Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a warning when using deprecated or insecure SCM URLs #393

Merged
merged 1 commit into from
Nov 12, 2022
Merged

Add a warning when using deprecated or insecure SCM URLs #393

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
97 changes: 97 additions & 0 deletions src/main/java/org/jenkinsci/maven/plugins/hpi/ValidateMojo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

import hudson.util.VersionNumber;
import io.jenkins.lib.versionnumber.JavaSpecificationVersion;
import java.util.Properties;
import org.apache.maven.model.Scm;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
Expand All @@ -15,6 +17,20 @@
@Mojo(name = "validate", defaultPhase = LifecyclePhase.VALIDATE)
public class ValidateMojo extends AbstractJenkinsMojo {

private static final String HTTP_GITHUB_COM = "http://github.com/";
private static final String HTTPS_GITHUB_COM = "https://github.com/";

private static final String SCM_GIT_GIT_URL_BAD = "scm:git:git://github.com/";
private static final String SCM_GIT_HTTP_URL_BAD = "scm:git:" + HTTP_GITHUB_COM;
private static final String SCM_GIT_SSH_URL_BAD = "scm:git:ssh://git@github.com/";

private static final String SCM_GIT_HTTPS_URL_GOOD = "scm:git:" + HTTPS_GITHUB_COM;
private static final String SCM_GIT_SSH_URL_GOOD = "scm:git:git@github.com:";

private static final String GIT_URLS_ARE_DEPRECATED = "git:// URLs are deprecated";
private static final String HTTP_URLS_ARE_INSECURE = "http:// URLs are insecure";
private static final String SSH_URLS_DO_NOT_WORK_WELL_WITH_PCT = "ssh:// URLs do not work well with PCT";
Copy link
Member

@Vlatombe Vlatombe Jan 11, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's really an argument. If they don't work well with pct as is, PCT should run with something like

[url "https://github.com/"]
	insteadOf = "ssh://git@github.com:"
	pushInsteadOf = "ssh://git@github.com:"

in its git configuration, guaranteeing that https is used in a homogeneous way even if the plugin has ssh configured.

Other variants can be used for other protocols.


@Override
public void execute() throws MojoExecutionException {
JavaSpecificationVersion javaVersion = getMinimumJavaVersion();
Expand All @@ -36,5 +52,86 @@ public void execute() throws MojoExecutionException {
+ " This property should be removed from your plugin's POM."
+ " In the future this warning will be changed to an error and will break the build.");
}

Scm scm = project.getScm();
if (scm != null) {
String connection = scm.getConnection();
if (connection != null) {
check(
"connection",
connection,
SCM_GIT_GIT_URL_BAD,
SCM_GIT_HTTPS_URL_GOOD,
GIT_URLS_ARE_DEPRECATED);
check(
"connection",
connection,
SCM_GIT_SSH_URL_BAD,
SCM_GIT_HTTPS_URL_GOOD,
SSH_URLS_DO_NOT_WORK_WELL_WITH_PCT);
check(
"connection",
connection,
SCM_GIT_HTTP_URL_BAD,
SCM_GIT_HTTPS_URL_GOOD,
HTTP_URLS_ARE_INSECURE);
}
String developerConnection = scm.getDeveloperConnection();
if (developerConnection != null) {
check(
"developerConnection",
developerConnection,
SCM_GIT_GIT_URL_BAD,
SCM_GIT_SSH_URL_GOOD,
GIT_URLS_ARE_DEPRECATED);
check(
"developerConnection",
developerConnection,
SCM_GIT_SSH_URL_BAD,
SCM_GIT_SSH_URL_GOOD,
SSH_URLS_DO_NOT_WORK_WELL_WITH_PCT);
check(
"developerConnection",
developerConnection,
SCM_GIT_HTTP_URL_BAD,
SCM_GIT_HTTPS_URL_GOOD,
HTTP_URLS_ARE_INSECURE);
}
String url = scm.getUrl();
if (url != null) {
check("url", url, HTTP_GITHUB_COM, HTTPS_GITHUB_COM, HTTP_URLS_ARE_INSECURE);
}
}
}

private void check(String tag, String value, String badStart, String goodStart, String reason) {
if (value.startsWith(badStart)) {
String goodValue = goodStart + value.substring(badStart.length());
getLog().warn(String.format(
"<%s>%s</%s> is invalid because %s."
+ " Replace it with <%s>%s</%s>."
+ " In the future this warning will be changed to an error and will break the build.",
tag,
deinterpolate(value),
tag,
reason,
tag,
deinterpolate(goodValue),
tag));
}
}

private String deinterpolate(String interpolated) {
Properties properties = project.getProperties();
if (properties.containsKey("gitHubRepo")) {
String propVal = properties.getProperty("gitHubRepo");
return interpolated.replace(propVal, "${gitHubRepo}");
}
String artifactId = "jenkinsci/" + project.getArtifactId() + "-plugin.git";
if (interpolated.endsWith(artifactId)) {
return interpolated.substring(0, interpolated.length() - artifactId.length())
+ "jenkinsci/${project.artifactId}-plugin.git";
}
return interpolated;
}
}