Push URL audits down to ResourceAuditor

2015-05-07 22:44:01 -04:00 · 2015-05-07 22:44:01 -04:00 · 41ecce7898
commit 41ecce7898
parent 5c8ceaa458
1 changed files with 113 additions and 114 deletions
--- a/Library/Homebrew/cmd/audit.rb
+++ b/Library/Homebrew/cmd/audit.rb
@ -313,119 +313,6 @@ class FormulaAuditor
    if homepage =~ %r[^http://((?:build|cloud|developer|download|extensions|git|glade|help|library|live|nagios|news|people|projects|rt|static|wiki|www)\.)?gnome\.org]
      problem "Gnome homepages should be https:// links (URL is #{homepage})."
    end
    urls = @specs.map(&:url)
    # Check GNU urls; doesn't apply to mirrors
    urls.grep(%r[^(?:https?|ftp)://(?!alpha).+/gnu/]) do |u|
      problem "\"http://ftpmirror.gnu.org\" is preferred for GNU software (url is #{u})."
    end
    mirrors = @specs.map(&:mirrors).flatten
    dupes = urls & mirrors
    dupes.each do |dupe|
      problem "URL should not be duplicated as a mirror: #{dupe}"
    end
    # the rest of the checks apply to mirrors as well.
    urls += mirrors
    # Check a variety of SSL/TLS links that don't consistently auto-redirect
    # or are overly common errors that need to be reduced & fixed over time.
    urls.each do |p|
      # Skip the main url link, as it can't be made SSL/TLS yet.
      next if p =~ %r[/ftpmirror\.gnu\.org]
      case p
      when %r[^http://ftp\.gnu\.org/]
        problem "ftp.gnu.org urls should be https://, not http:// (url is #{p})."
      when %r[^http://[^/]*\.apache\.org/]
        problem "Apache urls should be https://, not http (url is #{p})."
      when %r[^http://code\.google\.com/]
        problem "code.google.com urls should be https://, not http (url is #{p})."
      when %r[^http://fossies\.org/]
        problem "Fossies urls should be https://, not http (url is #{p})."
      when %r[^http://mirrors\.kernel\.org/]
        problem "mirrors.kernel urls should be https://, not http (url is #{p})."
      when %r[^http://([^/]*\.|)bintray\.com/]
        problem "Bintray urls should be https://, not http (url is #{p})."
      when %r[^http://tools\.ietf\.org/]
        problem "ietf urls should be https://, not http (url is #{p})."
      end
    end
    # Check SourceForge urls
    urls.each do |p|
      # Skip if the URL looks like a SVN repo
      next if p =~ %r[/svnroot/]
      next if p =~ %r[svn\.sourceforge]
      # Is it a sourceforge http(s) URL?
      next unless p =~ %r[^https?://.*\b(sourceforge|sf)\.(com|net)]
      if p =~ /(\?|&)use_mirror=/
        problem "Don't use #{$1}use_mirror in SourceForge urls (url is #{p})."
      end
      if p =~ /\/download$/
        problem "Don't use /download in SourceForge urls (url is #{p})."
      end
      if p =~ %r[^https?://sourceforge\.]
        problem "Use http://downloads.sourceforge.net to get geolocation (url is #{p})."
      end
      if p =~ %r[^https?://prdownloads\.]
        problem "Don't use prdownloads in SourceForge urls (url is #{p}).\n" +
                "\tSee: http://librelist.com/browser/homebrew/2011/1/12/prdownloads-is-bad/"
      end
      if p =~ %r[^http://\w+\.dl\.]
        problem "Don't use specific dl mirrors in SourceForge urls (url is #{p})."
      end
      if p.start_with? "http://downloads"
        problem "Use https:// URLs for downloads from SourceForge (url is #{p})."
      end
    end
    # Check for Google Code download urls, https:// is preferred
    # Intentionally not extending this to SVN repositories due to certificate
    # issues.
    urls.grep(%r[^http://.*\.googlecode\.com/files.*]) do |u|
      problem "Use https:// URLs for downloads from Google Code (url is #{u})."
    end
    # Check for new-url Google Code download urls, https:// is preferred
    urls.grep(%r[^http://code\.google\.com/]) do |u|
      problem "Use https:// URLs for downloads from code.google (url is #{u})."
    end
    # Check for git:// GitHub repo urls, https:// is preferred.
    urls.grep(%r[^git://[^/]*github\.com/]) do |u|
      problem "Use https:// URLs for accessing GitHub repositories (url is #{u})."
    end
    # Check for git:// Gitorious repo urls, https:// is preferred.
    urls.grep(%r[^git://[^/]*gitorious\.org/]) do |u|
      problem "Use https:// URLs for accessing Gitorious repositories (url is #{u})."
    end
    # Check for http:// GitHub repo urls, https:// is preferred.
    urls.grep(%r[^http://github\.com/.*\.git$]) do |u|
      problem "Use https:// URLs for accessing GitHub repositories (url is #{u})."
    end
    # Use new-style archive downloads
    urls.select { |u| u =~ %r[https://.*github.*/(?:tar|zip)ball/] && u !~ %r[\.git$] }.each do |u|
      problem "Use /archive/ URLs for GitHub tarballs (url is #{u})."
    end
    # Don't use GitHub .zip files
    urls.select { |u| u =~ %r[https://.*github.*/(archive|releases)/.*\.zip$] && u !~ %r[releases/download] }.each do |u|
      problem "Use GitHub tarballs rather than zipballs (url is #{u})."
