 1] - # puts "URL: #{url}, location: #{location.inspect}, status: #{status_code}" - # puts headers - unless location.nil? - final_url = location.chomp - end + final_url = location.chomp if location end output_hash = Digest::SHA256.digest(output) if hash_needed - final_url = url if final_url.nil? + final_url ||= url { - url: url, - final_url: final_url, + url: url, + final_url: final_url, status: status_code, etag: headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2], content_length: headers[/Content-Length: (\d+)/, 1], From 62fd4a2e00b0b9c162469fbe085cce39b6e421c2 Mon Sep 17 00:00:00 2001 From: "L. E. Segovia" <13498015+amyspark@users.noreply.github.com> Date: Sat, 24 Nov 2018 02:02:53 +0000 Subject: [PATCH 7/8] Use .blank? --- Library/Homebrew/cask/audit.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Library/Homebrew/cask/audit.rb b/Library/Homebrew/cask/audit.rb index 2367925e9e..097e2d8711 100644 --- a/Library/Homebrew/cask/audit.rb +++ b/Library/Homebrew/cask/audit.rb @@ -322,11 +322,11 @@ module Cask def check_https_availability return unless download - unless cask.url.to_s.empty? || cask.url.using + unless cask.url.blank? || cask.url.using check_url_for_https_availability(cask.url, user_agents: [cask.url.user_agent]) end - check_url_for_https_availability(cask.appcast) unless cask.appcast.to_s.empty? - check_url_for_https_availability(cask.homepage) unless cask.homepage.to_s.empty? + check_url_for_https_availability(cask.appcast) unless cask.appcast.blank? + check_url_for_https_availability(cask.homepage) unless cask.homepage.blank? end def check_url_for_https_availability(url_to_check, user_agents: [:default]) From 3b79b4d079742052863860c8b090f1632eb3b21a Mon Sep 17 00:00:00 2001 From: "L. E. Segovia" <13498015+amyspark@users.noreply.github.com> Date: Sat, 24 Nov 2018 11:21:52 +0000 Subject: [PATCH 8/8] More styling fixes --- Library/Homebrew/cask/audit.rb | 4 ++-- Library/Homebrew/utils/curl.rb | 13 +++++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/Library/Homebrew/cask/audit.rb b/Library/Homebrew/cask/audit.rb index 097e2d8711..39933bbfff 100644 --- a/Library/Homebrew/cask/audit.rb +++ b/Library/Homebrew/cask/audit.rb @@ -322,7 +322,7 @@ module Cask def check_https_availability return unless download - unless cask.url.blank? || cask.url.using + if !cask.url.blank? && !cask.url.using check_url_for_https_availability(cask.url, user_agents: [cask.url.user_agent]) end check_url_for_https_availability(cask.appcast) unless cask.appcast.blank? @@ -331,7 +331,7 @@ module Cask def check_url_for_https_availability(url_to_check, user_agents: [:default]) problem = curl_check_http_content(url_to_check.to_s, user_agents: user_agents) - add_error problem unless problem.nil? + add_error problem if problem end end end diff --git a/Library/Homebrew/utils/curl.rb b/Library/Homebrew/utils/curl.rb index 343e8a125f..8492b23587 100644 --- a/Library/Homebrew/utils/curl.rb +++ b/Library/Homebrew/utils/curl.rb @@ -116,8 +116,9 @@ def curl_check_http_content(url, user_agents: [:default], check_content: false, file_match = details[:file_hash] == secure_details[:file_hash] if (etag_match || content_length_match || file_match) && - secure_details[:final_url].start_with?("https://") - return "The URL #{url} should use HTTPS rather than HTTP" if url.start_with?("http://") + secure_details[:final_url].start_with?("https://") && + url.start_with?("http://") + return "The URL #{url} should use HTTPS rather than HTTP" end return unless check_content @@ -128,8 +129,9 @@ def curl_check_http_content(url, user_agents: [:default], check_content: false, # Check for the same content after removing all protocols if (details[:file] == secure_details[:file]) && - secure_details[:final_url].start_with?("https://") - return "The URL #{url} should use HTTPS rather than HTTP" if url.start_with?("http://") + secure_details[:final_url].start_with?("https://") && + url.start_with?("http://") + return "The URL #{url} should use HTTPS rather than HTTP" end return unless strict @@ -157,8 +159,7 @@ def curl_http_content_headers_and_checksum(url, hash_needed: false, user_agent: while status_code == :unknown || status_code.to_s.start_with?("3") headers, _, output = output.partition("\r\n\r\n") status_code = headers[%r{HTTP\/.* (\d+)}, 1] - location = headers[/^Location:\s*(.*)$/i, 1] - final_url = location.chomp if location + final_url = headers[/^Location:\s*(.*)$/i, 1]&.chomp end output_hash = Digest::SHA256.digest(output) if hash_needed