From b706ec986f4369f88eff89e122c9b80e9aa41b5e Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 12 Feb 2014 22:43:27 -0500 Subject: [PATCH] lint.py: add checks for https:// in various URLs Many times, the http:// URL automatically redirects to https://, like with github and gitorious. For git repos, using https:// reduces metadata leakage for more privacy, and increases the security a little bit. For SVN repos, using https:// is much more important since the repo format itself does not provide the same level of verification as git, hg, etc. do. --- fdroidserver/lint.py | 44 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py index 2468da9d..164bd6a6 100644 --- a/fdroidserver/lint.py +++ b/fdroidserver/lint.py @@ -54,26 +54,64 @@ def main(): 'Web Site': [ (re.compile(r'.*github\.com/[^/]+/[^/]+\.git'), "Appending .git is not necessary"), + (re.compile(r'.*[^sS]://github\.com/.*'), + "github URLs should always use https:// not http://"), (re.compile(r'.*code\.google\.com/p/[^/]+/[^w]'), - "Possible incorrect path appended to google code project site") + "Possible incorrect path appended to google code project site"), + (re.compile(r'.*[^sS]://code\.google\.com/.*'), + "code.google.com URLs should always use https:// not http://"), ], 'Source Code': [ (re.compile(r'.*github\.com/[^/]+/[^/]+\.git'), "Appending .git is not necessary"), + (re.compile(r'.*[^sS]://github\.com/.*'), + "github URLs should always use https:// (not http://, git://, or git@)"), (re.compile(r'.*code\.google\.com/p/[^/]+/source/.*'), "/source is often enough on its own"), (re.compile(r'.*code\.google\.com/p/[^/]+[/]*$'), - "/source is missing") + "/source is missing"), + (re.compile(r'.*[^sS]://code\.google\.com/.*'), + "code.google.com URLs should always use https:// not http://"), + (re.compile(r'.*[^sS]://dl\.google\.com/.*'), + "dl.google.com URLs should always use https:// not http://"), + (re.compile(r'.*[^sS]://gitorious\.org/.*'), + "gitorious URLs should always use https:// (not http://, git://, or git@)"), + ], + 'Repo': [ + (re.compile(r'.*[^sS]://code\.google\.com/.*'), + "code.google.com URLs should always use https:// not http://"), + (re.compile(r'.*[^sS]://dl\.google\.com/.*'), + "dl.google.com URLs should always use https:// not http://"), + (re.compile(r'.*[^sS]://github\.com/.*'), + "github URLs should always use https:// (not http://, git://, or git@)"), + (re.compile(r'.*[^sS]://gitorious\.org/.*'), + "gitorious URLs should always use https:// (not http://, git://, or git@)"), + (re.compile(r'.*[^sS]://[^.]*\.googlecode\.com/svn/?.*'), + "Google Code SVN URLs should always use https:// (not http:// or svn://)"), + (re.compile(r'.*[^sS]://svn\.apache\.org/repos/?.*'), + "Apache SVN URLs should always use https:// (not http:// or svn://)"), + (re.compile(r'.*[^sS]://svn\.code\.sf\.net/.*'), + "Sourceforge SVN URLs should always use https:// (not http:// or svn://)"), + (re.compile(r'^http://.*'), + "if https:// is available, use it instead of http://"), + (re.compile(r'^svn://.*'), + "if https:// is available, use it instead of svn://"), ], 'Issue Tracker': [ (re.compile(r'.*code\.google\.com/p/[^/]+/issues/.*'), "/issues is often enough on its own"), (re.compile(r'.*code\.google\.com/p/[^/]+[/]*$'), "/issues is missing"), + (re.compile(r'.*[^sS]://code\.google\.com/.*'), + "code.google.com URLs should always use https:// not http://"), (re.compile(r'.*github\.com/[^/]+/[^/]+/issues/.*'), "/issues is often enough on its own"), (re.compile(r'.*github\.com/[^/]+/[^/]+[/]*$'), - "/issues is missing") + "/issues is missing"), + (re.compile(r'.*[^sS]://github\.com/.*'), + "github URLs should always use https:// not http://"), + (re.compile(r'.*[^sS]://gitorious\.org/.*'), + "gitorious URLs should always use https:// not http://"), ] }