This project integrates nohttp with checkstyle to reject URLs with the http:// scheme while ignoring URLs that cannot be https://.
This verifies that your build has no http:// URLs but ignores URLs that cannot be https://.
|
Note
|
If you are using Gradle, see nohttp-gradle project. |
While many checkstyle configurations only impact your source and resources, it is important that no http checks are performed on all the files within your repository.
For example, you will want to ensure that you validate your build files like pom.xml and build.gradle.
-
nohttp-gradle-sample - Demonstrates using nohttp with Gradle
-
nohttp-maven-sample - Demonstrates using nohttp with Maven
The default nohttp checkstyle.xml configuration can be found below:
<!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.3//EN"
"https://www.puppycrawl.com/dtds/configuration_1_3.dtd">
<module name="Checker">
<property name="charset" value="UTF-8"/>
<!-- Configure checker to run on files with all file extensions (empty is all) -->
<property name="fileExtensions" value=""/>
<module name="io.spring.nohttp.checkstyle.check.NoHttpCheck">
<property name="allowlistFileName" value="${nohttp.checkstyle.allowlistFileName}" default=""/>
</module>
<module name="SuppressionFilter">
<property name="file" value="${config_loc}/suppressions.xml" default=""/>
<property name="optional" value="true"/>
</module>
<!-- Allow suppression with comments
// CHECKSTYLE:OFF
... ignored content ...
// CHECKSTYLE:ON
-->
<module name="SuppressWithPlainTextCommentFilter"/>
</module>|
Note
|
SuppressWithPlainTextCommentFilter was added in Checkstyle 8.6, so for the default configuration to work you must run with Checkstyle 8.6+
|
The nohttp project provides a default allowlist.
If you find the need to exclude additional URL patterns, you can do so with the above configuration by including a checkstyle property named nohttp.checkstyle.allowlistFileName pointing to an allowlist file that is in the format of RegexPredicate.createAllowlist(InputStream).
If you prefer, you can embed an allowlist rather than externalizing it into a separate file by using the allowlist property.
The value of allowlist should be in the format of RegexPredicate.createAllowlist(InputStream).
For example, the following will allowlist http://example.com and http://example.org:
<module name="io.spring.nohttp.checkstyle.check.NoHttpCheck">
<property name="allowlist" value="^\Qhttp://example.com\E$
^\Qhttp://example.org\E$"/>
</module>|
Note
|
Use 
 to specify new lines.
|
The above Configuration demonstrates how to suppress checks using SuppressWithPlainTextCommentFilter. For example, the following will ignore the URL http://example.org/schema/ only in the location of code surrounded by the CHECKSTYLE:OFF / CHECKSTYLE:ON comments.
// CHECKSTYLE:OFF
if (url.startsWith("http://example.org/schema/") {
// CHECKSTYLE:ONThe above Configuration demonstrates how to leverage SuppressionFilter to ignore specific violations. To leverage it make sure a file exists at ${config_loc}/suppressions.xml that contains the necessary suppressions. An example supressions file might look like:
<!DOCTYPE suppressions PUBLIC
"-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
"https://checkstyle.org/dtds/suppressions_1_2.dtd">
<suppressions>
<suppress checks="io.spring.nohttp.checkstyle.check.NoHttpCheck" files="BeanDefinitionParserDelegate.java" lines="1409"/>
</suppressions>