Warn when committing code with http:// URLs.

PRESUBMIT.py

Index: PRESUBMIT.py
diff --git a/PRESUBMIT.py b/PRESUBMIT.py
index 17e309115b12ffa2cb32e45c72450f0ae58d06cf..69a0609ac02baad601f865c0507fe66363afaf23 100644
--- a/PRESUBMIT.py
+++ b/PRESUBMIT.py
@@ -57,6 +57,12 @@ _TEST_ONLY_WARNING = (
     'Email joi@chromium.org if you have questions.')
 
 
+_HTTPS_ONLY_WARNING = (
+    'You should prefer to refer to HTTPS URLs, rather than HTTP URLs.\n'
+    'Do not bypass this warning if there is an equivalent HTTPS endpoint\n'
+    'that you could refer to instead.')
+
+
 _INCLUDE_ORDER_WARNING = (
     'Your #include order seems to be broken. Send mail to\n'
     'marja@chromium.org if this is not the case.')
@@ -222,6 +228,49 @@ def _CheckNoProductionCodeUsingTestOnlyFunctions(input_api, output_api):
     return []
 
 
+def _CheckNoHttpUrls(input_api, output_api):
+  """Attempts to prevent use of http:// URLs. Production Chrome code, and
+  Chromium infrastructure code, should strive to use https:// URLs (preferably
+  HSTS and with pinned public keys, as well). Some URLs will not be
+  translatable, but gradually the number of those should diminish.
+  """
+
+  # Include all sorts of files, both code and infrastructure scripts.
+  file_inclusion_pattern = r'.+\.(h|cc|cpp|cxx|mm|py|bat|sh)$'
+
+  inclusion_pattern = input_api.re.compile(r'http:/', input_api.re.IGNORECASE)

[M-A Ruel, 2013/01/08 02:51:11]

Why not http:// ?

+  # Allow http:/ in comments? Only if it turns out to be necessary.

[M-A Ruel, 2013/01/08 02:51:11]

At least for me, I know I've been using http://chromium.org/dev/foo/bar in
comments because it's shorter and because https:// didn't work. As an example:
https://chromium.org/developers/testing/isolated-testing will trigger an invalid
certificate. But the https equivalent is much longer:
https://sites.google.com/a/chromium.org/dev/developers/testing/isolated-testing

+  #exclusion_pattern = input_api.re.compile(r'(#|//|/\*| \*).*http:/',
+  #                                         input_api.re.IGNORECASE)
+
+  def FilterFile(affected_file):
+    return input_api.FilterSourceFile(
+      affected_file,
+      white_list=(file_inclusion_pattern, ),
+      black_list=())

[M-A Ruel, 2013/01/08 02:51:11]

no need to put black_list then.

+
+  problems = []
+  for f in input_api.AffectedSourceFiles(FilterFile):
+    local_path = f.LocalPath()
+    lines = input_api.ReadFile(f).splitlines()
+    line_number = 0
+    for line in lines:

[M-A Ruel, 2013/01/08 02:51:11]

for line_number, line in enumerate(input_api.ReadFile(f).splitlines()):

+      if (inclusion_pattern.search(line)):
+        #and not exclusion_pattern.search(line)):
+        problems.append(
+          '%s:%d\n    %s' % (local_path, line_number, line.strip()))
+      line_number += 1
+
+  if problems:
+    if not input_api.is_committing:

[M-A Ruel, 2013/01/08 02:51:11]

Remove the not and inverse the lines:
  if input_api.is_committing:
It's less cognitive overhead.

+      return [output_api.PresubmitPromptWarning(_HTTPS_ONLY_WARNING, problems)]
+    else:
+      # We don't warn on commit, to avoid stopping commits going through CQ.
+      return [output_api.PresubmitNotifyResult(_HTTPS_ONLY_WARNING, problems)]
+  else:

[M-A Ruel, 2013/01/08 02:51:11]

optional style nit: "else:" is not needed

+    return []
+
+
 def _CheckNoIOStreamInHeaders(input_api, output_api):
   """Checks to make sure no .h files include <iostream>."""
   files = []