| 1 |
--- |
| 2 |
v2 |
| 3 |
- add more sites |
| 4 |
- check the trailing URL to filter false positives |
| 5 |
|
| 6 |
repoman/pym/repoman/modules/scan/ebuild/checks.py | 22 ++++++++++++++++++++++ |
| 7 |
repoman/pym/repoman/modules/scan/ebuild/errors.py | 2 ++ |
| 8 |
repoman/pym/repoman/qa_data.py | 4 +++- |
| 9 |
3 files changed, 27 insertions(+), 1 deletion(-) |
| 10 |
|
| 11 |
diff --git a/repoman/pym/repoman/modules/scan/ebuild/checks.py b/repoman/pym/repoman/modules/scan/ebuild/checks.py |
| 12 |
index 15e225156db4..83f9362b7506 100644 |
| 13 |
--- a/repoman/pym/repoman/modules/scan/ebuild/checks.py |
| 14 |
+++ b/repoman/pym/repoman/modules/scan/ebuild/checks.py |
| 15 |
@@ -682,6 +682,28 @@ class EMakeParallelDisabledViaMAKEOPTS(LineCheck): |
| 16 |
error = errors.EMAKE_PARALLEL_DISABLED_VIA_MAKEOPTS |
| 17 |
|
| 18 |
|
| 19 |
+class UriUseHttps(LineCheck): |
| 20 |
+ """Check that we use https:// for known good sites.""" |
| 21 |
+ repoman_check_name = 'uri.https' |
| 22 |
+ _SITES = ( |
| 23 |
+ '([-._a-zA-Z0-9]*\.)?apache\.org', |
| 24 |
+ # Most FDO sites support https, but not all (like tango). |
| 25 |
+ # List the most common ones here for now. |
| 26 |
+ '((anongit|bugs|cgit|patchwork|people|specifications|www|xorg)\.)?freedesktop\.org', |
| 27 |
+ '((bugs|dev|www)\.)?gentoo\.org', |
| 28 |
+ 'github\.(io|com)', |
| 29 |
+ 'savannah\.(non)?gnu\.org', |
| 30 |
+ '((gcc|www)\.)?gnu\.org', |
| 31 |
+ 'curl\.haxx\.se', |
| 32 |
+ '(sf|sourceforge)\.net', |
| 33 |
+ '(www\.)?sourceware\.org', |
| 34 |
+ ) |
| 35 |
+ # Try to anchor the end of the URL so we don't get false positives |
| 36 |
+ # with http://github.com.foo.bar.com/. Unlikely, but possible. |
| 37 |
+ re = re.compile(r'.*\bhttp://(%s)(\s|["\'/]|$)' % r'|'.join(_SITES)) |
| 38 |
+ error = errors.URI_HTTPS |
| 39 |
+ |
| 40 |
+ |
| 41 |
class NoAsNeeded(LineCheck): |
| 42 |
"""Check for calls to the no-as-needed function.""" |
| 43 |
repoman_check_name = 'upstream.workaround' |
| 44 |
diff --git a/repoman/pym/repoman/modules/scan/ebuild/errors.py b/repoman/pym/repoman/modules/scan/ebuild/errors.py |
| 45 |
index 3090de0d1a2c..14e47e35877e 100644 |
| 46 |
--- a/repoman/pym/repoman/modules/scan/ebuild/errors.py |
| 47 |
+++ b/repoman/pym/repoman/modules/scan/ebuild/errors.py |
| 48 |
@@ -47,3 +47,5 @@ USEQ_ERROR = ( |
| 49 |
'Ebuild calls deprecated useq function on line: %d') |
| 50 |
HASQ_ERROR = ( |
| 51 |
'Ebuild calls deprecated hasq function on line: %d') |
| 52 |
+URI_HTTPS = ( |
| 53 |
+ 'Ebuild uses http:// but should use https:// on line: %d') |
| 54 |
diff --git a/repoman/pym/repoman/qa_data.py b/repoman/pym/repoman/qa_data.py |
| 55 |
index 48ab389d086e..03711b6ed5d0 100644 |
| 56 |
--- a/repoman/pym/repoman/qa_data.py |
| 57 |
+++ b/repoman/pym/repoman/qa_data.py |
| 58 |
@@ -224,7 +224,8 @@ qahelp = { |
| 59 |
"The ebuild makes use of an obsolete construct"), |
| 60 |
"upstream.workaround": ( |
| 61 |
"The ebuild works around an upstream bug," |
| 62 |
- " an upstream bug should be filed and tracked in bugs.gentoo.org") |
| 63 |
+ " an upstream bug should be filed and tracked in bugs.gentoo.org"), |
| 64 |
+ "uri.https": "URI uses http:// but should use https://", |
| 65 |
} |
| 66 |
|
| 67 |
qacats = list(qahelp) |
| 68 |
@@ -273,6 +274,7 @@ qawarnings = set(( |
| 69 |
"LIVEVCS.stable", |
| 70 |
"LIVEVCS.unmasked", |
| 71 |
"IUSE.rubydeprecated", |
| 72 |
+ "uri.https", |
| 73 |
)) |
| 74 |
|
| 75 |
|
| 76 |
-- |
| 77 |
2.8.2 |
Archives