From 86a5acbe10dcc4393ff3e0e20f5d3ed0daf82f17 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Tue, 8 Oct 2024 13:38:34 +0200 Subject: [PATCH] docs: Reject non-https external links MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a '--require-https' switch to 'check-html-references' helper script which will error out if any non-https external link is used from our web and use it while builidng docs. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko --- docs/meson.build | 1 + scripts/check-html-references.py | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/docs/meson.build b/docs/meson.build index 53b518f987..a94f481730 100644 --- a/docs/meson.build +++ b/docs/meson.build @@ -358,6 +358,7 @@ if tests_enabled[0] python3_prog, args: [ check_html_references_prog.full_path(), + '--require-https', '--webroot', meson.project_build_root() / 'docs' ], diff --git a/scripts/check-html-references.py b/scripts/check-html-references.py index d15f28bea7..3382d838c5 100755 --- a/scripts/check-html-references.py +++ b/scripts/check-html-references.py @@ -224,6 +224,18 @@ def check_images(usedimages, imagefiles, ignoreimages): return fail +# checks that all links are accessed via https +def check_https(links): + fail = False + + for link in links: + if link.startswith('http://'): + print(f'ERROR: URI \'{link}\' uses insecure "http" protocol') + fail = True + + return fail + + parser = argparse.ArgumentParser(description='HTML reference checker') parser.add_argument('--webroot', required=True, help='path to the web root') @@ -233,6 +245,8 @@ parser.add_argument('--external', action="store_true", help='print external references instead') parser.add_argument('--ignore-images', action='append', help='paths to images that should be considered as used') +parser.add_argument('--require-https', action="store_true", + help='require secure https for external links') args = parser.parse_args() @@ -269,6 +283,13 @@ else: if check_images(usedimages, imagefiles, args.ignore_images): fail = True + if args.require_https: + if check_https(externallinks): + fail = True + + if check_https(externalimages): + fail = True + if fail: sys.exit(1)