    end
  end
  def audit_specs
@ -828,13 +715,14 @@ end
 class ResourceAuditor
  attr_reader :problems
-  attr_reader :version, :checksum, :using, :specs, :url, :name
+  attr_reader :version, :checksum, :using, :specs, :url, :mirrors, :name
  def initialize(resource)
    @name     = resource.name
    @version  = resource.version
    @checksum = resource.checksum
    @url      = resource.url
    @mirrors  = resource.mirrors
    @using    = resource.using
    @specs    = resource.specs
    @problems = []
@ -844,6 +732,7 @@ class ResourceAuditor
    audit_version
    audit_checksum
    audit_download_strategy
    audit_urls
    self
  end
@ -941,6 +830,116 @@ class ResourceAuditor
    end
  end
  def audit_urls
    # Check GNU urls; doesn't apply to mirrors
    if url =~ %r[^(?:https?|ftp)://(?!alpha).+/gnu/]
      problem "\"http://ftpmirror.gnu.org\" is preferred for GNU software (url is #{url})."
    end
    if mirrors.include?(url)
      problem "URL should not be duplicated as a mirror: #{url}"
    end
    urls = [url] + mirrors
    # Check a variety of SSL/TLS links that don't consistently auto-redirect
    # or are overly common errors that need to be reduced & fixed over time.
    urls.each do |p|
      # Skip the main url link, as it can't be made SSL/TLS yet.
      next if p =~ %r[/ftpmirror\.gnu\.org]
      case p
      when %r[^http://ftp\.gnu\.org/]
        problem "ftp.gnu.org urls should be https://, not http:// (url is #{p})."
      when %r[^http://[^/]*\.apache\.org/]
        problem "Apache urls should be https://, not http (url is #{p})."
      when %r[^http://code\.google\.com/]
        problem "code.google.com urls should be https://, not http (url is #{p})."
      when %r[^http://fossies\.org/]
        problem "Fossies urls should be https://, not http (url is #{p})."
      when %r[^http://mirrors\.kernel\.org/]
        problem "mirrors.kernel urls should be https://, not http (url is #{p})."
      when %r[^http://([^/]*\.|)bintray\.com/]
        problem "Bintray urls should be https://, not http (url is #{p})."
      when %r[^http://tools\.ietf\.org/]
        problem "ietf urls should be https://, not http (url is #{p})."
      end
    end
    # Check SourceForge urls
    urls.each do |p|
      # Skip if the URL looks like a SVN repo
      next if p =~ %r[/svnroot/]
      next if p =~ %r[svn\.sourceforge]
      # Is it a sourceforge http(s) URL?
      next unless p =~ %r[^https?://.*\b(sourceforge|sf)\.(com|net)]
      if p =~ /(\?|&)use_mirror=/
        problem "Don't use #{$1}use_mirror in SourceForge urls (url is #{p})."
      end
      if p =~ /\/download$/
        problem "Don't use /download in SourceForge urls (url is #{p})."
      end
      if p =~ %r[^https?://sourceforge\.]
        problem "Use http://downloads.sourceforge.net to get geolocation (url is #{p})."
      end
      if p =~ %r[^https?://prdownloads\.]
        problem "Don't use prdownloads in SourceForge urls (url is #{p}).\n" +
                "\tSee: http://librelist.com/browser/homebrew/2011/1/12/prdownloads-is-bad/"
      end
      if p =~ %r[^http://\w+\.dl\.]
        problem "Don't use specific dl mirrors in SourceForge urls (url is #{p})."
      end
      if p.start_with? "http://downloads"
        problem "Use https:// URLs for downloads from SourceForge (url is #{p})."
      end
    end
    # Check for Google Code download urls, https:// is preferred
    # Intentionally not extending this to SVN repositories due to certificate
    # issues.
    urls.grep(%r[^http://.*\.googlecode\.com/files.*]) do |u|
      problem "Use https:// URLs for downloads from Google Code (url is #{u})."
    end
    # Check for new-url Google Code download urls, https:// is preferred
    urls.grep(%r[^http://code\.google\.com/]) do |u|
      problem "Use https:// URLs for downloads from code.google (url is #{u})."
    end
    # Check for git:// GitHub repo urls, https:// is preferred.
    urls.grep(%r[^git://[^/]*github\.com/]) do |u|
      problem "Use https:// URLs for accessing GitHub repositories (url is #{u})."
    end
    # Check for git:// Gitorious repo urls, https:// is preferred.
    urls.grep(%r[^git://[^/]*gitorious\.org/]) do |u|
      problem "Use https:// URLs for accessing Gitorious repositories (url is #{u})."
    end
    # Check for http:// GitHub repo urls, https:// is preferred.
    urls.grep(%r[^http://github\.com/.*\.git$]) do |u|
      problem "Use https:// URLs for accessing GitHub repositories (url is #{u})."
    end
    # Use new-style archive downloads
    urls.select { |u| u =~ %r[https://.*github.*/(?:tar|zip)ball/] && u !~ %r[\.git$] }.each do |u|
      problem "Use /archive/ URLs for GitHub tarballs (url is #{u})."
    end
    # Don't use GitHub .zip files
    urls.select { |u| u =~ %r[https://.*github.*/(archive|releases)/.*\.zip$] && u !~ %r[releases/download] }.each do |u|
      problem "Use GitHub tarballs rather than zipballs (url is #{u})."
    end
  end
  def problem text
    @problems << text
  end