docs: Reject non-https external links

Add a '--require-https' switch to 'check-html-references' helper script
which will error out if any non-https external link is used from our web
and use it while builidng docs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/docs/meson.build b/docs/meson.build
index 53b518f98761c654e2e81d0d921bc76ecee59909..a94f481730686a84293419e06e99479e863a3f6c 100644 (file)
--- a/docs/meson.build
+++ b/docs/meson.build
@@ -358,6 +358,7 @@ if tests_enabled[0]
     python3_prog,
     args: [
       check_html_references_prog.full_path(),
+      '--require-https',
       '--webroot',
       meson.project_build_root() / 'docs'
     ],

diff --git a/scripts/check-html-references.py b/scripts/check-html-references.py
index d15f28bea759ba09ba65596a2e20fc01cf8a2ae1..3382d838c5efea35b82a066b12e9c49e90f3a8cf 100755 (executable)
--- a/scripts/check-html-references.py
+++ b/scripts/check-html-references.py
@@ -224,6 +224,18 @@ def check_images(usedimages, imagefiles, ignoreimages):
     return fail
 
 
+# checks that all links are accessed via https
+def check_https(links):
+    fail = False
+
+    for link in links:
+        if link.startswith('http://'):
+            print(f'ERROR: URI \'{link}\' uses insecure "http" protocol')
+            fail = True
+
+    return fail
+
+
 parser = argparse.ArgumentParser(description='HTML reference checker')
 parser.add_argument('--webroot', required=True,
                     help='path to the web root')
@@ -233,6 +245,8 @@ parser.add_argument('--external', action="store_true",
                     help='print external references instead')
 parser.add_argument('--ignore-images', action='append',
                     help='paths to images that should be considered as used')
+parser.add_argument('--require-https', action="store_true",
+                    help='require secure https for external links')
 
 args = parser.parse_args()
 
@@ -269,6 +283,13 @@ else:
     if check_images(usedimages, imagefiles, args.ignore_images):
         fail = True
 
+    if args.require_https:
+        if check_https(externallinks):
+            fail = True
+
+        if check_https(externalimages):
+            fail = True
+
     if fail:
         sys.exit(1)