admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Simplify Checksum cop by auditing all checksums

Browse Source
This commit is contained in:
Gautham Goli 2017-06-14 15:37:37 +05:30
parent 4d7a983415
commit 77da75e7d6
2 changed files with 41 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
Library/Homebrew/rubocops/checksum_cop.rb
View File

@ -5,55 +5,48 @@ module RuboCop
module FormulaAudit module FormulaAudit
class Checksum < FormulaCop class Checksum < FormulaCop
def audit_formula(_node, _class_node, _parent_class_node, body_node) def audit_formula(_node, _class_node, _parent_class_node, body_node)
%w[stable devel head].each do |name| return if body_node.nil?
next unless spec_node = find_block(body_node, name.to_sym) if method_called_ever?(body_node, :md5)
_, _, spec_body = *spec_node problem "MD5 checksums are deprecated, please use SHA256"
audit_checksums(spec_body, name)
if name == "stable"
resource_blocks = find_blocks(body_node, :resource) +
find_all_blocks(spec_body, :resource)
else
resource_blocks = find_all_blocks(spec_body, :resource)
end end
resource_blocks.each do |rb|
_, _, resource_body = *rb if method_called_ever?(body_node, :sha1)
audit_checksums(resource_body, name, string_content(parameters(rb).first)) problem "SHA1 checksums are deprecated, please use SHA256"
end end
sha256_calls = find_every_method_call_by_name(body_node, :sha256)
sha256_calls.each do |sha256_call|
sha256_node = get_checksum_node(sha256_call)
audit_sha256(sha256_node)
end end
end end
def audit_checksums(node, spec, resource_name = nil) def get_checksum_node(call)
msg_prefix = if resource_name return if parameters(call).empty? || parameters(call).nil?
"#{spec} resource \"#{resource_name}\": " if parameters(call).first.str_type?
else parameters(call).first
"#{spec}: " elsif parameters(call).first.hash_type?
parameters(call).first.keys.first
end end
if find_node_method_by_name(node, :md5)
problem "#{msg_prefix}MD5 checksums are deprecated, please use SHA256"
end end
if find_node_method_by_name(node, :sha1) def audit_sha256(checksum)
problem "#{msg_prefix}SHA1 checksums are deprecated, please use SHA256" return if checksum.nil?
end if regex_match_group(checksum, /^$/)
problem "sha256 is empty"
checksum_node = find_node_method_by_name(node, :sha256)
return if checksum_node.nil?
checksum = parameters(checksum_node).first
if string_content(checksum).size.zero?
problem "#{msg_prefix}sha256 is empty"
return return
end end
if string_content(checksum).size != 64 && regex_match_group(checksum, /^\w*$/) if string_content(checksum).size != 64 && regex_match_group(checksum, /^\w*$/)
problem "#{msg_prefix}sha256 should be 64 characters" problem "sha256 should be 64 characters"
end end
unless regex_match_group(checksum, /^[a-f0-9]+$/i) if regex_match_group(checksum, /[^a-f0-9]+/i)
problem "#{msg_prefix}sha256 contains invalid characters" problem "sha256 contains invalid characters"
end end
return unless regex_match_group(checksum, /[A-F]+/) return unless regex_match_group(checksum, /[A-F]+/)
problem "#{msg_prefix}sha256 should be lowercase" problem "sha256 should be lowercase"
end end
end end
end end

26
Library/Homebrew/test/rubocops/checksum_cop_spec.rb
View File

@ -23,15 +23,15 @@ describe RuboCop::Cop::FormulaAudit::Checksum do
end end
EOS EOS
expected_offenses = [{ message: "stable: sha256 is empty", expected_offenses = [{ message: "sha256 is empty",
severity: :convention, severity: :convention,
line: 5, line: 5,
column: 4, column: 12,
source: source }, source: source },
{ message: "stable resource \"foo-package\": sha256 is empty", { message: "sha256 is empty",
severity: :convention, severity: :convention,
line: 9, line: 9,
column: 6, column: 14,
source: source }] source: source }]
inspect_source(cop, source) inspect_source(cop, source)
@ -57,12 +57,12 @@ describe RuboCop::Cop::FormulaAudit::Checksum do
end end
EOS EOS
expected_offenses = [{ message: "stable: sha256 should be 64 characters", expected_offenses = [{ message: "sha256 should be 64 characters",
severity: :convention, severity: :convention,
line: 5, line: 5,
column: 12, column: 12,
source: source }, source: source },
{ message: "stable resource \"foo-package\": sha256 should be 64 characters", { message: "sha256 should be 64 characters",
severity: :convention, severity: :convention,
line: 9, line: 9,
column: 14, column: 14,
@ -91,15 +91,15 @@ describe RuboCop::Cop::FormulaAudit::Checksum do
end end
EOS EOS
expected_offenses = [{ message: "stable: sha256 contains invalid characters", expected_offenses = [{ message: "sha256 contains invalid characters",
severity: :convention, severity: :convention,
line: 5, line: 5,
column: 4, column: 31,
source: source }, source: source },
{ message: "stable resource \"foo-package\": sha256 contains invalid characters", { message: "sha256 contains invalid characters",
severity: :convention, severity: :convention,
line: 9, line: 9,
column: 6, column: 31,
source: source }] source: source }]
inspect_source(cop, source) inspect_source(cop, source)
@ -125,12 +125,12 @@ describe RuboCop::Cop::FormulaAudit::Checksum do
end end
EOS EOS
expected_offenses = [{ message: "stable: sha256 should be lowercase", expected_offenses = [{ message: "sha256 should be lowercase",
severity: :convention, severity: :convention,
line: 5, line: 5,
column: 21, column: 21,
source: source }, source: source },
{ message: "stable resource \"foo-package\": sha256 should be lowercase", { message: "sha256 should be lowercase",
severity: :convention, severity: :convention,
line: 9, line: 9,
column: 20, column: 20,
@ -163,7 +163,7 @@ describe RuboCop::Cop::FormulaAudit::Checksum do
end end
EOS EOS
expected_offenses = [{ message: "stable resource \"foo-outside\": sha256 should be lowercase", expected_offenses = [{ message: "sha256 should be lowercase",
severity: :convention, severity: :convention,
line: 5, line: 5,
column: 12, column: 12,