Added check for insecure mirror URLs
This commit is contained in:
David Broder-Rodgers
parent
8f85eb64c4
commit
3c566399cf
@ -623,11 +623,11 @@ class FormulaAuditor
|
|||||||
%w[Stable Devel HEAD].each do |name|
|
%w[Stable Devel HEAD].each do |name|
|
||||||
next unless spec = formula.send(name.downcase)
|
next unless spec = formula.send(name.downcase)
|
||||||
|
|
||||||
ra = ResourceAuditor.new(spec).audit
|
ra = ResourceAuditor.new(spec, online: @online).audit
|
||||||
problems.concat ra.problems.map { |problem| "#{name}: #{problem}" }
|
problems.concat ra.problems.map { |problem| "#{name}: #{problem}" }
|
||||||
|
|
||||||
spec.resources.each_value do |resource|
|
spec.resources.each_value do |resource|
|
||||||
ra = ResourceAuditor.new(resource).audit
|
ra = ResourceAuditor.new(resource, online: @online).audit
|
||||||
problems.concat ra.problems.map { |problem|
|
problems.concat ra.problems.map { |problem|
|
||||||
"#{name} resource #{resource.name.inspect}: #{problem}"
|
"#{name} resource #{resource.name.inspect}: #{problem}"
|
||||||
}
|
}
|
||||||
@ -1127,7 +1127,7 @@ class ResourceAuditor
|
|||||||
attr_reader :problems
|
attr_reader :problems
|
||||||
attr_reader :version, :checksum, :using, :specs, :url, :mirrors, :name
|
attr_reader :version, :checksum, :using, :specs, :url, :mirrors, :name
|
||||||
|
|
||||||
def initialize(resource)
|
def initialize(resource, options = {})
|
||||||
@name = resource.name
|
@name = resource.name
|
||||||
@version = resource.version
|
@version = resource.version
|
||||||
@checksum = resource.checksum
|
@checksum = resource.checksum
|
||||||
@ -1135,6 +1135,7 @@ class ResourceAuditor
|
|||||||
@mirrors = resource.mirrors
|
@mirrors = resource.mirrors
|
||||||
@using = resource.using
|
@using = resource.using
|
||||||
@specs = resource.specs
|
@specs = resource.specs
|
||||||
|
@online = options[:online]
|
||||||
@problems = []
|
@problems = []
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -1390,6 +1391,20 @@ class ResourceAuditor
|
|||||||
next unless u =~ %r{https?://(?:central|repo\d+)\.maven\.org/maven2/(.+)$}
|
next unless u =~ %r{https?://(?:central|repo\d+)\.maven\.org/maven2/(.+)$}
|
||||||
problem "#{u} should be `https://search.maven.org/remotecontent?filepath=#{$1}`"
|
problem "#{u} should be `https://search.maven.org/remotecontent?filepath=#{$1}`"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
return unless @online
|
||||||
|
urls.each do |url|
|
||||||
|
next unless url.start_with? "http:"
|
||||||
|
# Check for insecure mirrors
|
||||||
|
status_code, = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \
|
||||||
|
"--write-out", "%{http_code}", url
|
||||||
|
secure_url = url.sub "http", "https"
|
||||||
|
secure_status_code, = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \
|
||||||
|
"--write-out", "%{http_code}", secure_url
|
||||||
|
if status_code.start_with?("20") && secure_status_code.start_with?("20")
|
||||||
|
problem "The URL #{url} could use HTTPS rather than HTTP"
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def problem(text)
|
def problem(text)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user