From 51956d343a5b38a683db9afe51e39dabbd715ac0 Mon Sep 17 00:00:00 2001
From: Dominyk Tiller <dominyktiller@gmail.com>
Date: Wed, 11 Feb 2015 00:53:54 +0000
Subject: [PATCH] audit: extend ssl checks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Extends the audit checks to GnuPG, a significant chunk of Freedesktop
domains, and Github Pages. I鈥檝e somewhat hardened my stance towards
Github Pages from the last time we extended this, hence the new
inclusion - I did a pretty thorough check through the Homebrew formulae
that use Github Pages for homepage links and found very few places
where enforcing SSL/TLS would cause issues - I think a wider
enforcement is worthwhile.
I鈥檝e also fixed the capitalisation of the taps, if only because at the
moment it disagrees with what ` puts formula.tap ` outputs (We get
Homebrew/homebrew-head-only rather than homebrew/homebrew-head-only for
example).
Closes Homebrew/homebrew#36719.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
---
Library/Homebrew/cmd/audit.rb | 35 +++++++++++++++++++++++++++++++----
1 file changed, 31 insertions(+), 4 deletions(-)
diff --git a/Library/Homebrew/cmd/audit.rb b/Library/Homebrew/cmd/audit.rb
index 2c2b6e34b5..b13a2ad9d8 100644
--- a/Library/Homebrew/cmd/audit.rb
+++ b/Library/Homebrew/cmd/audit.rb
@@ -243,13 +243,40 @@ class FormulaAuditor
problem "Savannah homepages should be https:// links (URL is #{homepage})."
end
+ if homepage =~ %r[^http://((?:trac|tools|www)\.)?ietf\.org]
+ problem "ietf homepages should be https:// links (URL is #{homepage})."
+ end
+
+ if homepage =~ %r[^http://((?:www)\.)?gnupg.org/]
+ problem "GnuPG homepages should be https:// links (URL is #{homepage})."
+ end
+
+ # Freedesktop is complicated to handle - It has SSL/TLS, but only on certain subdomains.
+ # To enable https Freedesktop change the url from http://project.freedesktop.org/wiki to
+ # https://wiki.freedesktop.org/project_name.
+ # "Software" is redirected to https://wiki.freedesktop.org/www/Software/project_name
+ if homepage =~ %r[^http://((?:www|nice|libopenraw|liboil|telepathy|xorg)\.)?freedesktop\.org/(?:wiki/)?]
+ if homepage =~ /Software/
+ problem "The url should be styled `https://wiki.freedesktop.org/www/Software/project_name`, not #{homepage})."
+ else
+ problem "The url should be styled `https://wiki.freedesktop.org/project_name`, not #{homepage})."
+ end
+ end
+
+ if homepage =~ %r[^http://wiki\.freedesktop\.org/]
+ problem "Freedesktop's Wiki subdomain should be https:// (URL is #{homepage})."
+ end
+
# There's an auto-redirect here, but this mistake is incredibly common too.
if homepage =~ %r[^http://packages\.debian\.org]
problem "Debian homepage should be https:// links (URL is #{homepage})."
end
- if homepage =~ %r[^http://((?:trac|tools|www)\.)?ietf\.org]
- problem "ietf homepages should be https:// links (URL is #{homepage})."
+ # People will run into mixed content sometimes, but we should enforce and then add
+ # exemptions as they are discovered. Treat mixed content on homepages as a bug.
+ # Justify each exemptions with a code comment so we can keep track here.
+ if homepage =~ %r[^http://[^/]*github\.io/]
+ problem "Github Pages links should be https:// (URL is #{homepage})."
end
# There's an auto-redirect here, but this mistake is incredibly common too.
@@ -360,11 +387,11 @@ class FormulaAuditor
end
def audit_specs
- if head_only?(formula) && formula.tap != "homebrew/homebrew-head-only"
+ if head_only?(formula) && formula.tap != "Homebrew/homebrew-head-only"
problem "Head-only (no stable download)"
end
- if devel_only?(formula) && formula.tap != "homebrew/homebrew-devel-only"
+ if devel_only?(formula) && formula.tap != "Homebrew/homebrew-devel-only"
problem "Devel-only (no stable download)"
end
--
GitLab