HTTPS Spotter
| #!/usr/local/autopkg/python | |
| # encoding: utf-8 | |
| # HTTPS Spotter | |
| # Copyright 2016-2020 Elliot Jordan | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| """https_spotter.py. | |
| Scans for HTTP URLs in a specified repository of AutoPkg recipes and suggests | |
| HTTPS alternatives wherever possible. | |
| """ | |
| import argparse | |
| import os | |
| import plistlib | |
| import subprocess | |
| # Path to curl. | |
| CURL_PATH = "/usr/bin/curl" | |
| def build_argument_parser(): | |
| """Build and return the argument parser.""" | |
| parser = argparse.ArgumentParser( | |
| description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter | |
| ) | |
| parser.add_argument( | |
| "repo_path", help="Path to search for AutoPkg recipes." | |
| ) | |
| parser.add_argument( | |
| "--auto", | |
| action="store_true", | |
| default=False, | |
| help="Automatically apply suggested changes to recipes. Only recommended " | |
| "for repos you manage or are submitting a pull request to. (Applying " | |
| "changes to repos added using `autopkg repo-add` may result in failure " | |
| "to update the repo in the future.)", | |
| ) | |
| parser.add_argument( | |
| "-v", | |
| "--verbose", | |
| action="count", | |
| default=0, | |
| help="Print additional output useful for " | |
| "troubleshooting. (Can be specified multiple times.)", | |
| ) | |
| return parser | |
| def check_url(url, verbose): | |
| """Checks a given HTTPS URL to see whether an HTTPS equivalent is | |
| available.""" | |
| https_url = url.replace("http:", "https:") | |
| try: | |
| cmd = [ | |
| CURL_PATH, | |
| "--head", | |
| "--silent", | |
| "--location", | |
| "--max-time", | |
| "5", | |
| "--max-redirs", | |
| "10", | |
| "--url", | |
| https_url, | |
| ] | |
| if verbose > 1: | |
| print(" Curl command: %s" % " ".join(cmd)) | |
| proc = subprocess.run(cmd, check=False, capture_output=True) | |
| http_response = [x for x in proc.stdout.splitlines() if x.startswith(b"HTTP/")] | |
| http_status = int(http_response[0].split()[1]) | |
| if verbose > 2: | |
| print(" Exit code: %s" % proc.returncode) | |
| print(" HTTP status: %s" % http_status) | |
| if proc.returncode == 0: | |
| # Ignoring HTTP status because 404 with SSL is better than 404 without. | |
| return https_url | |
| except Exception as err: | |
| if verbose > 3: | |
| print(" %s" % err) | |
| return False | |
| def process_recipe(recipe_path, args): | |
| """Processes one recipe.""" | |
| try: | |
| # Read recipe. | |
| with open(recipe_path, "rb") as openfile: | |
| recipe = plistlib.load(openfile) | |
| if "Process" in recipe: | |
| processors = [x.get("Processor") for x in recipe["Process"]] | |
| if "DeprecationWarning" in processors: | |
| if args.verbose > 0: | |
| print("Skipping: %s (contains DeprecationWarning)" % (recipe_path)) | |
| return | |
| if args.verbose > 0: | |
| print("Processing: %s" % (recipe_path)) | |
| urls_to_check = [] | |
| # Gather HTTP URLs from Input. | |
| for key in recipe.get("Input", {}): | |
| if isinstance(recipe["Input"][key], str) and recipe["Input"][ | |
| key | |
| ].startswith("http:"): | |
| urls_to_check.append(recipe["Input"][key]) | |
| # Gather HTTP URLs from Processors. | |
| for proc in recipe.get("Process", []): | |
| for _, value in proc.get("Arguments", {}).items(): | |
| if not isinstance(value, str): | |
| # Only looking at string arguments, not diving | |
| # deeper into lists/dicts. | |
| continue | |
| if value.startswith("http:"): | |
| urls_to_check.append(value) | |
| # Check HTTP URLs for HTTPS equivalents. | |
| for http_url in urls_to_check: | |
| https_url = check_url(http_url, args.verbose) | |
| if not https_url: | |
| continue | |
| if args.auto: | |
| # Read/write as text instead of using plistlib in order | |
| # to prevent unrelated changes (e.g. whitespace) in diff. | |
| with open(recipe_path, "r") as openfile: | |
| recipe_contents = openfile.read() | |
| with open(recipe_path, "w") as openfile: | |
| openfile.write(recipe_contents.replace(http_url, https_url)) | |
| print(recipe_path) | |
| print(" Replaced: %s" % (http_url)) | |
| print(" With: %s" % (https_url)) | |
| else: | |
| print(recipe_path) | |
| print(" Replace: %s" % (http_url)) | |
| print(" With: %s" % (https_url)) | |
| return True | |
| except Exception as err: | |
| print("[ERROR] %s (%s)" % (recipe_path, err)) | |
| raise err | |
| def main(): | |
| """Scans all recipes in the specified folder for HTTP URLs.""" | |
| # Parse command line arguments. | |
| argparser = build_argument_parser() | |
| args = argparser.parse_args() | |
| if args.repo_path: | |
| path = args.repo_path | |
| else: | |
| path = "~/Library/AutoPkg/Recipes" | |
| # Process all recipes looking for HTTP URLs. | |
| suggestion_count = 0 | |
| for dirpath, dirnames, filenames in os.walk(os.path.expanduser(path)): | |
| for dirname in dirnames: | |
| dirnames = [x for x in dirnames if not x.startswith(".")] | |
| filenames = [x for x in filenames if x.endswith(".recipe")] | |
| for filename in filenames: | |
| if process_recipe(os.path.join(dirpath, filename), args): | |
| suggestion_count += 1 | |
| if not args.auto and suggestion_count > 0: | |
| changes = "change" if suggestion_count == 1 else "changes" | |
| print( | |
| "\n%d suggested %s. To apply, run again with --auto." | |
| % (suggestion_count, changes) | |
| ) | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment