admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

add some heuristics to https upgrade check

Browse Source
This commit is contained in:
Viktor Szakats 2017-08-27 09:39:28 +00:00
parent db41f9d118
commit 923c84d4f7
1 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
Library/Homebrew/dev-cmd/audit.rb
View File

@ -201,7 +201,7 @@ class FormulaAuditor
@specs = %w[stable devel head].map { |s| formula.send(s) }.compact @specs = %w[stable devel head].map { |s| formula.send(s) }.compact
end end
def self.check_http_content(url, name, user_agents: [:default]) def self.check_http_content(type, url, name, user_agents: [:default])
return unless url.start_with? "http" return unless url.start_with? "http"
details = nil details = nil
@ -236,8 +236,31 @@ class FormulaAuditor
details[:content_length] == secure_details[:content_length] details[:content_length] == secure_details[:content_length]
file_match = details[:file_hash] == secure_details[:file_hash] file_match = details[:file_hash] == secure_details[:file_hash]
return if !etag_match && !content_length_match && !file_match if etag_match || content_length_match || file_match
"The URL #{url} could use HTTPS rather than HTTP" return "The URL #{url} could use HTTPS rather than HTTP"
end
if type == "homepage"
details[:file] = details[:file].gsub(/https?:\\?\/\\?\//, '/')
secure_details[:file] = secure_details[:file].gsub(/https?:\\?\/\\?\//, '/')
# Same content after normalization
if details[:file] == secure_details[:file]
return "The URL #{url} could use HTTPS rather than HTTP"
end
# Same size, different content after normalization
# (typical causes: Generated ID, Timestamp, Unix time)
if details[:file].length == secure_details[:file].length
return "The URL #{url} could use HTTPS rather than HTTP"
end
lenratio = (100 * secure_details[:file].length / details[:file].length).to_i
if lenratio >= 90 && lenratio <= 120
return "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser."
end
end
end end
def self.http_content_headers_and_checksum(url, hash_needed: false, user_agent: :default) def self.http_content_headers_and_checksum(url, hash_needed: false, user_agent: :default)
@ -260,6 +283,7 @@ class FormulaAuditor
etag: headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2], etag: headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2],
content_length: headers[/Content-Length: (\d+)/, 1], content_length: headers[/Content-Length: (\d+)/, 1],
file_hash: output_hash, file_hash: output_hash,
file: output,
} }
end end
@ -564,7 +588,8 @@ class FormulaAuditor
return unless @online return unless @online
return unless DevelopmentTools.curl_handles_most_https_homepages? return unless DevelopmentTools.curl_handles_most_https_homepages?
if http_content_problem = FormulaAuditor.check_http_content(homepage, if http_content_problem = FormulaAuditor.check_http_content("homepage",
homepage,
formula.name, formula.name,
user_agents: [:browser, :default]) user_agents: [:browser, :default])
problem http_content_problem problem http_content_problem
@ -1219,7 +1244,8 @@ class ResourceAuditor
# A `brew mirror`'ed URL is usually not yet reachable at the time of # A `brew mirror`'ed URL is usually not yet reachable at the time of
# pull request. # pull request.
next if url =~ %r{^https://dl.bintray.com/homebrew/mirror/} next if url =~ %r{^https://dl.bintray.com/homebrew/mirror/}
if http_content_problem = FormulaAuditor.check_http_content(url, name) if http_content_problem = FormulaAuditor.check_http_content("url",
url, name)
problem http_content_problem problem http_content_problem
end end
elsif strategy <= GitDownloadStrategy elsif strategy <= GitDownloadStrategy