audit: Warn on new formulae containing binary URLs

2018-02-04 21:54:49 -05:00 · 2018-02-04 21:54:49 -05:00 · 3f43f60a2a
commit 3f43f60a2a
parent a44b21b2df
2 changed files with 95 additions and 3 deletions
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@ -198,6 +198,8 @@ class FormulaAuditor
    @online = options[:online]
    # Accept precomputed style offense results, for efficiency
    @style_offenses = options[:style_offenses]
+    # Allow the actual official-ness of a formula to be overridden, for testing purposes
+    @official_tap = formula.tap&.official? || options[:official_tap]
    @problems = []
    @text = FormulaText.new(formula.path)
    @specs = %w[stable devel head].map { |s| formula.send(s) }.compact
@ -304,7 +306,7 @@ class FormulaAuditor
  def audit_formula_name
    return unless @strict
    # skip for non-official taps
-    return unless formula.tap&.official?
+    return unless @official_tap

    name = formula.name

@ -718,7 +720,7 @@ class FormulaAuditor

    return unless @strict

-    if formula.tap&.official? && line.include?("env :std")
+    if @official_tap && line.include?("env :std")
      problem "`env :std` in official tap formulae is deprecated"
    end

@ -747,7 +749,7 @@ class FormulaAuditor
  def audit_reverse_migration
    # Only enforce for new formula being re-added to core and official taps
    return unless @strict
-    return unless formula.tap&.official?
+    return unless @official_tap
    return unless formula.tap.tap_migrations.key?(formula.name)

    problem <<~EOS
@ -768,6 +770,18 @@ class FormulaAuditor
    EOS
  end

+  def audit_url_is_not_binary
+    return unless @official_tap
+
+    urls = @specs.map(&:url)
+
+    urls.each do |url|
+      if url =~ /darwin/i && (url =~ /x86_64/i || url =~ /amd64/i)
+        problem "#{url} looks like a binary package, not a source archive. Official taps are source-only."
+      end
+    end
+  end
+
  def quote_dep(dep)
    dep.is_a?(Symbol) ? dep.inspect : "'#{dep}'"
  end
--- a/Library/Homebrew/test/dev-cmd/audit_spec.rb
+++ b/Library/Homebrew/test/dev-cmd/audit_spec.rb
@ -522,4 +522,82 @@ describe FormulaAuditor do
      end
    end
  end
+
+  describe "#audit_url_is_not_binary" do
+    specify "it detects a url containing darwin and x86_64" do
+      fa = formula_auditor "foo", <<~EOS, official_tap: true
+        class Foo < Formula
+          url "https://example.com/example-darwin.x86_64.tar.gz"
+        end
+      EOS
+
+      fa.audit_url_is_not_binary
+
+      expect(fa.problems.first)
+        .to match("looks like a binary package, not a source archive. Official taps are source-only.")
+    end
+
+    specify "it detects a url containing darwin and amd64" do
+      fa = formula_auditor "foo", <<~EOS, official_tap: true
+        class Foo < Formula
+          url "https://example.com/example-darwin.amd64.tar.gz"
+        end
+      EOS
+
+      fa.audit_url_is_not_binary
+
+      expect(fa.problems.first)
+        .to match("looks like a binary package, not a source archive. Official taps are source-only.")
+    end
+
+    specify "it works on the devel spec" do
+      fa = formula_auditor "foo", <<~EOS, official_tap: true
+        class Foo < Formula
+          url "https://example.com/valid-1.0.tar.gz"
+
+          devel do
+            url "https://example.com/example-darwin.x86_64.tar.gz"
+          end
+        end
+      EOS
+
+      fa.audit_url_is_not_binary
+
+      expect(fa.problems.first)
+        .to match("looks like a binary package, not a source archive. Official taps are source-only.")
+    end
+
+    specify "it works on the head spec" do
+      fa = formula_auditor "foo", <<~EOS, official_tap: true
+        class Foo < Formula
+          url "https://example.com/valid-1.0.tar.gz"
+
+          head do
+            url "https://example.com/example-darwin.x86_64.tar.gz"
+          end
+        end
+      EOS
+
+      fa.audit_url_is_not_binary
+
+      expect(fa.problems.first)
+        .to match("looks like a binary package, not a source archive. Official taps are source-only.")
+    end
+
+    specify "it ignores resource urls" do
+      fa = formula_auditor "foo", <<~EOS, official_tap: true
+        class Foo < Formula
+          url "https://example.com/valid-1.0.tar.gz"
+
+          resource "binary_res" do
+            url "https://example.com/example-darwin.x86_64.tar.gz"
+          end
+        end
+      EOS
+
+      fa.audit_url_is_not_binary
+
+      expect(fa.problems).to eq([])
+    end
+  end
 end