-
EricFromCanada authoredEricFromCanada authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
audit_spec.rb 26.73 KiB
# typed: false
# frozen_string_literal: true
require "cask/audit"
describe Cask::Audit, :cask do
def include_msg?(messages, msg)
if msg.is_a?(Regexp)
Array(messages).any? { |m| m =~ msg }
else
Array(messages).include?(msg)
end
end
matcher :pass do
match do |audit|
!audit.errors? && !audit.warnings?
end
end
matcher :fail_with do |message|
match do |audit|
include_msg?(audit.errors, message)
end
end
matcher :warn_with do |message|
match do |audit|
include_msg?(audit.warnings, message)
end
end
let(:cask) { instance_double(Cask::Cask) }
let(:new_cask) { nil }
let(:online) { nil }
let(:strict) { nil }
let(:token_conflicts) { nil }
let(:audit) {
described_class.new(cask, online: online,
strict: strict,
new_cask: new_cask,
token_conflicts: token_conflicts)
}
describe "#new" do
context "when `new_cask` is specified" do
let(:new_cask) { true }
it "implies `online`" do
expect(audit).to be_online
end
it "implies `strict`" do
expect(audit).to be_strict
end
it "implies `token_conflicts`" do
expect(audit.token_conflicts?).to be true
end
end
context "when `online` is specified" do
let(:online) { true }
it "implies `appcast`" do
expect(audit.appcast?).to be true
end
it "implies `download`" do
expect(audit.download).to be_truthy
end
end
end
describe "#result" do
subject { audit.result }
context "when there are errors" do
before do
audit.add_error "bad"
end
it { is_expected.to match(/failed/) }
end
context "when there are warnings" do
before do
audit.add_warning "eh"
end
it { is_expected.to match(/warning/) }
end
context "when there are errors and warnings" do
before do
audit.add_error "bad"
audit.add_warning "eh"
end
it { is_expected.to match(/failed/) }
end
context "when there are no errors or warnings" do
it { is_expected.to match(/passed/) }
end
end
describe "#run!" do
subject { audit.run! }
def tmp_cask(name, text)
path = Pathname.new "#{dir}/#{name}.rb"
path.open("w") do |f|
f.write text
end
Cask::CaskLoader.load(path)
end
let(:dir) { mktmpdir }
let(:cask) { Cask::CaskLoader.load(cask_token) }
describe "required stanzas" do
%w[version sha256 url name homepage].each do |stanza|
context "when missing #{stanza}" do
let(:cask_token) { "missing-#{stanza}" }
it { is_expected.to fail_with(/#{stanza} stanza is required/) }
end
end
end
describe "token validation" do
let(:strict) { true }
let(:cask) do
tmp_cask cask_token.to_s, <<~RUBY
cask '#{cask_token}' do
version '1.0'
sha256 '8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a'
url "https://brew.sh/"
name 'Audit'
homepage 'https://brew.sh/'
app 'Audit.app'
end
RUBY
end
context "when cask token is not lowercase" do
let(:cask_token) { "Upper-Case" }
it "fails" do
expect(subject).to fail_with(/lowercase/)
end
end
context "when cask token is not ascii" do
let(:cask_token) { "ascii⌘" }
it "fails" do
expect(subject).to fail_with(/contains non-ascii characters/)
end
end
context "when cask token has +" do
let(:cask_token) { "app++" }
it "fails" do
expect(subject).to fail_with(/\+ should be replaced by -plus-/)
end
end
context "when cask token has @" do
let(:cask_token) { "app@stuff" }
it "fails" do
expect(subject).to fail_with(/@ should be replaced by -at-/)
end
end
context "when cask token has whitespace" do
let(:cask_token) { "app stuff" }
it "fails" do
expect(subject).to fail_with(/whitespace should be replaced by hyphens/)
end
end
context "when cask token has underscores" do
let(:cask_token) { "app_stuff" }
it "fails" do
expect(subject).to fail_with(/underscores should be replaced by hyphens/)
end
end
context "when cask token has non-alphanumeric characters" do
let(:cask_token) { "app(stuff)" }
it "fails" do
expect(subject).to fail_with(/alphanumeric characters and hyphens/)
end
end
context "when cask token has double hyphens" do
let(:cask_token) { "app--stuff" }
it "fails" do
expect(subject).to fail_with(/should not contain double hyphens/)
end
end
context "when cask token has leading hyphens" do
let(:cask_token) { "-app" }
it "fails" do
expect(subject).to fail_with(/should not have leading or trailing hyphens/)
end
end
context "when cask token has trailing hyphens" do
let(:cask_token) { "app-" }
it "fails" do
expect(subject).to fail_with(/should not have leading or trailing hyphens/)
