From 1c9bc32bf62b41cc091548143b78763707c384a5 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 1 Mar 2018 23:24:00 +0100
Subject: [PATCH] lint: tighten up HTTPS checks on URLs

---
 fdroidserver/lint.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py
index b0a5cad7..e746f269 100644
--- a/fdroidserver/lint.py
+++ b/fdroidserver/lint.py
@@ -32,7 +32,7 @@ options = None
 
 
 def enforce_https(domain):
-    return (re.compile(r'.*[^sS]://[^/]*' + re.escape(domain) + r'(/.*)?'),
+    return (re.compile(r'^[^h][^t][^t][^p][^s]://[^/]*' + re.escape(domain) + r'(/.*)?', re.IGNORECASE),
             domain + " URLs should always use https://")
 
 
@@ -51,6 +51,9 @@ https_enforcings = [
     enforce_https('savannah.gnu.org'),
     enforce_https('git.savannah.gnu.org'),
     enforce_https('download.savannah.gnu.org'),
+    enforce_https('github.io'),
+    enforce_https('gitlab.io'),
+    enforce_https('githubusercontent.com'),
 ]
 
 
@@ -126,6 +129,7 @@ regex_checks = {
     'WebSite': http_checks,
     'SourceCode': http_checks,
     'Repo': https_enforcings,
+    'UpdateCheckMode': https_enforcings,
     'IssueTracker': http_checks + [
         (re.compile(r'.*github\.com/[^/]+/[^/]+/*$'),
          _("/issues is missing")),