[PATCH 2/6] docs: Reject non-https external links
Add a '--require-https' switch to 'check-html-references' helper script
which will error out if any non-https external link is used from our web
and use it while builidng docs.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/meson.build | 1 +
scripts/check-html-references.py | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/docs/meson.build b/docs/meson.build
index 53b518f987..a94f481730 100644
--- a/docs/meson.build
+++ b/docs/meson.build
@@ -358,6 +358,7 @@ if tests_enabled[0]
python3_prog,
args: [
check_html_references_prog.full_path(),
+ '--require-https',
'--webroot',
meson.project_build_root() / 'docs'
],
diff --git a/scripts/check-html-references.py b/scripts/check-html-references.py
index d15f28bea7..3382d838c5 100755
--- a/scripts/check-html-references.py
+++ b/scripts/check-html-references.py
@@ -224,6 +224,18 @@ def check_images(usedimages, imagefiles, ignoreimages):
return fail
+# checks that all links are accessed via https
+def check_https(links):
+ fail = False
+
+ for link in links:
+ if link.startswith('http://'):
+ print(f'ERROR: URI \'{link}\' uses insecure "http"
protocol')
+ fail = True
+
+ return fail
+
+
parser = argparse.ArgumentParser(description='HTML reference checker')
parser.add_argument('--webroot', required=True,
help='path to the web root')
@@ -233,6 +245,8 @@ parser.add_argument('--external',
action="store_true",
help='print external references instead')
parser.add_argument('--ignore-images', action='append',
help='paths to images that should be considered as used')
+parser.add_argument('--require-https', action="store_true",
+ help='require secure https for external links')
args = parser.parse_args()
@@ -269,6 +283,13 @@ else:
if check_images(usedimages, imagefiles, args.ignore_images):
fail = True
+ if args.require_https:
+ if check_https(externallinks):
+ fail = True
+
+ if check_https(externalimages):
+ fail = True
+
if fail:
sys.exit(1)
--
2.46.0