[gentoo-portage-dev] [PATCH v2] repoman: flag URIs using http:// when https:// is available

Mon, 27 Jun 2016 14:14:18 -0700 

---
v2
        - add more sites
        - check the trailing URL to filter false positives

 repoman/pym/repoman/modules/scan/ebuild/checks.py | 22 ++++++++++++++++++++++
 repoman/pym/repoman/modules/scan/ebuild/errors.py |  2 ++
 repoman/pym/repoman/qa_data.py                    |  4 +++-
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/repoman/pym/repoman/modules/scan/ebuild/checks.py 
b/repoman/pym/repoman/modules/scan/ebuild/checks.py
index 15e225156db4..83f9362b7506 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/checks.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/checks.py
@@ -682,6 +682,28 @@ class EMakeParallelDisabledViaMAKEOPTS(LineCheck):
        error = errors.EMAKE_PARALLEL_DISABLED_VIA_MAKEOPTS
 
 
+class UriUseHttps(LineCheck):
+       """Check that we use https:// for known good sites."""
+       repoman_check_name = 'uri.https'
+       _SITES = (
+               '([-._a-zA-Z0-9]*\.)?apache\.org',
+               # Most FDO sites support https, but not all (like tango).
+               # List the most common ones here for now.
+               
'((anongit|bugs|cgit|patchwork|people|specifications|www|xorg)\.)?freedesktop\.org',
+               '((bugs|dev|www)\.)?gentoo\.org',
+               'github\.(io|com)',
+               'savannah\.(non)?gnu\.org',
+               '((gcc|www)\.)?gnu\.org',
+               'curl\.haxx\.se',
+               '(sf|sourceforge)\.net',
+               '(www\.)?sourceware\.org',
+       )
+       # Try to anchor the end of the URL so we don't get false positives
+       # with http://github.com.foo.bar.com/.  Unlikely, but possible.
+       re = re.compile(r'.*\bhttp://(%s)(\s|["\'/]|$)' % r'|'.join(_SITES))
+       error = errors.URI_HTTPS
+
+
 class NoAsNeeded(LineCheck):
        """Check for calls to the no-as-needed function."""
        repoman_check_name = 'upstream.workaround'
diff --git a/repoman/pym/repoman/modules/scan/ebuild/errors.py 
b/repoman/pym/repoman/modules/scan/ebuild/errors.py
index 3090de0d1a2c..14e47e35877e 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/errors.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/errors.py
@@ -47,3 +47,5 @@ USEQ_ERROR = (
        'Ebuild calls deprecated useq function on line: %d')
 HASQ_ERROR = (
        'Ebuild calls deprecated hasq function on line: %d')
+URI_HTTPS = (
+       'Ebuild uses http:// but should use https:// on line: %d')
diff --git a/repoman/pym/repoman/qa_data.py b/repoman/pym/repoman/qa_data.py
index 48ab389d086e..03711b6ed5d0 100644
--- a/repoman/pym/repoman/qa_data.py
+++ b/repoman/pym/repoman/qa_data.py
@@ -224,7 +224,8 @@ qahelp = {
                "The ebuild makes use of an obsolete construct"),
        "upstream.workaround": (
                "The ebuild works around an upstream bug,"
-               " an upstream bug should be filed and tracked in 
bugs.gentoo.org")
+               " an upstream bug should be filed and tracked in 
bugs.gentoo.org"),
+       "uri.https": "URI uses http:// but should use https://";,
 }
 
 qacats = list(qahelp)
@@ -273,6 +274,7 @@ qawarnings = set((
        "LIVEVCS.stable",
        "LIVEVCS.unmasked",
        "IUSE.rubydeprecated",
+       "uri.https",
 ))
 
 
-- 
2.8.2

Reply via email to