D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-11-08 Thread Allen Winter 
winterz added a comment.


  FYI:  Today I added a Krazy checker to do this.  Should see results on the 
EBN in a day or 2.
  
  Although I am skipping the .htignore's, there will still be lots of false 
positives especially in the test programs.
  Let's see what happens.
  -Allen

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: kossebau, winterz, knauss, cgiboudeaux, kde-frameworks-devel, 
kde-buildsystem, LeGast00n, GB_2, bencreasy, michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-06-17 Thread Volker Krause 
vkrause added a comment.


  In D19996#480571 , @kossebau wrote:
  
  > Any chance this could not be done by abusing KDECMakeSettings.cmake as 
injection vector?
  
  
  I completely agree that this is a rather hacky approach. IMHO the challenge 
here is finding an approach that gives us very wide coverage. That's why I'm 
not too happy with e.g. an opt-in approach where we have to enable this per 
repo, even if that would be a lot cleaner from the ECM POV.
  
  It however does not need to be ECM based at all, an alternative approach 
might be an EBN-like service or dedicated CI job scanning all our repos for 
this. That would have an even wider coverage (e.g. websites and translations), 
but it would somewhat decouple results from development. Failing unit tests 
both locally and on the CI are just jumping at you much more than yet another 
static analysis result site.

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: kossebau, winterz, knauss, cgiboudeaux, kde-frameworks-devel, 
kde-buildsystem, LeGast00n, bencreasy, michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-06-16 Thread Friedrich W. H. Kossebau 
kossebau added a comment.


  Any chance this could not be done by abusing KDECMakeSettings.cmake as 
injection vector? I know you are just following the example of what was done 
for appstreamcli, but IMHO this has already been a bad hack, screwing over the 
fine granular design of all the ECM modules trying to keep aspects separate. 
And yes, by the price of the overhead with more explicit module includes, but 
it's like that. Or we should just screw it and put everything in one big 
"KDEECMEverythingEvenKitchenSink.cmake" ;) And yes, one possible would like to 
have such a generic wrapper module in any case, for quick prototyping. But the 
individual modules should stay focussed.
  
  The docs of KDECMakeSettings say: "Changes various CMake settings to what the 
KDE community views as more sensible defaults."
  Thus adding automatic tests or macros for tests using external tools would 
not in the scope of this very module.

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: kossebau, winterz, knauss, cgiboudeaux, kde-frameworks-devel, 
kde-buildsystem, LeGast00n, bencreasy, michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-24 Thread Sandro Knauß 
knauss added a task: T10716: Add check for accidental http: usage.

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: winterz, knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, 
michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-24 Thread Sandro Knauß 
knauss updated this revision to Diff 54680.
knauss added a comment.


  fixing a typo.

REPOSITORY
  R240 Extra CMake Modules

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D19996?vs=54679=54680

BRANCH
  arcpatch-D19996

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/KDECMakeSettings.cmake
  kde-modules/base.htignore
  kde-modules/httpcheck.py
  kde-modules/httpupdate.py
  kde-modules/nossl.htignore
  kde-modules/reduce-warning.htignore
  kde-modules/xml.htignore

To: vkrause
Cc: winterz, knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, 
michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-24 Thread Sandro Knauß 
knauss updated this revision to Diff 54679.
knauss added a comment.


  make parallel network requests.

REPOSITORY
  R240 Extra CMake Modules

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D19996?vs=54663=54679

BRANCH
  arcpatch-D19996

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/KDECMakeSettings.cmake
  kde-modules/base.htignore
  kde-modules/httpcheck.py
  kde-modules/httpupdate.py
  kde-modules/nossl.htignore
  kde-modules/reduce-warning.htignore
  kde-modules/xml.htignore

To: vkrause
Cc: winterz, knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, 
michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-24 Thread Sandro Knauß 
knauss updated this revision to Diff 54663.
knauss added a comment.


  complete diff.

REPOSITORY
  R240 Extra CMake Modules

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D19996?vs=54662=54663

BRANCH
  arcpatch-D19996

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/KDECMakeSettings.cmake
  kde-modules/base.htignore
  kde-modules/httpcheck.py
  kde-modules/httpupdate.py
  kde-modules/nossl.htignore
  kde-modules/reduce-warning.htignore
  kde-modules/xml.htignore

To: vkrause
Cc: winterz, knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, 
michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-24 Thread Sandro Knauß 
knauss updated this revision to Diff 54662.
knauss added a comment.


  now with glob matching and another round of renaming blacklist files.

REPOSITORY
  R240 Extra CMake Modules

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D19996?vs=54640=54662

BRANCH
  arcpatch-D19996

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/base.htignore
  kde-modules/blacklist.list
  kde-modules/httpcheck.py
  kde-modules/httpupdate.py
  kde-modules/nossl.htignore
  kde-modules/reduce-warning.htignore
  kde-modules/xml.htignore

To: vkrause
Cc: winterz, knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, 
michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Sandro Knauß 
knauss updated this revision to Diff 54640.
knauss added a comment.


  remove BLACKLSIT for httpcheck

REPOSITORY
  R240 Extra CMake Modules

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D19996?vs=54639=54640

BRANCH
  arcpatch-D19996

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/KDECMakeSettings.cmake
  kde-modules/blacklist.list
  kde-modules/httpcheck.py
  kde-modules/httpupdate.py

To: vkrause
Cc: winterz, knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, 
michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Sandro Knauß 
knauss updated this revision to Diff 54639.
knauss added a comment.


  add httpupdate and split out blacklist file

REPOSITORY
  R240 Extra CMake Modules

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D19996?vs=54617=54639

BRANCH
  arcpatch-D19996

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/KDECMakeSettings.cmake
  kde-modules/blacklist.list
  kde-modules/httpcheck.py
  kde-modules/httpupdate.py

To: vkrause
Cc: winterz, knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, 
michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Sandro Knauß 
knauss added a comment.


