1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-14 11:00:10 +01:00

lint.py: add checks for https:// in various URLs

Many times, the http:// URL automatically redirects to https://, like with
github and gitorious.  For git repos, using https:// reduces metadata
leakage for more privacy, and increases the security a little bit.  For SVN
repos, using https:// is much more important since the repo format itself
does not provide the same level of verification as git, hg, etc. do.
This commit is contained in:
Hans-Christoph Steiner 2014-02-12 22:43:27 -05:00
parent 24c9232398
commit b706ec986f

View File

@ -54,26 +54,64 @@ def main():
'Web Site': [ 'Web Site': [
(re.compile(r'.*github\.com/[^/]+/[^/]+\.git'), (re.compile(r'.*github\.com/[^/]+/[^/]+\.git'),
"Appending .git is not necessary"), "Appending .git is not necessary"),
(re.compile(r'.*[^sS]://github\.com/.*'),
"github URLs should always use https:// not http://"),
(re.compile(r'.*code\.google\.com/p/[^/]+/[^w]'), (re.compile(r'.*code\.google\.com/p/[^/]+/[^w]'),
"Possible incorrect path appended to google code project site") "Possible incorrect path appended to google code project site"),
(re.compile(r'.*[^sS]://code\.google\.com/.*'),
"code.google.com URLs should always use https:// not http://"),
], ],
'Source Code': [ 'Source Code': [
(re.compile(r'.*github\.com/[^/]+/[^/]+\.git'), (re.compile(r'.*github\.com/[^/]+/[^/]+\.git'),
"Appending .git is not necessary"), "Appending .git is not necessary"),
(re.compile(r'.*[^sS]://github\.com/.*'),
"github URLs should always use https:// (not http://, git://, or git@)"),
(re.compile(r'.*code\.google\.com/p/[^/]+/source/.*'), (re.compile(r'.*code\.google\.com/p/[^/]+/source/.*'),
"/source is often enough on its own"), "/source is often enough on its own"),
(re.compile(r'.*code\.google\.com/p/[^/]+[/]*$'), (re.compile(r'.*code\.google\.com/p/[^/]+[/]*$'),
"/source is missing") "/source is missing"),
(re.compile(r'.*[^sS]://code\.google\.com/.*'),
"code.google.com URLs should always use https:// not http://"),
(re.compile(r'.*[^sS]://dl\.google\.com/.*'),
"dl.google.com URLs should always use https:// not http://"),
(re.compile(r'.*[^sS]://gitorious\.org/.*'),
"gitorious URLs should always use https:// (not http://, git://, or git@)"),
],
'Repo': [
(re.compile(r'.*[^sS]://code\.google\.com/.*'),
"code.google.com URLs should always use https:// not http://"),
(re.compile(r'.*[^sS]://dl\.google\.com/.*'),
"dl.google.com URLs should always use https:// not http://"),
(re.compile(r'.*[^sS]://github\.com/.*'),
"github URLs should always use https:// (not http://, git://, or git@)"),
(re.compile(r'.*[^sS]://gitorious\.org/.*'),
"gitorious URLs should always use https:// (not http://, git://, or git@)"),
(re.compile(r'.*[^sS]://[^.]*\.googlecode\.com/svn/?.*'),
"Google Code SVN URLs should always use https:// (not http:// or svn://)"),
(re.compile(r'.*[^sS]://svn\.apache\.org/repos/?.*'),
"Apache SVN URLs should always use https:// (not http:// or svn://)"),
(re.compile(r'.*[^sS]://svn\.code\.sf\.net/.*'),
"Sourceforge SVN URLs should always use https:// (not http:// or svn://)"),
(re.compile(r'^http://.*'),
"if https:// is available, use it instead of http://"),
(re.compile(r'^svn://.*'),
"if https:// is available, use it instead of svn://"),
], ],
'Issue Tracker': [ 'Issue Tracker': [
(re.compile(r'.*code\.google\.com/p/[^/]+/issues/.*'), (re.compile(r'.*code\.google\.com/p/[^/]+/issues/.*'),
"/issues is often enough on its own"), "/issues is often enough on its own"),
(re.compile(r'.*code\.google\.com/p/[^/]+[/]*$'), (re.compile(r'.*code\.google\.com/p/[^/]+[/]*$'),
"/issues is missing"), "/issues is missing"),
(re.compile(r'.*[^sS]://code\.google\.com/.*'),
"code.google.com URLs should always use https:// not http://"),
(re.compile(r'.*github\.com/[^/]+/[^/]+/issues/.*'), (re.compile(r'.*github\.com/[^/]+/[^/]+/issues/.*'),
"/issues is often enough on its own"), "/issues is often enough on its own"),
(re.compile(r'.*github\.com/[^/]+/[^/]+[/]*$'), (re.compile(r'.*github\.com/[^/]+/[^/]+[/]*$'),
"/issues is missing") "/issues is missing"),
(re.compile(r'.*[^sS]://github\.com/.*'),
"github URLs should always use https:// not http://"),
(re.compile(r'.*[^sS]://gitorious\.org/.*'),
"gitorious URLs should always use https:// not http://"),
] ]
} }