From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 1 Mar 2018 22:24:00 +0000 (+0100)
Subject: lint: tighten up HTTPS checks on URLs
X-Git-Tag: 1.0.3~21^2~2
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=1c9bc32bf62b41cc091548143b78763707c384a5;p=fdroidserver.git

lint: tighten up HTTPS checks on URLs
---

diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py
index b0a5cad7..e746f269 100644
--- a/fdroidserver/lint.py
+++ b/fdroidserver/lint.py
@@ -32,7 +32,7 @@ options = None
 
 
 def enforce_https(domain):
-    return (re.compile(r'.*[^sS]://[^/]*' + re.escape(domain) + r'(/.*)?'),
+    return (re.compile(r'^[^h][^t][^t][^p][^s]://[^/]*' + re.escape(domain) + r'(/.*)?', re.IGNORECASE),
             domain + " URLs should always use https://")
 
 
@@ -51,6 +51,9 @@ https_enforcings = [
     enforce_https('savannah.gnu.org'),
     enforce_https('git.savannah.gnu.org'),
     enforce_https('download.savannah.gnu.org'),
+    enforce_https('github.io'),
+    enforce_https('gitlab.io'),
+    enforce_https('githubusercontent.com'),
 ]
 
 
@@ -126,6 +129,7 @@ regex_checks = {
     'WebSite': http_checks,
     'SourceCode': http_checks,
     'Repo': https_enforcings,
+    'UpdateCheckMode': https_enforcings,
     'IssueTracker': http_checks + [
         (re.compile(r'.*github\.com/[^/]+/[^/]+/*$'),
          _("/issues is missing")),