public inbox for gentoo-portage-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Mike Frysinger <vapier@gentoo.org>
To: gentoo-portage-dev@lists.gentoo.org
Subject: [gentoo-portage-dev] [PATCH v2] repoman: flag URIs using http:// when https:// is available
Date: Mon, 27 Jun 2016 17:13:23 -0400	[thread overview]
Message-ID: <1467062003-14024-1-git-send-email-vapier@gentoo.org> (raw)
In-Reply-To: <1465791724-17361-1-git-send-email-vapier@gentoo.org>

---
v2
	- add more sites
	- check the trailing URL to filter false positives

 repoman/pym/repoman/modules/scan/ebuild/checks.py | 22 ++++++++++++++++++++++
 repoman/pym/repoman/modules/scan/ebuild/errors.py |  2 ++
 repoman/pym/repoman/qa_data.py                    |  4 +++-
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/repoman/pym/repoman/modules/scan/ebuild/checks.py b/repoman/pym/repoman/modules/scan/ebuild/checks.py
index 15e225156db4..83f9362b7506 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/checks.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/checks.py
@@ -682,6 +682,28 @@ class EMakeParallelDisabledViaMAKEOPTS(LineCheck):
 	error = errors.EMAKE_PARALLEL_DISABLED_VIA_MAKEOPTS
 
 
+class UriUseHttps(LineCheck):
+	"""Check that we use https:// for known good sites."""
+	repoman_check_name = 'uri.https'
+	_SITES = (
+		'([-._a-zA-Z0-9]*\.)?apache\.org',
+		# Most FDO sites support https, but not all (like tango).
+		# List the most common ones here for now.
+		'((anongit|bugs|cgit|patchwork|people|specifications|www|xorg)\.)?freedesktop\.org',
+		'((bugs|dev|www)\.)?gentoo\.org',
+		'github\.(io|com)',
+		'savannah\.(non)?gnu\.org',
+		'((gcc|www)\.)?gnu\.org',
+		'curl\.haxx\.se',
+		'(sf|sourceforge)\.net',
+		'(www\.)?sourceware\.org',
+	)
+	# Try to anchor the end of the URL so we don't get false positives
+	# with http://github.com.foo.bar.com/.  Unlikely, but possible.
+	re = re.compile(r'.*\bhttp://(%s)(\s|["\'/]|$)' % r'|'.join(_SITES))
+	error = errors.URI_HTTPS
+
+
 class NoAsNeeded(LineCheck):
 	"""Check for calls to the no-as-needed function."""
 	repoman_check_name = 'upstream.workaround'
diff --git a/repoman/pym/repoman/modules/scan/ebuild/errors.py b/repoman/pym/repoman/modules/scan/ebuild/errors.py
index 3090de0d1a2c..14e47e35877e 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/errors.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/errors.py
@@ -47,3 +47,5 @@ USEQ_ERROR = (
 	'Ebuild calls deprecated useq function on line: %d')
 HASQ_ERROR = (
 	'Ebuild calls deprecated hasq function on line: %d')
+URI_HTTPS = (
+	'Ebuild uses http:// but should use https:// on line: %d')
diff --git a/repoman/pym/repoman/qa_data.py b/repoman/pym/repoman/qa_data.py
index 48ab389d086e..03711b6ed5d0 100644
--- a/repoman/pym/repoman/qa_data.py
+++ b/repoman/pym/repoman/qa_data.py
@@ -224,7 +224,8 @@ qahelp = {
 		"The ebuild makes use of an obsolete construct"),
 	"upstream.workaround": (
 		"The ebuild works around an upstream bug,"
-		" an upstream bug should be filed and tracked in bugs.gentoo.org")
+		" an upstream bug should be filed and tracked in bugs.gentoo.org"),
+	"uri.https": "URI uses http:// but should use https://",
 }
 
 qacats = list(qahelp)
@@ -273,6 +274,7 @@ qawarnings = set((
 	"LIVEVCS.stable",
 	"LIVEVCS.unmasked",
 	"IUSE.rubydeprecated",
+	"uri.https",
 ))
 
 
-- 
2.8.2



      parent reply	other threads:[~2016-06-27 21:13 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-13  4:22 [gentoo-portage-dev] [PATCH] repoman: flag URIs using http:// when https:// is available Mike Frysinger
2016-06-13  8:17 ` Alexander Berntsen
2016-06-27 21:13 ` Mike Frysinger [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1467062003-14024-1-git-send-email-vapier@gentoo.org \
    --to=vapier@gentoo.org \
    --cc=gentoo-portage-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox