From 95ff6de599751892b7a52abe919bd7322156176b Mon Sep 17 00:00:00 2001 From: Ciaran Gultnieks Date: Sat, 31 Jan 2015 12:07:33 +0000 Subject: [PATCH] Improve validation of fdroid import page parsing --- fdroidserver/import.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fdroidserver/import.py b/fdroidserver/import.py index c837fffd..9f3e42ea 100644 --- a/fdroidserver/import.py +++ b/fdroidserver/import.py @@ -226,6 +226,16 @@ def main(): logging.error("the manual for a list of supported formats, and supply one of those.") sys.exit(1) + # Ensure we have a sensible-looking repo address at this point. If not, we + # might have got a page format we weren't expecting. (Note that we + # specifically don't want git@...) + if ((repotype != 'bzr' and (not repo.startswith('http://') and + not repo.startswith('https://') and + not repo.startswith('git://'))) or + ' ' in repo): + logging.error("Repo address '{0}' does not seem to be valid".format(repo)) + sys.exit(1) + # Get a copy of the source so we can extract some info... logging.info('Getting source from ' + repotype + ' repo at ' + repo) src_dir = os.path.join(tmp_dir, 'importer')