cask/audit: allow the homepage https audit to have exceptions

2021-10-04 19:22:30 -04:00 · 2021-10-04 19:22:30 -04:00 · d124d8eae8
commit d124d8eae8
parent 6de841cd73
1 changed files with 27 additions and 2 deletions
--- a/Library/Homebrew/cask/audit.rb
+++ b/Library/Homebrew/cask/audit.rb
@ -44,6 +44,7 @@ module Cask
      @strict = strict
      @new_cask = new_cask
      @token_conflicts = token_conflicts
+      @tap_audit_exceptions = cask.tap&.audit_exceptions
    end

    def run!
@ -746,14 +747,38 @@ module Cask

      check_url_for_https_availability(cask.homepage,
                                       "homepage URL",
+                                       cask.token,
                                       user_agents:   [:browser, :default],
                                       check_content: true,
                                       strict:        strict?)
    end

-    def check_url_for_https_availability(url_to_check, url_type, **options)
+    def check_url_for_https_availability(url_to_check, url_type, cask_token, **options)
      problem = curl_check_http_content(url_to_check.to_s, url_type, **options)
-      add_error problem if problem
+      exception = tap_audit_exception(:cert_error_allowlist, cask_token, url_to_check)
+
+      if problem
+        add_error problem unless exception
+      elsif exception
+        add_error "#{url_to_check} is in the certificate error allowlist but does not have a certificate error"
+      end
+    end
+
+    def tap_audit_exception(list, cask, value = nil)
+      return false if @tap_audit_exceptions.blank?
+      return false unless @tap_audit_exceptions.key? list
+
+      list = @tap_audit_exceptions[list]
+
+      case list
+      when Array
+        list.include? cask
+      when Hash
+        return false unless list.include? cask
+        return list[cask] if value.blank?
+
+        list[cask] == value
+      end
    end
  end
 end