From a4ddda31e95184a443fd237744479557c09cc76b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Marie?= <semarie@online.fr>
Date: Sun, 15 Jul 2018 12:46:02 +0200
Subject: [PATCH] tidy: add a new test for external dependencies

ensure all packages in Cargo.lock will be vendored, and fail if the
source packages isn't whitelisted.
---
 src/tools/tidy/src/extdeps.rs | 50 +++++++++++++++++++++++++++++++++++
 src/tools/tidy/src/lib.rs     |  1 +
 src/tools/tidy/src/main.rs    |  1 +
 3 files changed, 52 insertions(+)
 create mode 100644 src/tools/tidy/src/extdeps.rs

diff --git a/src/tools/tidy/src/extdeps.rs b/src/tools/tidy/src/extdeps.rs
new file mode 100644
index 00000000000..761803a45b8
--- /dev/null
+++ b/src/tools/tidy/src/extdeps.rs
@@ -0,0 +1,50 @@
+// Copyright 2018 The Rust Project Developers. See the COPYRIGHT
+// file at the top-level directory of this distribution and at
+// http://rust-lang.org/COPYRIGHT.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+// ! Check for external package sources. Allow only vendorable packages.
+
+use std::fs::File;
+use std::io::Read;
+use std::path::Path;
+
+/// List of whitelisted sources for packages
+static WHITELISTED_SOURCES: &'static [&'static str] = &[
+    "\"registry+https://github.com/rust-lang/crates.io-index\"",
+];
+
+/// check for external package sources
+pub fn check(path: &Path, bad: &mut bool) {
+    // Cargo.lock of rust: src/Cargo.lock
+    let path = path.join("Cargo.lock");
+
+    // open and read the whole file
+    let mut cargo_lock = String::new();
+    t!(t!(File::open(path)).read_to_string(&mut cargo_lock));
+
+    // process each line
+    let mut lines = cargo_lock.lines();
+    while let Some(line) = lines.next() {
+
+        // consider only source entries
+        if ! line.starts_with("source = ") {
+            continue;
+        }
+
+        // extract source value
+        let parts: Vec<&str> = line.splitn(2, "=").collect();
+        let source = parts[1].trim();
+
+        // ensure source is whitelisted
+        if !WHITELISTED_SOURCES.contains(&&*source) {
+            println!("invalid source: {}", source);
+            *bad = true;
+        }
+    }
+}
diff --git a/src/tools/tidy/src/lib.rs b/src/tools/tidy/src/lib.rs
index 022ef57503a..46217a42009 100644
--- a/src/tools/tidy/src/lib.rs
+++ b/src/tools/tidy/src/lib.rs
@@ -49,6 +49,7 @@ pub mod features;
 pub mod cargo;
 pub mod pal;
 pub mod deps;
+pub mod extdeps;
 pub mod ui_tests;
 pub mod unstable_book;
 pub mod libcoretest;
diff --git a/src/tools/tidy/src/main.rs b/src/tools/tidy/src/main.rs
index 7b86650823a..4fe77f8b58f 100644
--- a/src/tools/tidy/src/main.rs
+++ b/src/tools/tidy/src/main.rs
@@ -46,6 +46,7 @@ fn main() {
         deps::check(&path, &mut bad);
     }
     deps::check_whitelist(&path, &cargo, &mut bad);
+    extdeps::check(&path, &mut bad);
     ui_tests::check(&path, &mut bad);
 
     if bad {