Added check for insecure mirror URLs

2016-12-23 11:29:31 +00:00 · 2016-12-23 11:29:31 +00:00 · 3c566399cf
commit 3c566399cf
parent 8f85eb64c4
1 changed files with 18 additions and 3 deletions
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@ -623,11 +623,11 @@ class FormulaAuditor
    %w[Stable Devel HEAD].each do |name|
      next unless spec = formula.send(name.downcase)

-      ra = ResourceAuditor.new(spec).audit
+      ra = ResourceAuditor.new(spec, online: @online).audit
      problems.concat ra.problems.map { |problem| "#{name}: #{problem}" }

      spec.resources.each_value do |resource|
-        ra = ResourceAuditor.new(resource).audit
+        ra = ResourceAuditor.new(resource, online: @online).audit
        problems.concat ra.problems.map { |problem|
          "#{name} resource #{resource.name.inspect}: #{problem}"
        }
@ -1127,7 +1127,7 @@ class ResourceAuditor
  attr_reader :problems
  attr_reader :version, :checksum, :using, :specs, :url, :mirrors, :name

-  def initialize(resource)
+  def initialize(resource, options = {})
    @name     = resource.name
    @version  = resource.version
    @checksum = resource.checksum
@ -1135,6 +1135,7 @@ class ResourceAuditor
    @mirrors  = resource.mirrors
    @using    = resource.using
    @specs    = resource.specs
+    @online   = options[:online]
    @problems = []
  end

@ -1390,6 +1391,20 @@ class ResourceAuditor
      next unless u =~ %r{https?://(?:central|repo\d+)\.maven\.org/maven2/(.+)$}
      problem "#{u} should be `https://search.maven.org/remotecontent?filepath=#{$1}`"
    end
+
+    return unless @online
+    urls.each do |url|
+      next unless url.start_with? "http:"
+      # Check for insecure mirrors
+      status_code, = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \
+                                 "--write-out", "%{http_code}", url
+      secure_url = url.sub "http", "https"
+      secure_status_code, = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \
+                                        "--write-out", "%{http_code}", secure_url
+      if status_code.start_with?("20") && secure_status_code.start_with?("20")
+        problem "The URL #{url} could use HTTPS rather than HTTP"
+      end
+    end
  end

  def problem(text)