end
end
end
describe "token bad words" do
let(:new_cask) { true }
let(:online) { false }
let(:cask) do
tmp_cask cask_token.to_s, <<~RUBY
cask "#{cask_token}" do
version "1.0"
sha256 "8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a"
url "https://brew.sh/v\#{version}.zip"
name "Audit"
desc "Cask for testing tokens"
homepage "https://brew.sh/"
app "Audit.app"
end
RUBY
end
context "when cask token contains .app" do
let(:cask_token) { "token.app" }
it "fails" do
expect(subject).to fail_with(/token contains .app/)
end
end
context "when cask token contains version designation" do
let(:cask_token) { "token-beta" }
it "fails if the cask is from an official tap" do
allow(cask).to receive(:tap).and_return(Tap.fetch("homebrew/cask"))
expect(subject).to fail_with(/token contains version designation/)
end
it "does not fail if the cask is from the `cask-versions` tap" do
allow(cask).to receive(:tap).and_return(Tap.fetch("homebrew/cask-versions"))
expect(subject).to pass
end
end
context "when cask token contains launcher" do
let(:cask_token) { "token-launcher" }
it "fails" do
expect(subject).to fail_with(/token mentions launcher/)
end
end
context "when cask token contains desktop" do
let(:cask_token) { "token-desktop" }
it "fails" do
expect(subject).to fail_with(/token mentions desktop/)
end
end
context "when cask token contains platform" do
let(:cask_token) { "token-osx" }
it "fails" do
expect(subject).to fail_with(/token mentions platform/)
end
end
context "when cask token contains architecture" do
let(:cask_token) { "token-x86" }
it "fails" do
expect(subject).to fail_with(/token mentions architecture/)
end
end
context "when cask token contains framework" do
let(:cask_token) { "token-java" }
it "fails" do
expect(subject).to fail_with(/cask token mentions framework/)
end
end
context "when cask token is framework" do
let(:cask_token) { "java" }
it "does not fail" do
expect(subject).to pass
end
end
end
describe "locale validation" do
let(:cask) do
tmp_cask "locale-cask-test", <<~RUBY
cask 'locale-cask-test' do
version '1.0'
url "https://brew.sh/"
name 'Audit'
homepage 'https://brew.sh/'
app 'Audit.app'
language 'en', default: true do
sha256 '96574251b885c12b48a3495e843e434f9174e02bb83121b578e17d9dbebf1ffb'
'zh-CN'
end
language 'zh-CN' do
sha256 '96574251b885c12b48a3495e843e434f9174e02bb83121b578e17d9dbebf1ffb'
'zh-CN'
end
language 'ZH-CN' do
sha256 '96574251b885c12b48a3495e843e434f9174e02bb83121b578e17d9dbebf1ffb'
'zh-CN'
end
language 'zh-' do
sha256 '96574251b885c12b48a3495e843e434f9174e02bb83121b578e17d9dbebf1ffb'
'zh-CN'
end
language 'zh-cn' do
sha256 '96574251b885c12b48a3495e843e434f9174e02bb83121b578e17d9dbebf1ffb'
'zh-CN'
end
end
RUBY
end
context "when cask locale is invalid" do
it "error with invalid locale" do
expect(subject).to fail_with(/Locale 'ZH-CN' is invalid\./)
expect(subject).to fail_with(/Locale 'zh-' is invalid\./)
expect(subject).to fail_with(/Locale 'zh-cn' is invalid\./)
end
end
end
describe "pkg allow_untrusted checks" do
let(:message) { "allow_untrusted is not permitted in official Homebrew Cask taps" }
context "when the Cask has no pkg stanza" do
let(:cask_token) { "basic-cask" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask does not have allow_untrusted" do
let(:cask_token) { "with-uninstall-pkgutil" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has allow_untrusted" do
let(:cask_token) { "with-allow-untrusted" }
it { is_expected.to fail_with(message) }
end
end
describe "when the Cask stanza requires uninstall" do
let(:message) { "installer and pkg stanzas require an uninstall stanza" }
context "when the Cask does not require an uninstall" do
let(:cask_token) { "basic-cask" }
it { is_expected.not_to fail_with(message) }
end
context "when the pkg Cask has an uninstall" do
let(:cask_token) { "with-uninstall-pkgutil" }
it { is_expected.not_to fail_with(message) }
end
context "when the installer Cask has an uninstall" do
let(:cask_token) { "installer-with-uninstall" }
it { is_expected.not_to fail_with(message) }
end
context "when the installer Cask does not have an uninstall" do
let(:cask_token) { "with-installer-manual" }
it { is_expected.to fail_with(message) }
end
context "when the pkg Cask does not have an uninstall" do
let(:cask_token) { "pkg-without-uninstall" }
