Add integrity validation when downloading Swiftlint (ashfurrow#162)

NicolasCombe5555 · Aug 31, 2021 · 2a77fe3 · 2a77fe3
1 parent 3c8bbf4
commit 2a77fe3
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 8 deletions.
diff --git a/ext/swiftlint/Rakefile b/ext/swiftlint/Rakefile
@@ -10,16 +10,13 @@ namespace :swiftlint do
     REPO = 'https://github.com/realm/SwiftLint'
     VERSION = ENV['SWIFTLINT_VERSION'] || DangerSwiftlint::SWIFTLINT_VERSION
     ASSET = 'portable_swiftlint.zip'
-    URL = "#{REPO}/releases/download/#{VERSION}/#{ASSET}"
-    DESTINATION = File.expand_path(File.join(File.dirname(__FILE__), 'bin'))
+    ENV['ASSET'] = ASSET
+    ENV['URL'] = "#{REPO}/releases/download/#{VERSION}/#{ASSET}"
+    ENV['SWIFTLINT_MD5_HASH'] = DangerSwiftlint::SWIFTLINT_HASH
+    ENV['DESTINATION'] = File.expand_path(File.join(File.dirname(__FILE__), 'bin'))
 
     puts "Downloading swiftlint@#{VERSION}"
-    sh [
-      "mkdir -p '#{DESTINATION}'",
-      "curl -s -L #{URL} -o #{ASSET}",
-      "unzip -q #{ASSET} -d '#{DESTINATION}'",
-      "rm #{ASSET}"
-    ].join(' && ')
+    sh "./downloadSwiftlint.sh"
   end
 end
 

diff --git a/ext/swiftlint/downloadSwiftlint.sh b/ext/swiftlint/downloadSwiftlint.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# frozen_string_literal: true
+
+mkdir -p ${DESTINATION}
+curl -s -L ${URL} -o ${ASSET}
+if [[ $(md5 -q ${ASSET}) != ${SWIFTLINT_MD5_HASH} ]]; then
+  echo "Zip was corrupted, try again later."
+else
+  unzip -o -q ${ASSET} -d ${DESTINATION}
+fi
+rm ${ASSET}
diff --git a/lib/version.rb b/lib/version.rb
@@ -3,4 +3,5 @@
 module DangerSwiftlint
   VERSION = '0.27.0'
   SWIFTLINT_VERSION = '0.43.1'
+  SWIFTLINT_HASH = '4eaeabbb43b308975d16e3d9869880dc'
 end