mirror of
https://github.com/pypa/pip
synced 2023-12-13 21:30:23 +01:00
Warn when using an insecure transport for index or find-links
This commit is contained in:
parent
5d2b6b3be0
commit
3c61ba7040
27
pip/index.py
27
pip/index.py
|
@ -38,6 +38,10 @@ __all__ = ['PackageFinder']
|
|||
|
||||
DEFAULT_MIRROR_HOSTNAME = "last.pypi.python.org"
|
||||
|
||||
INSECURE_SCHEMES = {
|
||||
"http": ["https"],
|
||||
}
|
||||
|
||||
|
||||
class PackageFinder(object):
|
||||
"""This finds packages.
|
||||
|
@ -222,6 +226,29 @@ class PackageFinder(object):
|
|||
logger.debug('URLs to search for versions for %s:' % req)
|
||||
for location in locations:
|
||||
logger.debug('* %s' % location)
|
||||
|
||||
# Determine if this url used a secure transport mechanism
|
||||
parsed = urlparse.urlparse(str(location))
|
||||
if parsed.scheme in INSECURE_SCHEMES:
|
||||
secure_schemes = INSECURE_SCHEMES[parsed.scheme]
|
||||
|
||||
if len(secure_schemes) == 1:
|
||||
ctx = (location, parsed.scheme, secure_schemes[0],
|
||||
parsed.netloc)
|
||||
logger.warn("%s uses an insecure transport scheme (%s). "
|
||||
"Consider using %s if %s has it available" %
|
||||
ctx)
|
||||
elif len(secure_schemes) > 1:
|
||||
ctx = (location, parsed.scheme, ", ".join(secure_schemes),
|
||||
parsed.netloc)
|
||||
logger.warn("%s uses an insecure transport scheme (%s). "
|
||||
"Consider using one of %s if %s has any of "
|
||||
"them available" % ctx)
|
||||
else:
|
||||
ctx = (location, parsed.scheme)
|
||||
logger.warn("%s uses an insecure transport scheme (%s)." %
|
||||
ctx)
|
||||
|
||||
found_versions = []
|
||||
found_versions.extend(
|
||||
self._package_versions(
|
||||
|
|
Loading…
Reference in a new issue