kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-04 14:30:11 +01:00
Code Activity
5,442 Commits 1 Branch 59 Tags 40 MiB
a227ad6e1a
Commit Graph

5442 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hans-Christoph Steiner
cf4c9cb4ee buildserver now needs python3-defusedxml 
4d13a904f3 means that defusedxml is required
to be installed on the buildserver guest.
 2018-09-03 22:56:08 +02:00
Hans-Christoph Steiner
11b3e5be3a update: throw exception for APKs with invalid Application ID 
Android Application IDs must be valid Java Package Names.  While the build
tools likely validate the Application ID, it is possible to manually create
a malicious APK.
 2018-09-03 22:56:08 +02:00
Hans-Christoph Steiner
5d161cc9fd validate appid when reading metadata files 
The metadata file must be named after the Application ID of the app it is
describing, and Android Application IDs must be valid Java Package Names.
 2018-09-03 22:56:08 +02:00
Hans-Christoph Steiner
3011953d0e convert apkcache from pickle to JSON 
pickle can serialize executable code, while JSON is only ever pure data.
The APK cache is only ever pure data, so no need for the security risks of
pickle.  For example, if some malicious thing gets write access on the
`fdroid update` machine, it can write out a custom tmp/apkcache which would
then be executed.  That is not possible with JSON.

This does just ignore any existing cache and rebuilds from scratch. That is
so we don't need to maintain pickle anywhere, and to ensure there are no
glitches from a conversion from pickle to JSON.

closes #163
 2018-09-03 18:07:40 +02:00
Marcus Hoffmann
74776e026f gradlew-fdroid: add gradle 4.10 2018-09-03 14:47:36 +02:00
Marcus Hoffmann
d7b249272a makebuildserver: add gradle 4.10 2018-09-03 14:44:33 +02:00
Hans-Christoph Steiner
c7d5050091 Merge branch 'bandit-scanner-and-fixes' into 'master' 
Bandit scanner and fixes

See merge request fdroid/fdroidserver!567
 2018-08-30 13:06:07 +00:00
Hans-Christoph Steiner
3ffe2860f3 gitlab-ci: add 'bandit' security scanner to all runs 
bandit is used by Radically Open Security and is part of the GitLab Ultimate
Static Application Security Testing (SAST) suite.

https://docs.gitlab.com/ee/user/project/merge_requests/sast.html
 2018-08-29 17:48:06 +02:00
Hans-Christoph Steiner
4d13a904f3 use defusedxml to avoid DoS attacks while loading XML 2018-08-29 17:44:54 +02:00
Hans-Christoph Steiner
cc94ebca30 use global constant for the 'xmlns:android' XML namespace 2018-08-29 17:44:54 +02:00
Hans-Christoph Steiner
3e1d313b7c mark manually sanitized input so bandit doesn't complain 2018-08-29 17:44:54 +02:00
Hans-Christoph Steiner
2edc68d6cd mark all required permissions so bandit doesn't complain 2018-08-29 17:44:54 +02:00
Hans-Christoph Steiner
8d3e82913e mark all required usages of MD5 so bandit doesn't complain 2018-08-29 17:44:54 +02:00
Hans-Christoph Steiner
a089614225 checkupdates: remove magic number 99999999 from HTTP checks 
It is vestigal from old code and no longer is needed.
 2018-08-29 17:24:24 +02:00
Hans-Christoph Steiner
5d77fd97ee use posixpath.join() for paths on the buildserver 
This fixes bandit misdetection of hardcoded /tmp dir.  posixpath.join() is
good to use anyway, it highlights what is on the remote server, vs what is
local.  Local paths should use os.path.join() to support Windows, etc.
posixpath is built in since Python 3.4, maybe earlier
 2018-08-29 17:24:04 +02:00
Hans-Christoph Steiner
4503e7a92a replace unneeded eval() call and support negative versionCodes 2018-08-29 17:24:04 +02:00
Hans-Christoph Steiner
f0d27e1fa5 Merge branch 'remove-unused-YamlLoader-optimisation' into 'master' 
remove unused YamlLoader optimization

See merge request fdroid/fdroidserver!566
 2018-08-29 11:12:02 +00:00
Michael Pöhn
ee4945cb84 remove unused YamlLoader optimization 2018-08-29 11:25:01 +02:00
Hans-Christoph Steiner
6b3cf72b68 Merge branch 'safe_yaml_parsing' into 'master' 
use yaml.safe_load for parsing metadata

See merge request fdroid/fdroidserver!565
 2018-08-29 07:37:43 +00:00
Michael Pöhn
e7a34807f7 use yaml.safe_load for parsing metadata 2018-08-29 00:33:58 +02:00
Michael Pöhn
1a8c77e815 Merge branch 'jarsigner-and-keytool-lookup-regression' into 'master' 
fix: jarsigner and keytool lookup regression

Closes #550

See merge request fdroid/fdroidserver!562
 2018-08-21 01:28:22 +00:00
Michael Pöhn
4dcfa95d6e fix: jarsigner and keytool lookup regression 2018-08-21 03:05:43 +02:00
Nicco Kunzmann
3546e8d38d generate all po files 
- contributes to https://gitlab.com/fdroid/fdroidserver/issues/546#note_95593326
 2018-08-20 23:05:55 +02:00
Michael Pöhn
c766129f8b Merge branch 'master' into 'master' 
Fix keytool not found on MacOSX (when using Java from Apple)

