1 |
--- |
2 |
v2 |
3 |
- add more sites |
4 |
- check the trailing URL to filter false positives |
5 |
|
6 |
repoman/pym/repoman/modules/scan/ebuild/checks.py | 22 ++++++++++++++++++++++ |
7 |
repoman/pym/repoman/modules/scan/ebuild/errors.py | 2 ++ |
8 |
repoman/pym/repoman/qa_data.py | 4 +++- |
9 |
3 files changed, 27 insertions(+), 1 deletion(-) |
10 |
|
11 |
diff --git a/repoman/pym/repoman/modules/scan/ebuild/checks.py b/repoman/pym/repoman/modules/scan/ebuild/checks.py |
12 |
index 15e225156db4..83f9362b7506 100644 |
13 |
--- a/repoman/pym/repoman/modules/scan/ebuild/checks.py |
14 |
+++ b/repoman/pym/repoman/modules/scan/ebuild/checks.py |
15 |
@@ -682,6 +682,28 @@ class EMakeParallelDisabledViaMAKEOPTS(LineCheck): |
16 |
error = errors.EMAKE_PARALLEL_DISABLED_VIA_MAKEOPTS |
17 |
|
18 |
|
19 |
+class UriUseHttps(LineCheck): |
20 |
+ """Check that we use https:// for known good sites.""" |
21 |
+ repoman_check_name = 'uri.https' |
22 |
+ _SITES = ( |
23 |
+ '([-._a-zA-Z0-9]*\.)?apache\.org', |
24 |
+ # Most FDO sites support https, but not all (like tango). |
25 |
+ # List the most common ones here for now. |
26 |
+ '((anongit|bugs|cgit|patchwork|people|specifications|www|xorg)\.)?freedesktop\.org', |
27 |
+ '((bugs|dev|www)\.)?gentoo\.org', |
28 |
+ 'github\.(io|com)', |
29 |
+ 'savannah\.(non)?gnu\.org', |
30 |
+ '((gcc|www)\.)?gnu\.org', |
31 |
+ 'curl\.haxx\.se', |
32 |
+ '(sf|sourceforge)\.net', |
33 |
+ '(www\.)?sourceware\.org', |
34 |
+ ) |
35 |
+ # Try to anchor the end of the URL so we don't get false positives |
36 |
+ # with http://github.com.foo.bar.com/. Unlikely, but possible. |
37 |
+ re = re.compile(r'.*\bhttp://(%s)(\s|["\'/]|$)' % r'|'.join(_SITES)) |
38 |
+ error = errors.URI_HTTPS |
39 |
+ |
40 |
+ |
41 |
class NoAsNeeded(LineCheck): |
42 |
"""Check for calls to the no-as-needed function.""" |
43 |
repoman_check_name = 'upstream.workaround' |
44 |
diff --git a/repoman/pym/repoman/modules/scan/ebuild/errors.py b/repoman/pym/repoman/modules/scan/ebuild/errors.py |
45 |
index 3090de0d1a2c..14e47e35877e 100644 |
46 |
--- a/repoman/pym/repoman/modules/scan/ebuild/errors.py |
47 |
+++ b/repoman/pym/repoman/modules/scan/ebuild/errors.py |
48 |
@@ -47,3 +47,5 @@ USEQ_ERROR = ( |
49 |
'Ebuild calls deprecated useq function on line: %d') |
50 |
HASQ_ERROR = ( |
51 |
'Ebuild calls deprecated hasq function on line: %d') |
52 |
+URI_HTTPS = ( |
53 |
+ 'Ebuild uses http:// but should use https:// on line: %d') |
54 |
diff --git a/repoman/pym/repoman/qa_data.py b/repoman/pym/repoman/qa_data.py |
55 |
index 48ab389d086e..03711b6ed5d0 100644 |
56 |
--- a/repoman/pym/repoman/qa_data.py |
57 |
+++ b/repoman/pym/repoman/qa_data.py |
58 |
@@ -224,7 +224,8 @@ qahelp = { |
59 |
"The ebuild makes use of an obsolete construct"), |
60 |
"upstream.workaround": ( |
61 |
"The ebuild works around an upstream bug," |
62 |
- " an upstream bug should be filed and tracked in bugs.gentoo.org") |
63 |
+ " an upstream bug should be filed and tracked in bugs.gentoo.org"), |
64 |
+ "uri.https": "URI uses http:// but should use https://", |
65 |
} |
66 |
|
67 |
qacats = list(qahelp) |
68 |
@@ -273,6 +274,7 @@ qawarnings = set(( |
69 |
"LIVEVCS.stable", |
70 |
"LIVEVCS.unmasked", |
71 |
"IUSE.rubydeprecated", |
72 |
+ "uri.https", |
73 |
)) |
74 |
|
75 |
|
76 |
-- |
77 |
2.8.2 |