msg = 'Invalid update check method'
if version and vercode and app.VercodeOperation:
+ if not common.VERCODE_OPERATION_RE.match(app.VercodeOperation):
+ raise MetaDataException(_('Invalid VercodeOperation: {field}')
+ .format(field=app.VercodeOperation))
oldvercode = str(int(vercode))
op = app.VercodeOperation.replace("%c", oldvercode)
vercode = str(eval(op))
# has to be manually set in test_aapt_version()
MINIMUM_AAPT_VERSION = '26.0.0'
+VERCODE_OPERATION_RE = re.compile(r'^([ 0-9/*+-]|%c)+$')
+
# A signature block file with a .DSA, .RSA, or .EC extension
CERT_PATH_REGEX = re.compile(r'^META-INF/.*\.(DSA|EC|RSA)$')
APK_NAME_REGEX = re.compile(r'^([a-zA-Z][\w.]*)_(-?[0-9]+)_?([0-9a-f]{7})?\.apk')
yield _('UpdateCheckData must use HTTPS URL: {url}').format(url=url)
+def check_vercode_operation(app):
+ if app.VercodeOperation and not common.VERCODE_OPERATION_RE.match(app.VercodeOperation):
+ yield _('Invalid VercodeOperation: {field}').format(field=app.VercodeOperation)
+
+
def check_ucm_tags(app):
lastbuild = get_lastbuild(app.builds)
if (lastbuild is not None
app_check_funcs = [
check_regexes,
check_update_check_data_url,
+ check_vercode_operation,
check_ucm_tags,
check_char_limits,
check_old_links,
import fdroidserver.common
import fdroidserver.lint
+import fdroidserver.metadata
class LintTest(unittest.TestCase):
logging.debug(warn)
self.assertTrue(anywarns)
+ def test_check_vercode_operation(self):
+ config = dict()
+ fdroidserver.common.fill_config_defaults(config)
+ fdroidserver.common.config = config
+ fdroidserver.lint.config = config
+
+ app = fdroidserver.metadata.App()
+ app.Name = 'Bad App'
+ app.Summary = 'We pwn you'
+ app.Description = 'These are some back'
+
+ good_fields = [
+ '6%c',
+ '%c - 1',
+ '%c + 10',
+ '%c*10',
+ '%c*10 + 3',
+ '%c*10 + 8',
+ '%c + 2 ',
+ '%c + 3',
+ '%c + 7',
+ ]
+ bad_fields = [
+ 'open("/etc/passwd")',
+ '%C + 1',
+ '%%c * 123',
+ '123 + %%',
+ '%c % 7',
+ ]
+
+ anywarns = False
+ for good in good_fields:
+ app.VercodeOperation = good
+ for warn in fdroidserver.lint.check_vercode_operation(app):
+ anywarns = True
+ logging.debug(warn)
+ self.assertFalse(anywarns)
+
+ for bad in bad_fields:
+ anywarns = False
+ app.VercodeOperation = bad
+ for warn in fdroidserver.lint.check_vercode_operation(app):
+ anywarns = True
+ logging.debug(warn)
+ self.assertTrue(anywarns)
+
if __name__ == "__main__":
parser = optparse.OptionParser()