From 384f97e998b39d073d746c74411d903ae8d7d1b2 Mon Sep 17 00:00:00 2001
From: Ciaran Gultnieks <ciaran@ciarang.com>
Date: Mon, 26 Jan 2015 18:29:39 +0000
Subject: [PATCH] Ensure package names are valid

---
 fdroidserver/common.py |  7 +++++++
 tests/common.TestCase  | 11 +++++++++++
 2 files changed, 18 insertions(+)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 45300317..56d05bd1 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -1055,9 +1055,16 @@ def parse_androidmanifests(paths, ignoreversions=None):
     if max_version is None:
         max_version = "Unknown"
 
+    if not is_valid_package_name(max_package):
+        raise FDroidException("Invalid package name {0}".format(max_package))
+
     return (max_version, max_vercode, max_package)
 
 
+def is_valid_package_name(name):
+    return re.match("[A-Za-z_][A-Za-z_0-9.]+$", name)
+
+
 class FDroidException(Exception):
 
     def __init__(self, value, detail=None):
diff --git a/tests/common.TestCase b/tests/common.TestCase
index d2066378..0dca4f4d 100755
--- a/tests/common.TestCase
+++ b/tests/common.TestCase
@@ -83,6 +83,17 @@ class CommonTest(unittest.TestCase):
             self.assertFalse(debuggable,
                              "debuggable APK state was not properly parsed!")
 
+    def testPackageNameValidity(self):
+        for name in ["org.fdroid.fdroid",
+                     "org.f_droid.fdr0ID"]:
+            self.assertTrue(fdroidserver.common.is_valid_package_name(name),
+                    "{0} should be a valid package name".format(name))
+        for name in ["0rg.fdroid.fdroid",
+                     ".f_droid.fdr0ID",
+                     "org.fdroid/fdroid",
+                     "/org.fdroid.fdroid"]:
+            self.assertFalse(fdroidserver.common.is_valid_package_name(name),
+                    "{0} should not be a valid package name".format(name))
 
 if __name__ == "__main__":
     parser = optparse.OptionParser()
-- 
2.30.2