From b8e5ff431d2d5a20ba35d8a3fc9371e1a5ef3991 Mon Sep 17 00:00:00 2001
From: Mike McQuaid <mike@mikemcquaid.com>
Date: Thu, 19 May 2016 07:56:11 +0100
Subject: [PATCH] audit: check more GitHub URLs. (#256)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

GitHub’s code load and patch-diff URLs are the result of redirects and
make it harder to modify the URL to reach the original repository.
---
 Library/Homebrew/cmd/audit.rb | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/Library/Homebrew/cmd/audit.rb b/Library/Homebrew/cmd/audit.rb
index 70b5b13ac3..d252909d05 100644
--- a/Library/Homebrew/cmd/audit.rb
+++ b/Library/Homebrew/cmd/audit.rb
@@ -636,6 +636,13 @@ class FormulaAuditor
       unless patch.url =~ /[a-fA-F0-9]{40}/
         problem "GitHub/Gist patches should specify a revision:\n#{patch.url}"
       end
+    when %r{https?://patch-diff\.githubusercontent\.com/raw/(.+)/(.+)/pull/(.+)\.(?:diff|patch)}
+      problem <<-EOS.undent
+        use GitHub pull request URLs:
+          https://github.com/#{$1}/#{$2}/pulls/#{$3}.patch
+        Rather than patch-diff:
+          #{patch.url}
+      EOS
     when %r{macports/trunk}
       problem "MacPorts patches should specify a revision instead of trunk:\n#{patch.url}"
     when %r{^http://trac\.macports\.org}
@@ -1235,6 +1242,17 @@ class ResourceAuditor
       next unless u =~ %r{https://.*github.*/(archive|releases)/.*\.zip$} && u !~ %r{releases/download}
       problem "Use GitHub tarballs rather than zipballs (url is #{u})."
     end
+
+    # Don't use GitHub codeload URLs
+    urls.each do |u|
+      next unless u =~ %r{https?://codeload\.github\.com/(.+)/(.+)/(?:tar\.gz|zip)/(.+)}
+      problem <<-EOS.undent
+        use GitHub archive URLs:
+          https://github.com/#{$1}/#{$2}/archive/#{$3}.tar.gz
+        Rather than codeload:
+          #{u}
+      EOS
+    end
   end
 
   def problem(text)