admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

dev-cmd/audit: add audit for checksum

Browse Source
This commit is contained in:
Alexander Bayandin 2020-12-08 23:26:52 +00:00
parent ddfd499c20
commit 8717f82b9d
2 changed files with 54 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Library/Homebrew/resource_auditor.rb
View File

@ -26,6 +26,7 @@ module Homebrew
def audit def audit
audit_version audit_version
audit_download_strategy audit_download_strategy
audit_checksum
audit_urls audit_urls
self self
end end
@ -72,6 +73,13 @@ module Homebrew
problem "Redundant :using value in URL" problem "Redundant :using value in URL"
end end
def audit_checksum
return if spec_name == :head
return unless DownloadStrategyDetector.detect(url, using) <= CurlDownloadStrategy
problem "Checksum is missing" if checksum.blank?
end
def self.curl_openssl_and_deps def self.curl_openssl_and_deps
@curl_openssl_and_deps ||= begin @curl_openssl_and_deps ||= begin
formulae_names = ["curl", "openssl"] formulae_names = ["curl", "openssl"]

50
Library/Homebrew/test/dev-cmd/audit_spec.rb
View File

@ -564,10 +564,46 @@ module Homebrew
let(:throttle_list) { { throttled_formulae: { "foo" => 10 } } } let(:throttle_list) { { throttled_formulae: { "foo" => 10 } } }
let(:versioned_head_spec_list) { { versioned_head_spec_allowlist: ["foo"] } } let(:versioned_head_spec_list) { { versioned_head_spec_allowlist: ["foo"] } }
it "doesn't allow to miss a checksum" do
fa = formula_auditor "foo", <<~RUBY
class Foo < Formula
url "https://brew.sh/foo-1.0.tgz"
end
RUBY
fa.audit_specs
expect(fa.problems.first[:message]).to match "Checksum is missing"
end
it "allows to miss a checksum for git strategy" do
fa = formula_auditor "foo", <<~RUBY
class Foo < Formula
url "https://brew.sh/foo.git", tag: "1.0", revision: "f5e00e485e7aa4c5baa20355b27e3b84a6912790"
end
RUBY
fa.audit_specs
expect(fa.problems).to be_empty
end
it "allows to miss a checksum for HEAD" do
fa = formula_auditor "foo", <<~RUBY
class Foo < Formula
url "https://brew.sh/foo-1.0.tgz"
sha256 "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e"
head "https://brew.sh/foo.tgz"
end
RUBY
fa.audit_specs
expect(fa.problems).to be_empty
end
it "allows versions with no throttle rate" do it "allows versions with no throttle rate" do
fa = formula_auditor "bar", <<~RUBY, core_tap: true, tap_audit_exceptions: throttle_list fa = formula_auditor "bar", <<~RUBY, core_tap: true, tap_audit_exceptions: throttle_list
class Bar < Formula class Bar < Formula
url "https://brew.sh/foo-1.0.1.tgz" url "https://brew.sh/foo-1.0.1.tgz"
sha256 "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e"
end end
RUBY RUBY
@ -579,6 +615,7 @@ module Homebrew
fa = formula_auditor "foo", <<~RUBY, core_tap: true, tap_audit_exceptions: throttle_list fa = formula_auditor "foo", <<~RUBY, core_tap: true, tap_audit_exceptions: throttle_list
class Foo < Formula class Foo < Formula
url "https://brew.sh/foo-1.0.0.tgz" url "https://brew.sh/foo-1.0.0.tgz"
sha256 "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e"
end end
RUBY RUBY
@ -590,6 +627,7 @@ module Homebrew
fa = formula_auditor "foo", <<~RUBY, core_tap: true, tap_audit_exceptions: throttle_list fa = formula_auditor "foo", <<~RUBY, core_tap: true, tap_audit_exceptions: throttle_list
class Foo < Formula class Foo < Formula
url "https://brew.sh/foo-1.0.10.tgz" url "https://brew.sh/foo-1.0.10.tgz"
sha256 "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e"
end end
RUBY RUBY
@ -601,6 +639,7 @@ module Homebrew
fa = formula_auditor "foo", <<~RUBY, core_tap: true, tap_audit_exceptions: throttle_list fa = formula_auditor "foo", <<~RUBY, core_tap: true, tap_audit_exceptions: throttle_list
class Foo < Formula class Foo < Formula
url "https://brew.sh/foo-1.0.1.tgz" url "https://brew.sh/foo-1.0.1.tgz"
sha256 "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e"
end end
RUBY RUBY
@ -612,7 +651,8 @@ module Homebrew
fa = formula_auditor "bar", <<~RUBY, core_tap: true, tap_audit_exceptions: versioned_head_spec_list fa = formula_auditor "bar", <<~RUBY, core_tap: true, tap_audit_exceptions: versioned_head_spec_list
class Bar < Formula class Bar < Formula
url "https://brew.sh/foo-1.0.tgz" url "https://brew.sh/foo-1.0.tgz"
head "https://brew.sh/foo-1.0.tgz" sha256 "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e"
head "https://brew.sh/foo.git"
end end
RUBY RUBY
@ -624,7 +664,8 @@ module Homebrew
fa = formula_auditor "bar@1", <<~RUBY, core_tap: true, tap_audit_exceptions: versioned_head_spec_list fa = formula_auditor "bar@1", <<~RUBY, core_tap: true, tap_audit_exceptions: versioned_head_spec_list
class BarAT1 < Formula class BarAT1 < Formula
url "https://brew.sh/foo-1.0.tgz" url "https://brew.sh/foo-1.0.tgz"
head "https://brew.sh/foo-1.0.tgz" sha256 "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e"
head "https://brew.sh/foo.git"
end end
RUBY RUBY
@ -632,11 +673,12 @@ module Homebrew
expect(fa.problems.first[:message]).to match "Versioned formulae should not have a `HEAD` spec" expect(fa.problems.first[:message]).to match "Versioned formulae should not have a `HEAD` spec"
end end
it "allows ersioned formulae on the allowlist to have a `HEAD` spec" do it "allows versioned formulae on the allowlist to have a `HEAD` spec" do
fa = formula_auditor "foo", <<~RUBY, core_tap: true, tap_audit_exceptions: versioned_head_spec_list fa = formula_auditor "foo", <<~RUBY, core_tap: true, tap_audit_exceptions: versioned_head_spec_list
class Foo < Formula class Foo < Formula
url "https://brew.sh/foo-1.0.tgz" url "https://brew.sh/foo-1.0.tgz"
head "https://brew.sh/foo-1.0.tgz" sha256 "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e"
head "https://brew.sh/foo.git"
end end
RUBY RUBY