_("Unnecessary leading space")),
(re.compile(r'.*\s$'),
_("Unnecessary trailing space")),
- (re.compile(r'.*<(iframe|link|script).*'),
+ (re.compile(r'.*<(applet|base|body|button|embed|form|head|html|iframe|img|input|link|object|picture|script|source|style|svg|video).*', re.IGNORECASE),
_("Forbidden HTML tags")),
(re.compile(r'''.*\s+src=["']javascript:.*'''),
_("Javascript in HTML src attributes")),
# http://www.drdobbs.com/testing/unit-testing-with-python/240165163
import inspect
+import logging
import optparse
import os
import shutil
class LintTest(unittest.TestCase):
'''fdroidserver/lint.py'''
+ def setUp(self):
+ logging.basicConfig(level=logging.INFO)
+ self.basedir = os.path.join(localmodule, 'tests')
+ self.tmpdir = os.path.abspath(os.path.join(self.basedir, '..', '.testfiles'))
+ if not os.path.exists(self.tmpdir):
+ os.makedirs(self.tmpdir)
+ os.chdir(self.basedir)
+
def test_check_for_unsupported_metadata_files(self):
config = dict()
fdroidserver.common.fill_config_defaults(config)
fdroidserver.lint.config = config
self.assertTrue(fdroidserver.lint.check_for_unsupported_metadata_files())
- tmpdir = os.path.join(localmodule, '.testfiles')
- tmptestsdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=tmpdir)
+ tmptestsdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name,
+ dir=self.tmpdir)
self.assertFalse(fdroidserver.lint.check_for_unsupported_metadata_files(tmptestsdir + '/'))
shutil.copytree(os.path.join(localmodule, 'tests', 'metadata'),
os.path.join(tmptestsdir, 'metadata'),
os.path.join(tmptestsdir, 'metadata'))
self.assertTrue(fdroidserver.lint.check_for_unsupported_metadata_files(tmptestsdir + '/'))
+ def test_forbidden_html_tags(self):
+ config = dict()
+ fdroidserver.common.fill_config_defaults(config)
+ fdroidserver.common.config = config
+ fdroidserver.lint.config = config
+
+ app = {
+ 'Name': 'Bad App',
+ 'Summary': 'We pwn you',
+ 'Description': 'This way: <style><img src="</style><img src=x onerror=alert(1)//">',
+ }
+
+ anywarns = False
+ for warn in fdroidserver.lint.check_regexes(app):
+ anywarns = True
+ logging.debug(warn)
+ self.assertTrue(anywarns)
+
if __name__ == "__main__":
parser = optparse.OptionParser()