From: Mike Frysinger <vapier@gentoo.org>
To: gentoo-portage-dev@lists.gentoo.org
Subject: [gentoo-portage-dev] [PATCH v2] repoman: flag URIs using http:// when https:// is available
Date: Mon, 27 Jun 2016 17:13:23 -0400 [thread overview]
Message-ID: <1467062003-14024-1-git-send-email-vapier@gentoo.org> (raw)
In-Reply-To: <1465791724-17361-1-git-send-email-vapier@gentoo.org>
---
v2
- add more sites
- check the trailing URL to filter false positives
repoman/pym/repoman/modules/scan/ebuild/checks.py | 22 ++++++++++++++++++++++
repoman/pym/repoman/modules/scan/ebuild/errors.py | 2 ++
repoman/pym/repoman/qa_data.py | 4 +++-
3 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/repoman/pym/repoman/modules/scan/ebuild/checks.py b/repoman/pym/repoman/modules/scan/ebuild/checks.py
index 15e225156db4..83f9362b7506 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/checks.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/checks.py
@@ -682,6 +682,28 @@ class EMakeParallelDisabledViaMAKEOPTS(LineCheck):
error = errors.EMAKE_PARALLEL_DISABLED_VIA_MAKEOPTS
+class UriUseHttps(LineCheck):
+ """Check that we use https:// for known good sites."""
+ repoman_check_name = 'uri.https'
+ _SITES = (
+ '([-._a-zA-Z0-9]*\.)?apache\.org',
+ # Most FDO sites support https, but not all (like tango).
+ # List the most common ones here for now.
+ '((anongit|bugs|cgit|patchwork|people|specifications|www|xorg)\.)?freedesktop\.org',
+ '((bugs|dev|www)\.)?gentoo\.org',
+ 'github\.(io|com)',
+ 'savannah\.(non)?gnu\.org',
+ '((gcc|www)\.)?gnu\.org',
+ 'curl\.haxx\.se',
+ '(sf|sourceforge)\.net',
+ '(www\.)?sourceware\.org',
+ )
+ # Try to anchor the end of the URL so we don't get false positives
+ # with http://github.com.foo.bar.com/. Unlikely, but possible.
+ re = re.compile(r'.*\bhttp://(%s)(\s|["\'/]|$)' % r'|'.join(_SITES))
+ error = errors.URI_HTTPS
+
+
class NoAsNeeded(LineCheck):
"""Check for calls to the no-as-needed function."""
repoman_check_name = 'upstream.workaround'
diff --git a/repoman/pym/repoman/modules/scan/ebuild/errors.py b/repoman/pym/repoman/modules/scan/ebuild/errors.py
index 3090de0d1a2c..14e47e35877e 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/errors.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/errors.py
@@ -47,3 +47,5 @@ USEQ_ERROR = (
'Ebuild calls deprecated useq function on line: %d')
HASQ_ERROR = (
'Ebuild calls deprecated hasq function on line: %d')
+URI_HTTPS = (
+ 'Ebuild uses http:// but should use https:// on line: %d')
diff --git a/repoman/pym/repoman/qa_data.py b/repoman/pym/repoman/qa_data.py
index 48ab389d086e..03711b6ed5d0 100644
--- a/repoman/pym/repoman/qa_data.py
+++ b/repoman/pym/repoman/qa_data.py
@@ -224,7 +224,8 @@ qahelp = {
"The ebuild makes use of an obsolete construct"),
"upstream.workaround": (
"The ebuild works around an upstream bug,"
- " an upstream bug should be filed and tracked in bugs.gentoo.org")
+ " an upstream bug should be filed and tracked in bugs.gentoo.org"),
+ "uri.https": "URI uses http:// but should use https://",
}
qacats = list(qahelp)
@@ -273,6 +274,7 @@ qawarnings = set((
"LIVEVCS.stable",
"LIVEVCS.unmasked",
"IUSE.rubydeprecated",
+ "uri.https",
))
--
2.8.2
prev parent reply other threads:[~2016-06-27 21:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-13 4:22 [gentoo-portage-dev] [PATCH] repoman: flag URIs using http:// when https:// is available Mike Frysinger
2016-06-13 8:17 ` Alexander Berntsen
2016-06-27 21:13 ` Mike Frysinger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1467062003-14024-1-git-send-email-vapier@gentoo.org \
--to=vapier@gentoo.org \
--cc=gentoo-portage-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox