1 // Copyright 2018 The Rust Project Developers. See the COPYRIGHT
2 // file at the top-level directory of this distribution and at
3 // http://rust-lang.org/COPYRIGHT.
5 // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
6 // http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
7 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
8 // option. This file may not be copied, modified, or distributed
9 // except according to those terms.
11 // ! Check for external package sources. Allow only vendorable packages.
17 /// List of whitelisted sources for packages
18 static WHITELISTED_SOURCES: &'static [&'static str] = &[
19 "\"registry+https://github.com/rust-lang/crates.io-index\"",
22 /// check for external package sources
23 pub fn check(path: &Path, bad: &mut bool) {
24 // Cargo.lock of rust: src/Cargo.lock
25 let path = path.join("Cargo.lock");
27 // open and read the whole file
28 let mut cargo_lock = String::new();
29 t!(t!(File::open(path)).read_to_string(&mut cargo_lock));
32 let mut lines = cargo_lock.lines();
33 while let Some(line) = lines.next() {
35 // consider only source entries
36 if ! line.starts_with("source = ") {
40 // extract source value
41 let parts: Vec<&str> = line.splitn(2, "=").collect();
42 let source = parts[1].trim();
44 // ensure source is whitelisted
45 if !WHITELISTED_SOURCES.contains(&&*source) {
46 println!("invalid source: {}", source);