From 3801db064a4f5a9910e03a9c47b5986d03812cf9 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 3 Oct 2019 23:46:34 +0200
Subject: [PATCH] lint: improve HTTPS check

It was missing some domains, so I added another rule.  @IzzySoft pointed
out it was redudnant, so this removes the redudant rule and fixes the
original.

https://gitlab.com/fdroid/fdroidserver/merge_requests/681/diffs#note_225263464
---
 fdroidserver/lint.py | 6 ++----
 tests/lint.TestCase  | 6 ++++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py
index e8881a84..bc3a2388 100644
--- a/fdroidserver/lint.py
+++ b/fdroidserver/lint.py
@@ -33,7 +33,7 @@ options = None
 
 
 def enforce_https(domain):
-    return (re.compile(r'^[^h][^t][^t][^p][^s]://[^/]*' + re.escape(domain) + r'(/.*)?', re.IGNORECASE),
+    return (re.compile(r'^http://([^/]*\.)?' + re.escape(domain) + r'(/.*)?', re.IGNORECASE),
             domain + " URLs should always use https://")
 
 
@@ -122,11 +122,9 @@ http_url_shorteners = [
 http_checks = https_enforcings + http_url_shorteners + [
     (re.compile(r'^(?!https?://)[^/]+'),
      _("URL must start with https:// or http://")),
-    (re.compile(r'^http://[^.]+\.(github|gitlab)\.io/'),
-     _("URL must start with https://")),
     (re.compile(r'^https://(github|gitlab)\.com(/[^/]+){2,3}\.git'),
      _("Appending .git is not necessary")),
-    (re.compile(r'^https://[^/]*(github|gitlab|bitbucket|rawgit)\.[a-zA-Z]+/([^/]+/){2,3}master/'),
+    (re.compile(r'^https://[^/]*(github|gitlab|bitbucket|rawgit|githubusercontent)\.[a-zA-Z]+/([^/]+/){2,3}master/'),
      _("Use /HEAD instead of /master to point at a file in the default branch")),
 ]
 
diff --git a/tests/lint.TestCase b/tests/lint.TestCase
index 65f351c0..54cfc365 100755
--- a/tests/lint.TestCase
+++ b/tests/lint.TestCase
@@ -102,20 +102,22 @@ class LintTest(unittest.TestCase):
 
         bad_urls = [
             'github.com/my/proj',
+            'http://github.com/not/secure',
             'https://github.com/foo/bar.git',
             'https://gitlab.com/group/subgroup/project.git',
             'https://raw.githubusercontent.com/Seva-coder/Finder/master/ChangeLog.txt',
             'https://github.com/scoutant/blokish/blob/master/README.md#changelog',
             'http://htmlpreview.github.io/?https://github.com/my/project/blob/HEAD/index.html',
+            'http://fdroid.gitlab.io/fdroid-website',
         ]
-        anywarns = False
         logging.debug('bad urls:')
         for url in bad_urls:
+            anywarns = False
             app['SourceCode'] = url
             for warn in fdroidserver.lint.check_regexes(app):
                 anywarns = True
                 logging.debug(warn)
-        self.assertTrue(anywarns)
+            self.assertTrue(anywarns, url + " does not fail lint!")
 
     def test_check_app_field_types(self):
         config = dict()