--- v2 - add more sites - check the trailing URL to filter false positives
repoman/pym/repoman/modules/scan/ebuild/checks.py | 22 ++++++++++++++++++++++ repoman/pym/repoman/modules/scan/ebuild/errors.py | 2 ++ repoman/pym/repoman/qa_data.py | 4 +++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/repoman/pym/repoman/modules/scan/ebuild/checks.py b/repoman/pym/repoman/modules/scan/ebuild/checks.py index 15e225156db4..83f9362b7506 100644 --- a/repoman/pym/repoman/modules/scan/ebuild/checks.py +++ b/repoman/pym/repoman/modules/scan/ebuild/checks.py @@ -682,6 +682,28 @@ class EMakeParallelDisabledViaMAKEOPTS(LineCheck): error = errors.EMAKE_PARALLEL_DISABLED_VIA_MAKEOPTS +class UriUseHttps(LineCheck): + """Check that we use https:// for known good sites.""" + repoman_check_name = 'uri.https' + _SITES = ( + '([-._a-zA-Z0-9]*\.)?apache\.org', + # Most FDO sites support https, but not all (like tango). + # List the most common ones here for now. + '((anongit|bugs|cgit|patchwork|people|specifications|www|xorg)\.)?freedesktop\.org', + '((bugs|dev|www)\.)?gentoo\.org', + 'github\.(io|com)', + 'savannah\.(non)?gnu\.org', + '((gcc|www)\.)?gnu\.org', + 'curl\.haxx\.se', + '(sf|sourceforge)\.net', + '(www\.)?sourceware\.org', + ) + # Try to anchor the end of the URL so we don't get false positives + # with http://github.com.foo.bar.com/. Unlikely, but possible. + re = re.compile(r'.*\bhttp://(%s)(\s|["\'/]|$)' % r'|'.join(_SITES)) + error = errors.URI_HTTPS + + class NoAsNeeded(LineCheck): """Check for calls to the no-as-needed function.""" repoman_check_name = 'upstream.workaround' diff --git a/repoman/pym/repoman/modules/scan/ebuild/errors.py b/repoman/pym/repoman/modules/scan/ebuild/errors.py index 3090de0d1a2c..14e47e35877e 100644 --- a/repoman/pym/repoman/modules/scan/ebuild/errors.py +++ b/repoman/pym/repoman/modules/scan/ebuild/errors.py @@ -47,3 +47,5 @@ USEQ_ERROR = ( 'Ebuild calls deprecated useq function on line: %d') HASQ_ERROR = ( 'Ebuild calls deprecated hasq function on line: %d') +URI_HTTPS = ( + 'Ebuild uses http:// but should use https:// on line: %d') diff --git a/repoman/pym/repoman/qa_data.py b/repoman/pym/repoman/qa_data.py index 48ab389d086e..03711b6ed5d0 100644 --- a/repoman/pym/repoman/qa_data.py +++ b/repoman/pym/repoman/qa_data.py @@ -224,7 +224,8 @@ qahelp = { "The ebuild makes use of an obsolete construct"), "upstream.workaround": ( "The ebuild works around an upstream bug," - " an upstream bug should be filed and tracked in bugs.gentoo.org") + " an upstream bug should be filed and tracked in bugs.gentoo.org"), + "uri.https": "URI uses http:// but should use https://", } qacats = list(qahelp) @@ -273,6 +274,7 @@ qawarnings = set(( "LIVEVCS.stable", "LIVEVCS.unmasked", "IUSE.rubydeprecated", + "uri.https", )) -- 2.8.2