  In D19996#436824 , @winterz wrote:
  
  > this would be a nice addition to Krazy.  on my todo list.
  
  
  we are actually planing to push the list of blacklisted matches to a single 
file, so other scripts can take the list too.

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: winterz, knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, 
michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Allen Winter 
winterz added a comment.


  this would be a nice addition to Krazy.  on my todo list.

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: winterz, knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, 
michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Volker Krause 
vkrause added inline comments.

INLINE COMMENTS

> cgiboudeaux wrote in KDECMakeSettings.cmake:189
> PythonInterp is also not a solution :) See 6c1db934e 
>  
> in ki18n.
> 
> CMake 3.5.0 was found acceptable for most frameworks, it would be nice to 
> make it work with this version.

ugh, I see... so how could we solve this here? run find_package in the ecm 
cmakelists.txt and configure_file the python exe path into a wrapper for the 
python script?

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, michaelh, 
ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Sandro Knauß 
knauss updated this revision to Diff 54617.
knauss added a comment.


  search for http://\S
  
  and update blacklist.

REPOSITORY
  R240 Extra CMake Modules

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D19996?vs=54615=54617

BRANCH
  arcpatch-D19996

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/KDECMakeSettings.cmake
  kde-modules/httpcheck.py

To: vkrause
Cc: knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, michaelh, 
ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Christophe Giboudeaux 
cgiboudeaux added inline comments.

INLINE COMMENTS

> vkrause wrote in KDECMakeSettings.cmake:189
> Right, the feature is just silently ignored in older versions. We can 
> probably switch that to PythonIterp if we want this for older versions as 
> well. But let's first see if this approach actually works and if people will 
> access getting that test forced upon them :)

PythonInterp is also not a solution :) See 6c1db934e 
 in 
ki18n.

CMake 3.5.0 was found acceptable for most frameworks, it would be nice to make 
it work with this version.

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, michaelh, 
ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Volker Krause 
vkrause added inline comments.

INLINE COMMENTS

> cgiboudeaux wrote in KDECMakeSettings.cmake:189
> FindPython3.cmake only exists in CMake >= 3.12.0

Right, the feature is just silently ignored in older versions. We can probably 
switch that to PythonIterp if we want this for older versions as well. But 
let's first see if this approach actually works and if people will access 
getting that test forced upon them :)

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, michaelh, 
ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Sandro Knauß 
knauss updated this revision to Diff 54615.
knauss added a comment.


  add more excludes.

REPOSITORY
  R240 Extra CMake Modules

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D19996?vs=54613=54615

BRANCH
  arcpatch-D19996

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/KDECMakeSettings.cmake
  kde-modules/httpcheck.py

To: vkrause
Cc: knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, michaelh, 
ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Sandro Knauß 
knauss updated this revision to Diff 54613.
knauss added a comment.


  update http regex

REPOSITORY
  R240 Extra CMake Modules

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D19996?vs=54612=54613

BRANCH
  arcpatch-D19996

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/KDECMakeSettings.cmake
  kde-modules/httpcheck.py

To: vkrause
Cc: knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, michaelh, 
ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Sandro Knauß 
knauss updated this revision to Diff 54612.
knauss added a comment.


  update python script.

REPOSITORY
  R240 Extra CMake Modules

CHANGES SINCE LAST UPDATE
  https://phabricator.kde.org/D19996?vs=54611=54612

BRANCH
  arcpatch-D19996

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/KDECMakeSettings.cmake
  kde-modules/httpcheck.py

To: vkrause
Cc: knauss, cgiboudeaux, kde-frameworks-devel, kde-buildsystem, michaelh, 
ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Christophe Giboudeaux 
cgiboudeaux added inline comments.

INLINE COMMENTS

> KDECMakeSettings.cmake:189
>  
> +find_package(Python3 COMPONENTS Interpreter QUIET)
> +function(httpcheck)

FindPython3.cmake only exists in CMake >= 3.12.0

REPOSITORY
  R240 Extra CMake Modules

REVISION DETAIL
  https://phabricator.kde.org/D19996

To: vkrause
Cc: cgiboudeaux, kde-frameworks-devel, kde-buildsystem, michaelh, ngraham, bruns

D19996: WIP Add a global test for insecure http: URLs used in code or documentation

2019-03-23 Thread Volker Krause 
vkrause created this revision.
Herald added projects: Frameworks, Build System.
Herald added subscribers: kde-buildsystem, kde-frameworks-devel.
vkrause requested review of this revision.

REVISION SUMMARY
  This is supposed to trigger a unit test failure when using http: rather
  than https: URLs. This is obviously imperfect, so it has support for
  module or line specific overrides. This should also not get enabled by
  default as long as this basically triggers everywhere.
  
  The Python script is from Sandro, the CMake integration and URI blacklist
  from me.

REPOSITORY
  R240 Extra CMake Modules

BRANCH
  master

REVISION DETAIL
  https://phabricator.kde.org/D19996

AFFECTED FILES
  kde-modules/KDECMakeSettings.cmake
  kde-modules/httpcheck.py

To: vkrause
Cc: kde-frameworks-devel, kde-buildsystem, michaelh, ngraham, bruns