Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audit: only flag if checksum changes when full url and version stay the same #9111

Merged
merged 1 commit into from Nov 13, 2020
Merged

audit: only flag if checksum changes when full url and version stay the same #9111

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 5 additions & 1 deletion Library/Homebrew/dev-cmd/audit.rb
View file
Open in desktop
Expand Up @@ -903,6 +903,7 @@ def audit_revision_and_version_scheme
current_checksum = formula.stable.checksum
current_version_scheme = formula.version_scheme
current_revision = formula.revision
current_url = formula.stable.url

previous_version = nil
previous_version_scheme = nil
Expand All @@ -911,6 +912,7 @@ def audit_revision_and_version_scheme
newest_committed_version = nil
newest_committed_checksum = nil
newest_committed_revision = nil
newest_committed_url = nil

fv.rev_list("origin/master") do |rev|
fv.formula_at_revision(rev) do |f|
Expand All @@ -925,16 +927,18 @@ def audit_revision_and_version_scheme
newest_committed_version ||= previous_version
newest_committed_checksum ||= previous_checksum
newest_committed_revision ||= previous_revision
newest_committed_url ||= stable.url
end

break if previous_version && current_version != previous_version
break if previous_revision && current_revision != previous_revision
end

if current_version == newest_committed_version &&
current_url == newest_committed_url &&
current_checksum != newest_committed_checksum
problem(
"stable sha256 changed without the version also changing; " \
"stable sha256 changed without the url/version also changing; " \
"please create an issue upstream to rule out malicious " \
"circumstances and to find out why the file changed.",
)
Expand Down
4 changes: 2 additions & 2 deletions Library/Homebrew/test/dev-cmd/audit_spec.rb
View file
Open in desktop
Expand Up @@ -682,7 +682,7 @@ def formula_gsub_origin_commit(before, after = "")
)
end

it { is_expected.to match("stable sha256 changed without the version also changing") }
it { is_expected.to match("stable sha256 changed without the url/version also changing") }
end

context "should not change with the same version when not the first commit" do
Expand All @@ -699,7 +699,7 @@ def formula_gsub_origin_commit(before, after = "")
)
end

it { is_expected.to match("stable sha256 changed without the version also changing") }
it { is_expected.to match("stable sha256 changed without the url/version also changing") }
end

context "can change with the different version" do
Expand Down