it { is_expected.to fail_with(message) }
end
end
describe "preflight stanza checks" do
let(:message) { "only a single preflight stanza is allowed" }
context "when the Cask has no preflight stanza" do
let(:cask_token) { "with-zap-rmdir" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has only one preflight stanza" do
let(:cask_token) { "with-preflight" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has multiple preflight stanzas" do
let(:cask_token) { "with-preflight-multi" }
it { is_expected.to fail_with(message) }
end
end
describe "postflight stanza checks" do
let(:message) { "only a single postflight stanza is allowed" }
context "when the Cask has no postflight stanza" do
let(:cask_token) { "with-zap-rmdir" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has only one postflight stanza" do
let(:cask_token) { "with-postflight" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has multiple postflight stanzas" do
let(:cask_token) { "with-postflight-multi" }
it { is_expected.to fail_with(message) }
end
end
describe "uninstall stanza checks" do
let(:message) { "only a single uninstall stanza is allowed" }
context "when the Cask has no uninstall stanza" do
let(:cask_token) { "with-zap-rmdir" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has only one uninstall stanza" do
let(:cask_token) { "with-uninstall-rmdir" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has multiple uninstall stanzas" do
let(:cask_token) { "with-uninstall-multi" }
it { is_expected.to fail_with(message) }
end
end
describe "uninstall_preflight stanza checks" do
let(:message) { "only a single uninstall_preflight stanza is allowed" }
context "when the Cask has no uninstall_preflight stanza" do
let(:cask_token) { "with-zap-rmdir" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has only one uninstall_preflight stanza" do
let(:cask_token) { "with-uninstall-preflight" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has multiple uninstall_preflight stanzas" do
let(:cask_token) { "with-uninstall-preflight-multi" }
it { is_expected.to fail_with(message) }
end
end
describe "uninstall_postflight stanza checks" do
let(:message) { "only a single uninstall_postflight stanza is allowed" }
context "when the Cask has no uninstall_postflight stanza" do
let(:cask_token) { "with-zap-rmdir" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has only one uninstall_postflight stanza" do
let(:cask_token) { "with-uninstall-postflight" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has multiple uninstall_postflight stanzas" do
let(:cask_token) { "with-uninstall-postflight-multi" }
it { is_expected.to fail_with(message) }
end
end
describe "zap stanza checks" do
let(:message) { "only a single zap stanza is allowed" }
context "when the Cask has no zap stanza" do
let(:cask_token) { "with-uninstall-rmdir" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has only one zap stanza" do
let(:cask_token) { "with-zap-rmdir" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask has multiple zap stanzas" do
let(:cask_token) { "with-zap-multi" }
it { is_expected.to fail_with(message) }
end
end
describe "version checks" do
let(:message) { "you should use version :latest instead of version 'latest'" }
context "when version is 'latest'" do
let(:cask_token) { "version-latest-string" }
it { is_expected.to fail_with(message) }
end
context "when version is :latest" do
let(:cask_token) { "version-latest-with-checksum" }
it { is_expected.not_to fail_with(message) }
end
end
describe "sha256 checks" do
context "when version is :latest and sha256 is not :no_check" do
let(:cask_token) { "version-latest-with-checksum" }
it { is_expected.to fail_with("you should use sha256 :no_check when version is :latest") }
end
context "when sha256 is not a legal SHA-256 digest" do
let(:cask_token) { "invalid-sha256" }
it { is_expected.to fail_with("sha256 string must be of 64 hexadecimal characters") }
end
context "when sha256 is sha256 for empty string" do
let(:cask_token) { "sha256-for-empty-string" }
it { is_expected.to fail_with(/cannot use the sha256 for an empty string/) }
end
end
describe "hosting with appcast checks" do
let(:message) { /please add an appcast/ }
context "when the download does not use hosting with an appcast" do
let(:cask_token) { "basic-cask" }
it { is_expected.not_to fail_with(message) }
