From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1A1561382DE for ; Mon, 27 Jun 2016 21:13:30 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0405114241; Mon, 27 Jun 2016 21:13:28 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6F8D414234 for ; Mon, 27 Jun 2016 21:13:27 +0000 (UTC) Received: from vapier.lan (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 4F4D0340D1D for ; Mon, 27 Jun 2016 21:13:26 +0000 (UTC) From: Mike Frysinger To: gentoo-portage-dev@lists.gentoo.org Subject: [gentoo-portage-dev] [PATCH v2] repoman: flag URIs using http:// when https:// is available Date: Mon, 27 Jun 2016 17:13:23 -0400 Message-Id: <1467062003-14024-1-git-send-email-vapier@gentoo.org> X-Mailer: git-send-email 2.8.2 In-Reply-To: <1465791724-17361-1-git-send-email-vapier@gentoo.org> References: <1465791724-17361-1-git-send-email-vapier@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@lists.gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org X-Archives-Salt: 47a1d2fd-e056-4557-8086-3ffdbb9ac42a X-Archives-Hash: c16714affc90424e49b8dd95fbe51a24 --- v2 - add more sites - check the trailing URL to filter false positives repoman/pym/repoman/modules/scan/ebuild/checks.py | 22 ++++++++++++++++++++++ repoman/pym/repoman/modules/scan/ebuild/errors.py | 2 ++ repoman/pym/repoman/qa_data.py | 4 +++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/repoman/pym/repoman/modules/scan/ebuild/checks.py b/repoman/pym/repoman/modules/scan/ebuild/checks.py index 15e225156db4..83f9362b7506 100644 --- a/repoman/pym/repoman/modules/scan/ebuild/checks.py +++ b/repoman/pym/repoman/modules/scan/ebuild/checks.py @@ -682,6 +682,28 @@ class EMakeParallelDisabledViaMAKEOPTS(LineCheck): error = errors.EMAKE_PARALLEL_DISABLED_VIA_MAKEOPTS +class UriUseHttps(LineCheck): + """Check that we use https:// for known good sites.""" + repoman_check_name = 'uri.https' + _SITES = ( + '([-._a-zA-Z0-9]*\.)?apache\.org', + # Most FDO sites support https, but not all (like tango). + # List the most common ones here for now. + '((anongit|bugs|cgit|patchwork|people|specifications|www|xorg)\.)?freedesktop\.org', + '((bugs|dev|www)\.)?gentoo\.org', + 'github\.(io|com)', + 'savannah\.(non)?gnu\.org', + '((gcc|www)\.)?gnu\.org', + 'curl\.haxx\.se', + '(sf|sourceforge)\.net', + '(www\.)?sourceware\.org', + ) + # Try to anchor the end of the URL so we don't get false positives + # with http://github.com.foo.bar.com/. Unlikely, but possible. + re = re.compile(r'.*\bhttp://(%s)(\s|["\'/]|$)' % r'|'.join(_SITES)) + error = errors.URI_HTTPS + + class NoAsNeeded(LineCheck): """Check for calls to the no-as-needed function.""" repoman_check_name = 'upstream.workaround' diff --git a/repoman/pym/repoman/modules/scan/ebuild/errors.py b/repoman/pym/repoman/modules/scan/ebuild/errors.py index 3090de0d1a2c..14e47e35877e 100644 --- a/repoman/pym/repoman/modules/scan/ebuild/errors.py +++ b/repoman/pym/repoman/modules/scan/ebuild/errors.py @@ -47,3 +47,5 @@ USEQ_ERROR = ( 'Ebuild calls deprecated useq function on line: %d') HASQ_ERROR = ( 'Ebuild calls deprecated hasq function on line: %d') +URI_HTTPS = ( + 'Ebuild uses http:// but should use https:// on line: %d') diff --git a/repoman/pym/repoman/qa_data.py b/repoman/pym/repoman/qa_data.py index 48ab389d086e..03711b6ed5d0 100644 --- a/repoman/pym/repoman/qa_data.py +++ b/repoman/pym/repoman/qa_data.py @@ -224,7 +224,8 @@ qahelp = { "The ebuild makes use of an obsolete construct"), "upstream.workaround": ( "The ebuild works around an upstream bug," - " an upstream bug should be filed and tracked in bugs.gentoo.org") + " an upstream bug should be filed and tracked in bugs.gentoo.org"), + "uri.https": "URI uses http:// but should use https://", } qacats = list(qahelp) @@ -273,6 +274,7 @@ qawarnings = set(( "LIVEVCS.stable", "LIVEVCS.unmasked", "IUSE.rubydeprecated", + "uri.https", )) -- 2.8.2