lint.py: add checks for https:// in various URLs

Many times, the http:// URL automatically redirects to https://, like with
github and gitorious.  For git repos, using https:// reduces metadata
leakage for more privacy, and increases the security a little bit.  For SVN
repos, using https:// is much more important since the repo format itself
does not provide the same level of verification as git, hg, etc. do.

diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py
index 2468da9d6daf29e65c71562961723224b4e85f3c..164bd6a606bcfd5d871e0a3162398f42008ea4fe 100644 (file)
--- a/fdroidserver/lint.py
+++ b/fdroidserver/lint.py
@@ -54,26 +54,64 @@ def main():
             'Web Site': [
                 (re.compile(r'.*github\.com/[^/]+/[^/]+\.git'),
                     "Appending .git is not necessary"),
+                (re.compile(r'.*[^sS]://github\.com/.*'),
+                    "github URLs should always use https:// not http://"),
                 (re.compile(r'.*code\.google\.com/p/[^/]+/[^w]'),
-                    "Possible incorrect path appended to google code project site")
+                    "Possible incorrect path appended to google code project site"),
+                (re.compile(r'.*[^sS]://code\.google\.com/.*'),
+                    "code.google.com URLs should always use https:// not http://"),
             ],
             'Source Code': [
                 (re.compile(r'.*github\.com/[^/]+/[^/]+\.git'),
                     "Appending .git is not necessary"),
+                (re.compile(r'.*[^sS]://github\.com/.*'),
+                    "github URLs should always use https:// (not http://, git://, or git@)"),
                 (re.compile(r'.*code\.google\.com/p/[^/]+/source/.*'),
                     "/source is often enough on its own"),
                 (re.compile(r'.*code\.google\.com/p/[^/]+[/]*$'),
-                    "/source is missing")
+                    "/source is missing"),
+                (re.compile(r'.*[^sS]://code\.google\.com/.*'),
+                    "code.google.com URLs should always use https:// not http://"),
+                (re.compile(r'.*[^sS]://dl\.google\.com/.*'),
+                    "dl.google.com URLs should always use https:// not http://"),
+                (re.compile(r'.*[^sS]://gitorious\.org/.*'),
+                    "gitorious URLs should always use https:// (not http://, git://, or git@)"),
+            ],
+            'Repo': [
+                (re.compile(r'.*[^sS]://code\.google\.com/.*'),
+                    "code.google.com URLs should always use https:// not http://"),
+                (re.compile(r'.*[^sS]://dl\.google\.com/.*'),
+                    "dl.google.com URLs should always use https:// not http://"),
+                (re.compile(r'.*[^sS]://github\.com/.*'),
+                    "github URLs should always use https:// (not http://, git://, or git@)"),
+                (re.compile(r'.*[^sS]://gitorious\.org/.*'),
+                    "gitorious URLs should always use https:// (not http://, git://, or git@)"),
+                (re.compile(r'.*[^sS]://[^.]*\.googlecode\.com/svn/?.*'),
+                    "Google Code SVN URLs should always use https:// (not http:// or svn://)"),
+                (re.compile(r'.*[^sS]://svn\.apache\.org/repos/?.*'),
+                    "Apache SVN URLs should always use https:// (not http:// or svn://)"),
+                (re.compile(r'.*[^sS]://svn\.code\.sf\.net/.*'),
+                    "Sourceforge SVN URLs should always use https:// (not http:// or svn://)"),
+                (re.compile(r'^http://.*'),
+                    "if https:// is available, use it instead of http://"),
+                (re.compile(r'^svn://.*'),
+                    "if https:// is available, use it instead of svn://"),
             ],
             'Issue Tracker': [
                 (re.compile(r'.*code\.google\.com/p/[^/]+/issues/.*'),
                     "/issues is often enough on its own"),
                 (re.compile(r'.*code\.google\.com/p/[^/]+[/]*$'),
                     "/issues is missing"),
+                (re.compile(r'.*[^sS]://code\.google\.com/.*'),
+                    "code.google.com URLs should always use https:// not http://"),
                 (re.compile(r'.*github\.com/[^/]+/[^/]+/issues/.*'),
                     "/issues is often enough on its own"),
                 (re.compile(r'.*github\.com/[^/]+/[^/]+[/]*$'),
-                    "/issues is missing")
+                    "/issues is missing"),
+                (re.compile(r'.*[^sS]://github\.com/.*'),
+                    "github URLs should always use https:// not http://"),
+                (re.compile(r'.*[^sS]://gitorious\.org/.*'),
+                    "gitorious URLs should always use https:// not http://"),
             ]
     }