end
context "when the download is hosted on SourceForge and has an appcast" do
let(:cask_token) { "sourceforge-with-appcast" }
it { is_expected.not_to fail_with(message) }
end
context "when the download is hosted on SourceForge and does not have an appcast" do
let(:cask_token) { "sourceforge-correct-url-format" }
it { is_expected.to fail_with(message) }
end
context "when the download is hosted on DevMate and has an appcast" do
let(:cask_token) { "devmate-with-appcast" }
it { is_expected.not_to fail_with(message) }
end
context "when the download is hosted on DevMate and does not have an appcast" do
let(:cask_token) { "devmate-without-appcast" }
it { is_expected.to fail_with(message) }
end
context "when the download is hosted on HockeyApp and has an appcast" do
let(:cask_token) { "hockeyapp-with-appcast" }
it { is_expected.not_to fail_with(message) }
end
context "when the download is hosted on HockeyApp and does not have an appcast" do
let(:cask_token) { "hockeyapp-without-appcast" }
it { is_expected.to fail_with(message) }
end
end
describe "latest with appcast checks" do
let(:message) { "Casks with an `appcast` should not use `version :latest`." }
context "when the Cask is :latest and does not have an appcast" do
let(:cask_token) { "version-latest" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask is versioned and has an appcast" do
let(:cask_token) { "with-appcast" }
it { is_expected.not_to fail_with(message) }
end
context "when the Cask is :latest and has an appcast" do
let(:cask_token) { "latest-with-appcast" }
it { is_expected.to fail_with(message) }
end
end
describe "denylist checks" do
context "when the Cask is not on the denylist" do
let(:cask_token) { "adobe-air" }
it { is_expected.to pass }
end
context "when the Cask is on the denylist" do
context "and it's in the official Homebrew tap" do
let(:cask_token) { "adobe-illustrator" }
it { is_expected.to fail_with(/#{cask_token} is not allowed: \w+/) }
end
context "and it isn't in the official Homebrew tap" do
let(:cask_token) { "pharo" }
it { is_expected.to pass }
end
end
end
describe "latest with auto_updates checks" do
let(:message) { "Casks with `version :latest` should not use `auto_updates`." }
context "when the Cask is :latest and does not have auto_updates" do
let(:cask_token) { "version-latest" }
it { is_expected.to pass }
end
context "when the Cask is versioned and does not have auto_updates" do
let(:cask_token) { "basic-cask" }
it { is_expected.to pass }
end
context "when the Cask is versioned and has auto_updates" do
let(:cask_token) { "auto-updates" }
it { is_expected.to pass }
end
context "when the Cask is :latest and has auto_updates" do
let(:cask_token) { "latest-with-auto-updates" }
it { is_expected.to fail_with(message) }
end
end
describe "preferred download URL formats" do
let(:message) { /URL format incorrect/ }
context "with incorrect SourceForge URL format" do
let(:cask_token) { "sourceforge-incorrect-url-format" }
it { is_expected.to fail_with(message) }
end
context "with correct SourceForge URL format" do
let(:cask_token) { "sourceforge-correct-url-format" }
it { is_expected.not_to fail_with(message) }
end
context "with correct SourceForge URL format for version :latest" do
let(:cask_token) { "sourceforge-version-latest-correct-url-format" }
it { is_expected.not_to fail_with(message) }
end
context "with incorrect OSDN URL format" do
let(:cask_token) { "osdn-incorrect-url-format" }
it { is_expected.to fail_with(message) }
end
context "with correct OSDN URL format" do
let(:cask_token) { "osdn-correct-url-format" }
it { is_expected.not_to fail_with(message) }
end
end
describe "generic artifact checks" do
context "with relative target" do
let(:cask_token) { "generic-artifact-relative-target" }
it { is_expected.to fail_with(/target must be.*absolute/) }
end
context "with user-relative target" do
let(:cask_token) { "generic-artifact-user-relative-target" }
it { is_expected.not_to fail_with(/target must be.*absolute/) }
end
context "with absolute target" do
let(:cask_token) { "generic-artifact-absolute-target" }
it { is_expected.not_to fail_with(/target must be.*absolute/) }
end
end
describe "url checks" do
context "given a block" do
let(:cask_token) { "booby-trap" }
context "when loading the cask" do
it "does not evaluate the block" do