See merge request fdroid/fdroidserver!557
 2018-08-20 10:57:45 +00:00
Cyril Russo
81641b4628 Fixed precommit checks 2018-08-20 11:17:36 +02:00
Cyril Russo
4303b0fac1 Apply suggestion from @uniqx to using shutil.which instead of iterating path by hand 2018-08-17 20:14:54 +02:00
Cyril Russo
ace33bcfc0 Reverted the change in the default config.py 
Improved the detection of keytool and jarsigner by also searching the PATH environment variable
 2018-08-17 16:46:46 +02:00
Cyril Russo
4f21045cad Fix keytool not found on MacOSX (when using Java from Apple) 
Fix keytool parsing error due to localisation keytool -list command.
Always fallback to english so the parsing makes sense.
 2018-08-17 15:32:29 +02:00
Hans-Christoph Steiner
05be4bc814 Merge branch '471-lint-check-unknown-keys' into 'master' 
check for unknown app fields and build flags when parsing yml

Closes #471

See merge request fdroid/fdroidserver!554
 2018-08-14 10:50:59 +00:00
Hans-Christoph Steiner
53bd5acb09 Merge branch 'make-python-tests-run-independent-of-cwd' into 'master' 
Make python tests run independent of cwd

See merge request fdroid/fdroidserver!556
 2018-08-14 10:34:47 +00:00
Hans-Christoph Steiner
fb16823a4a Merge branch 'master' into 'master' 
common: fix tests when running without any Android SDK installed

See merge request fdroid/fdroidserver!553
 2018-08-14 10:32:10 +00:00
Michael Pöhn
82563850b7 fix test metadata case for Builds app field 2018-08-14 12:31:12 +02:00
Michael Pöhn
6a06944945 better exception and waring message when yaml metadata checks fail; build flags check optional 2018-08-14 12:31:12 +02:00
Michael Pöhn
0d005ab83a make parse_yaml_metadata ignore empty input 2018-08-14 12:31:12 +02:00
Michael Pöhn
e83221eb03 improve yaml build flag check cost; added unit test for unknown app fields, builds flags checks when parsing yaml 2018-08-14 12:31:12 +02:00
Michael Pöhn
25b4a47951 check for unknown app fields and build flags when parsing yml 2018-08-14 12:31:12 +02:00
Michael Pöhn
f53d1abcce fix: make sure ensure_final_value always has a clearly defined return value 2018-08-14 11:07:44 +02:00
Michael Pöhn
7d5f4d3ab9 added cwd setup boiler-plate to *.TestCase where missing 2018-08-14 10:34:13 +02:00
Michael Pöhn
f153a61277 made build.TestCase run independant of cwd 2018-08-14 10:10:19 +02:00
Michael Pöhn
37e0dce73b made index.TestCase run independant of cwd 2018-08-14 10:08:03 +02:00
Michael Pöhn
edb8d105b0 made update.TestCase run independent of cwd 2018-08-14 10:02:15 +02:00
Michael Pöhn
64c5d176da Merge branch 'examples_char_limits' into 'master' 
examples/config.py: update char_limit defaults

See merge request fdroid/fdroidserver!555
 2018-08-12 20:31:55 +00:00
Marcus Hoffmann
bc1766c7ce examples/config.py: update char_limit defaults 2018-08-12 18:09:46 +02:00
Marcus Hoffmann
9b0f7f9d04 makebuildserver: add build-tools 28.0.2 2018-08-10 20:55:00 +02:00
Marcus
cf3665b328 Merge branch 'facebook_sdk' into 'master' 
scanner: add facebook sdk to forbidden libraries

Closes #534

See merge request fdroid/fdroidserver!542
 2018-08-10 13:36:44 +00:00
Marcus Hoffmann
a6dfbc6e2e scanner: add facebook sdk to forbidden libraries 
These are sourceavailable but not under a free license.
I made sure that this matches only the facebook sdk's from here:
https://github.com/facebook/facebook-android-sdk and not some real open
source libraries by facebook (fresco, stetho, ...). These seem to be
under a different namespace.

fdroid/fdroidserver#534
 2018-08-10 15:20:01 +02:00
Hans-Christoph Steiner
1b37b521c8 common: fix tests when running without any Android SDK installed 
fdroid/fdroidserver!552
fdroid/fdroidserver#541
 2018-08-07 14:51:42 +02:00
Hans-Christoph Steiner
f1814b7c73 Merge branch '541-ci-tests-dont-execute-majority-of-python-test-cases' into 'master' 
Resolve "CI tests don't execute majority of python test cases"

Closes #541

See merge request fdroid/fdroidserver!552
 2018-08-07 08:42:42 +00:00
Michael Pöhn
55466f1166 fix fixtures in tests/metadata/dump 2018-08-07 00:02:07 +02:00
Michael Pöhn
5d5617bf40 fix: minor bugs in testcases for: common, metadata, update 2018-08-06 23:53:49 +02:00