-
-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
audit: Port audit_checksum method to rubocop and add tests #2755
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
require_relative "./extend/formula_cop" | ||
|
||
module RuboCop | ||
module Cop | ||
module FormulaAudit | ||
class Checksum < FormulaCop | ||
def audit_formula(_node, _class_node, _parent_class_node, body_node) | ||
%w[Stable Devel HEAD].each do |name| | ||
next unless spec_node = find_block(body_node, name.downcase.to_sym) | ||
_, _, spec_body = *spec_node | ||
audit_checksums(spec_body, name) | ||
resource_blocks = find_all_blocks(spec_body, :resource) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We also need to get all resource blocks that aren't inside a stable/devel/head. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is not currently being done in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I believe that the resource blocks are currently being audited as part of running There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I couldn't find any existing method/code in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Auditing the stable spec audits everything which is outside those blocks (as they are implicitly stable). The existing code is therefore fine, it's just this code that needs adjusted for that implicit stable resource handling. Make sense? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah. Got it. Thanks. |
||
resource_blocks.each do |rb| | ||
_, _, resource_body = *rb | ||
audit_checksums(resource_body, name, string_content(parameters(rb).first)) | ||
end | ||
end | ||
end | ||
|
||
def audit_checksums(node, spec, resource_name = nil) | ||
msg_prefix = if resource_name | ||
"#{spec} resource \"#{resource_name}\": " | ||
else | ||
"#{spec}: " | ||
end | ||
if find_node_method_by_name(node, :md5) | ||
problem "#{msg_prefix}MD5 checksums are deprecated, please use SHA256" | ||
end | ||
|
||
if find_node_method_by_name(node, :sha1) | ||
problem "#{msg_prefix}SHA1 checksums are deprecated, please use SHA256" | ||
end | ||
|
||
checksum_node = find_node_method_by_name(node, :sha256) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Need to handle if this is There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should an error be raised, if there is no There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. A RuboCop error: yes, I think so. I was seeing this on formulae that had them though so it may be a bug, too. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you mean, There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I can't remember now helpfully but I think it's just that again we can have a stable/devel/head block that doesn't have a URL therefore doesn't need a checksum (although head urls don't need checksums either). |
||
checksum = parameters(checksum_node).first | ||
if string_content(checksum).size.zero? | ||
problem "#{msg_prefix}sha256 is empty" | ||
return | ||
end | ||
|
||
if string_content(checksum).size != 64 && regex_match_group(checksum, /^\w*$/) | ||
problem "#{msg_prefix}sha256 should be 64 characters" | ||
end | ||
|
||
unless regex_match_group(checksum, /^[a-f0-9]+$/i) | ||
problem "#{msg_prefix}sha256 contains invalid characters" | ||
end | ||
|
||
return unless regex_match_group(checksum, /^[a-f0-9]+$/) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah. This is embarrassing :/ There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We all make mistakes; it's embarrassing that I didn't spot it in review! |
||
problem "#{msg_prefix}sha256 should be lowercase" | ||
end | ||
end | ||
end | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
require "rubocop" | ||
require "rubocop/rspec/support" | ||
require_relative "../../extend/string" | ||
require_relative "../../rubocops/checksum_cop" | ||
|
||
describe RuboCop::Cop::FormulaAudit::Checksum do | ||
subject(:cop) { described_class.new } | ||
|
||
context "When auditing spec checksums" do | ||
it "When the checksum is empty" do | ||
source = <<-EOS.undent | ||
class Foo < Formula | ||
url 'http://example.com/foo-1.0.tgz' | ||
stable do | ||
url "https://github.com/foo-lang/foo-compiler/archive/0.18.0.tar.gz" | ||
sha256 "" | ||
|
||
resource "foo-package" do | ||
url "https://github.com/foo-lang/foo-package/archive/0.18.0.tar.gz" | ||
sha256 "" | ||
end | ||
end | ||
end | ||
EOS | ||
|
||
expected_offenses = [{ message: "Stable: sha256 is empty", | ||
severity: :convention, | ||
line: 5, | ||
column: 4, | ||
source: source }, | ||
{ message: "Stable resource \"foo-package\": sha256 is empty", | ||
severity: :convention, | ||
line: 9, | ||
column: 6, | ||
source: source }] | ||
|
||
inspect_source(cop, source) | ||
|
||
expected_offenses.zip(cop.offenses).each do |expected, actual| | ||
expect_offense(expected, actual) | ||
end | ||
end | ||
|
||
it "When the checksum is not 64 characters" do | ||
source = <<-EOS.undent | ||
class Foo < Formula | ||
url 'http://example.com/foo-1.0.tgz' | ||
stable do | ||
url "https://github.com/foo-lang/foo-compiler/archive/0.18.0.tar.gz" | ||
sha256 "5cf6e1ae0a645b426c0474cc7cd3f7d1605ffa1ac5756a39a8b2268ddc7ea0e9ad" | ||
|
||
resource "foo-package" do | ||
url "https://github.com/foo-lang/foo-package/archive/0.18.0.tar.gz" | ||
sha256 "5cf6e1ae0a645b426c047aaa4cc7cd3f7d1605ffa1ac5756a39a8b2268ddc7ea0e9" | ||
end | ||
end | ||
end | ||
EOS | ||
|
||
expected_offenses = [{ message: "Stable: sha256 should be 64 characters", | ||
severity: :convention, | ||
line: 5, | ||
column: 12, | ||
source: source }, | ||
{ message: "Stable resource \"foo-package\": sha256 should be 64 characters", | ||
severity: :convention, | ||
line: 9, | ||
column: 14, | ||
source: source }] | ||
|
||
inspect_source(cop, source) | ||
|
||
expected_offenses.zip(cop.offenses).each do |expected, actual| | ||
expect_offense(expected, actual) | ||
end | ||
end | ||
end | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's just make these lowercase, I don't think
Devel
looks very nice.