Ensure package names are valid

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 45300317dce436536b5594ac8a2ac97854a0e88d..56d05bd1d4b3fc34d80728255bb7eaa784a39ed3 100644 (file)
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -1055,9 +1055,16 @@ def parse_androidmanifests(paths, ignoreversions=None):
     if max_version is None:
         max_version = "Unknown"
 
+    if not is_valid_package_name(max_package):
+        raise FDroidException("Invalid package name {0}".format(max_package))
+
     return (max_version, max_vercode, max_package)
 
 
+def is_valid_package_name(name):
+    return re.match("[A-Za-z_][A-Za-z_0-9.]+$", name)
+
+
 class FDroidException(Exception):
 
     def __init__(self, value, detail=None):

diff --git a/tests/common.TestCase b/tests/common.TestCase
index d206637856b8efa8453e4acc95cc208deacc2a4d..0dca4f4d35c9239f26be22e93d0248fc77117971 100755 (executable)
--- a/tests/common.TestCase
+++ b/tests/common.TestCase
@@ -83,6 +83,17 @@ class CommonTest(unittest.TestCase):
             self.assertFalse(debuggable,
                              "debuggable APK state was not properly parsed!")
 
+    def testPackageNameValidity(self):
+        for name in ["org.fdroid.fdroid",
+                     "org.f_droid.fdr0ID"]:
+            self.assertTrue(fdroidserver.common.is_valid_package_name(name),
+                    "{0} should be a valid package name".format(name))
+        for name in ["0rg.fdroid.fdroid",
+                     ".f_droid.fdr0ID",
+                     "org.fdroid/fdroid",
+                     "/org.fdroid.fdroid"]:
+            self.assertFalse(fdroidserver.common.is_valid_package_name(name),
+                    "{0} should not be a valid package name".format(name))
 
 if __name__ == "__main__":
     parser = optparse.OptionParser()