expect { cask }.not_to raise_error
end
end
context "when doing the audit" do
it "evaluates the block" do
expect(subject).to fail_with(/Boom/)
end
end
end
end
describe "token conflicts" do
let(:cask_token) { "with-binary" }
let(:token_conflicts) { true }
context "when cask token conflicts with a core formula" do
let(:formula_names) { %w[with-binary other-formula] }
it "warns about duplicates" do
expect(audit).to receive(:core_formula_names).and_return(formula_names)
expect(subject).to warn_with(/possible duplicate/)
end
end
context "when cask token does not conflict with a core formula" do
let(:formula_names) { %w[other-formula] }
it { is_expected.to pass }
end
end
describe "audit of downloads" do
let(:cask_token) { "with-binary" }
let(:cask) { Cask::CaskLoader.load(cask_token) }
let(:download_double) { instance_double(Cask::Download) }
let(:message) { "Download Failed" }
before do
allow(audit).to receive(:download).and_return(download_double)
allow(audit).to receive(:check_https_availability)
end
it "when download and verification succeed it does not fail" do
expect(download_double).to receive(:fetch)
expect(subject).to pass
end
it "when download fails it fails" do
expect(download_double).to receive(:fetch).and_raise(StandardError.new(message))
expect(subject).to fail_with(/#{message}/)
end
end
context "when an exception is raised" do
let(:cask) { instance_double(Cask::Cask) }
it "fails the audit" do
expect(cask).to receive(:tap).and_raise(StandardError.new)
expect(subject).to fail_with(/exception while auditing/)
end
end
describe "without description" do
let(:cask_token) { "without-description" }
let(:cask) do
tmp_cask cask_token.to_s, <<~RUBY
cask '#{cask_token}' do
version '1.0'
sha256 '8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a'
url "https://brew.sh/"
name 'Audit'
homepage 'https://brew.sh/'
app 'Audit.app'
end
RUBY
end
context "when `new_cask` is true" do
let(:new_cask) { true }
it "fails" do
expect(subject).to fail_with(/should have a description/)
end
end
context "when `new_cask` is false" do
let(:new_cask) { false }
it "warns" do
expect(subject).to warn_with(/should have a description/)
end
end
end
context "with description" do
let(:cask_token) { "with-description" }
let(:cask) do
tmp_cask cask_token.to_s, <<~RUBY
cask "#{cask_token}" do
version "1.0"
sha256 "8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a"
url "https://brew.sh/\#{version}.zip"
name "Audit"
desc "Cask Auditor"
homepage "https://brew.sh/"
app "Audit.app"
end
RUBY
end
it "passes" do
expect(subject).to pass
end
end
context "when the url matches the homepage" do
let(:cask_token) { "foo" }
let(:cask) do
tmp_cask cask_token.to_s, <<~RUBY
cask '#{cask_token}' do
version '1.0'
sha256 '8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a'
url 'https://foo.brew.sh/foo.zip'
name 'Audit'
desc 'Audit Description'
homepage 'https://foo.brew.sh'
app 'Audit.app'
end
RUBY
end
it { is_expected.to pass }
end
context "when the url does not match the homepage" do
let(:cask_token) { "foo" }
let(:cask) do
tmp_cask cask_token.to_s, <<~RUBY
cask '#{cask_token}' do
version "1.8.0_72,8.13.0.5"
sha256 "8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a"
url "https://brew.sh/foo-\#{version.after_comma}.zip"
name "Audit"
desc "Audit Description"
homepage "https://foo.example.org"
app "Audit.app"
end
RUBY
end
it { is_expected.to fail_with(/a 'verified' parameter has to be added/) }
end
context "when the url does not match the homepage with verified" do
let(:cask_token) { "foo" }
let(:cask) do
tmp_cask cask_token.to_s, <<~RUBY
cask "#{cask_token}" do
version "1.8.0_72,8.13.0.5"
sha256 "8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a"
url "https://brew.sh/foo-\#{version.after_comma}.zip", verified: "brew.sh"
name "Audit"
desc "Audit Description"
homepage "https://foo.example.org"
app "Audit.app"
end
RUBY
end
it { is_expected.to pass }
end
context "when there is no homepage" do
let(:cask_token) { "foo" }
let(:cask) do
tmp_cask cask_token.to_s, <<~RUBY
cask '#{cask_token}' do
version '1.8.0_72,8.13.0.5'
sha256 '8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a'
url 'https://brew.sh/foo.zip'
name 'Audit'
desc 'Audit Description'
app 'Audit.app'
end
RUBY
end
it { is_expected.to fail_with(/a homepage stanza is required/) }
end
end
end