From: Hans-Christoph Steiner Date: Thu, 13 Feb 2014 03:43:27 +0000 (-0500) Subject: lint.py: add checks for https:// in various URLs X-Git-Tag: 0.2~287 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=b706ec986f4369f88eff89e122c9b80e9aa41b5e;p=fdroidserver.git lint.py: add checks for https:// in various URLs Many times, the http:// URL automatically redirects to https://, like with github and gitorious. For git repos, using https:// reduces metadata leakage for more privacy, and increases the security a little bit. For SVN repos, using https:// is much more important since the repo format itself does not provide the same level of verification as git, hg, etc. do. --- diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py index 2468da9d..164bd6a6 100644 --- a/fdroidserver/lint.py +++ b/fdroidserver/lint.py @@ -54,26 +54,64 @@ def main(): 'Web Site': [ (re.compile(r'.*github\.com/[^/]+/[^/]+\.git'), "Appending .git is not necessary"), + (re.compile(r'.*[^sS]://github\.com/.*'), + "github URLs should always use https:// not http://"), (re.compile(r'.*code\.google\.com/p/[^/]+/[^w]'), - "Possible incorrect path appended to google code project site") + "Possible incorrect path appended to google code project site"), + (re.compile(r'.*[^sS]://code\.google\.com/.*'), + "code.google.com URLs should always use https:// not http://"), ], 'Source Code': [ (re.compile(r'.*github\.com/[^/]+/[^/]+\.git'), "Appending .git is not necessary"), + (re.compile(r'.*[^sS]://github\.com/.*'), + "github URLs should always use https:// (not http://, git://, or git@)"), (re.compile(r'.*code\.google\.com/p/[^/]+/source/.*'), "/source is often enough on its own"), (re.compile(r'.*code\.google\.com/p/[^/]+[/]*$'), - "/source is missing") + "/source is missing"), + (re.compile(r'.*[^sS]://code\.google\.com/.*'), + "code.google.com URLs should always use https:// not http://"), + (re.compile(r'.*[^sS]://dl\.google\.com/.*'), + "dl.google.com URLs should always use https:// not http://"), + (re.compile(r'.*[^sS]://gitorious\.org/.*'), + "gitorious URLs should always use https:// (not http://, git://, or git@)"), + ], + 'Repo': [ + (re.compile(r'.*[^sS]://code\.google\.com/.*'), + "code.google.com URLs should always use https:// not http://"), + (re.compile(r'.*[^sS]://dl\.google\.com/.*'), + "dl.google.com URLs should always use https:// not http://"), + (re.compile(r'.*[^sS]://github\.com/.*'), + "github URLs should always use https:// (not http://, git://, or git@)"), + (re.compile(r'.*[^sS]://gitorious\.org/.*'), + "gitorious URLs should always use https:// (not http://, git://, or git@)"), + (re.compile(r'.*[^sS]://[^.]*\.googlecode\.com/svn/?.*'), + "Google Code SVN URLs should always use https:// (not http:// or svn://)"), + (re.compile(r'.*[^sS]://svn\.apache\.org/repos/?.*'), + "Apache SVN URLs should always use https:// (not http:// or svn://)"), + (re.compile(r'.*[^sS]://svn\.code\.sf\.net/.*'), + "Sourceforge SVN URLs should always use https:// (not http:// or svn://)"), + (re.compile(r'^http://.*'), + "if https:// is available, use it instead of http://"), + (re.compile(r'^svn://.*'), + "if https:// is available, use it instead of svn://"), ], 'Issue Tracker': [ (re.compile(r'.*code\.google\.com/p/[^/]+/issues/.*'), "/issues is often enough on its own"), (re.compile(r'.*code\.google\.com/p/[^/]+[/]*$'), "/issues is missing"), + (re.compile(r'.*[^sS]://code\.google\.com/.*'), + "code.google.com URLs should always use https:// not http://"), (re.compile(r'.*github\.com/[^/]+/[^/]+/issues/.*'), "/issues is often enough on its own"), (re.compile(r'.*github\.com/[^/]+/[^/]+[/]*$'), - "/issues is missing") + "/issues is missing"), + (re.compile(r'.*[^sS]://github\.com/.*'), + "github URLs should always use https:// not http://"), + (re.compile(r'.*[^sS]://gitorious\.org/.*'), + "gitorious URLs should always use https:// not http://"), ] }