mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-11-09 00:40:11 +01:00
1108 lines
33 KiB
Python
1108 lines
33 KiB
Python
#!/usr/bin/env python3
|
|
#
|
|
# lint.py - part of the FDroid server tool
|
|
# Copyright (C) 2013-2014 Daniel Martí <mvdan@mvdan.cc>
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See th
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public Licen
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
from argparse import ArgumentParser
|
|
import difflib
|
|
import re
|
|
import sys
|
|
import platform
|
|
import ruamel.yaml
|
|
import urllib.parse
|
|
from pathlib import Path
|
|
|
|
from . import _
|
|
from . import common
|
|
from . import metadata
|
|
from . import rewritemeta
|
|
|
|
config = None
|
|
options = None
|
|
|
|
|
|
def enforce_https(domain):
|
|
return (
|
|
re.compile(
|
|
r'^http://([^/]*\.)?' + re.escape(domain) + r'(/.*)?', re.IGNORECASE
|
|
),
|
|
domain + " URLs should always use https://",
|
|
)
|
|
|
|
|
|
https_enforcings = [
|
|
enforce_https('github.com'),
|
|
enforce_https('gitlab.com'),
|
|
enforce_https('bitbucket.org'),
|
|
enforce_https('apache.org'),
|
|
enforce_https('google.com'),
|
|
enforce_https('git.code.sf.net'),
|
|
enforce_https('svn.code.sf.net'),
|
|
enforce_https('anongit.kde.org'),
|
|
enforce_https('savannah.nongnu.org'),
|
|
enforce_https('git.savannah.nongnu.org'),
|
|
enforce_https('download.savannah.nongnu.org'),
|
|
enforce_https('savannah.gnu.org'),
|
|
enforce_https('git.savannah.gnu.org'),
|
|
enforce_https('download.savannah.gnu.org'),
|
|
enforce_https('github.io'),
|
|
enforce_https('gitlab.io'),
|
|
enforce_https('githubusercontent.com'),
|
|
]
|
|
|
|
|
|
def forbid_shortener(domain):
|
|
return (
|
|
re.compile(r'https?://[^/]*' + re.escape(domain) + r'/.*'),
|
|
_("URL shorteners should not be used"),
|
|
)
|
|
|
|
|
|
http_url_shorteners = [
|
|
forbid_shortener('1url.com'),
|
|
forbid_shortener('adf.ly'),
|
|
forbid_shortener('bc.vc'),
|
|
forbid_shortener('bit.do'),
|
|
forbid_shortener('bit.ly'),
|
|
forbid_shortener('bitly.com'),
|
|
forbid_shortener('budurl.com'),
|
|
forbid_shortener('buzurl.com'),
|
|
forbid_shortener('cli.gs'),
|
|
forbid_shortener('cur.lv'),
|
|
forbid_shortener('cutt.us'),
|
|
forbid_shortener('db.tt'),
|
|
forbid_shortener('filoops.info'),
|
|
forbid_shortener('goo.gl'),
|
|
forbid_shortener('is.gd'),
|
|
forbid_shortener('ity.im'),
|
|
forbid_shortener('j.mp'),
|
|
forbid_shortener('l.gg'),
|
|
forbid_shortener('lnkd.in'),
|
|
forbid_shortener('moourl.com'),
|
|
forbid_shortener('ow.ly'),
|
|
forbid_shortener('para.pt'),
|
|
forbid_shortener('po.st'),
|
|
forbid_shortener('q.gs'),
|
|
forbid_shortener('qr.ae'),
|
|
forbid_shortener('qr.net'),
|
|
forbid_shortener('rdlnk.com'),
|
|
forbid_shortener('scrnch.me'),
|
|
forbid_shortener('short.nr'),
|
|
forbid_shortener('sn.im'),
|
|
forbid_shortener('snipurl.com'),
|
|
forbid_shortener('su.pr'),
|
|
forbid_shortener('t.co'),
|
|
forbid_shortener('tiny.cc'),
|
|
forbid_shortener('tinyarrows.com'),
|
|
forbid_shortener('tinyurl.com'),
|
|
forbid_shortener('tr.im'),
|
|
forbid_shortener('tweez.me'),
|
|
forbid_shortener('twitthis.com'),
|
|
forbid_shortener('twurl.nl'),
|
|
forbid_shortener('tyn.ee'),
|
|
forbid_shortener('u.bb'),
|
|
forbid_shortener('u.to'),
|
|
forbid_shortener('ur1.ca'),
|
|
forbid_shortener('urlof.site'),
|
|
forbid_shortener('v.gd'),
|
|
forbid_shortener('vzturl.com'),
|
|
forbid_shortener('x.co'),
|
|
forbid_shortener('xrl.us'),
|
|
forbid_shortener('yourls.org'),
|
|
forbid_shortener('zip.net'),
|
|
forbid_shortener('✩.ws'),
|
|
forbid_shortener('➡.ws'),
|
|
]
|
|
|
|
http_checks = (
|
|
https_enforcings
|
|
+ http_url_shorteners
|
|
+ [
|
|
(
|
|
re.compile(r'^(?!https?://)[^/]+'),
|
|
_("URL must start with https:// or http://"),
|
|
),
|
|
(
|
|
re.compile(r'^https://(github|gitlab)\.com(/[^/]+){2,3}\.git'),
|
|
_("Appending .git is not necessary"),
|
|
),
|
|
(
|
|
re.compile(
|
|
r'^https://[^/]*(github|gitlab|bitbucket|rawgit|githubusercontent)\.[a-zA-Z]+/([^/]+/){2,3}(master|main)/'
|
|
),
|
|
_(
|
|
"Use /HEAD instead of /master or /main to point at a file in the default branch"
|
|
),
|
|
),
|
|
]
|
|
)
|
|
|
|
regex_checks = {
|
|
'WebSite': http_checks,
|
|
'SourceCode': http_checks,
|
|
'Repo': https_enforcings,
|
|
'UpdateCheckMode': https_enforcings,
|
|
'IssueTracker': http_checks
|
|
+ [
|
|
(re.compile(r'.*github\.com/[^/]+/[^/]+/*$'), _("/issues is missing")),
|
|
(re.compile(r'.*gitlab\.com/[^/]+/[^/]+/*$'), _("/issues is missing")),
|
|
],
|
|
'Donate': http_checks
|
|
+ [
|
|
(
|
|
re.compile(r'.*flattr\.com'),
|
|
_("Flattr donation methods belong in the FlattrID: field"),
|
|
),
|
|
(
|
|
re.compile(r'.*liberapay\.com'),
|
|
_("Liberapay donation methods belong in the Liberapay: field"),
|
|
),
|
|
(
|
|
re.compile(r'.*opencollective\.com'),
|
|
_("OpenCollective donation methods belong in the OpenCollective: field"),
|
|
),
|
|
],
|
|
'Changelog': http_checks,
|
|
'Author Name': [
|
|
(re.compile(r'^\s'), _("Unnecessary leading space")),
|
|
(re.compile(r'.*\s$'), _("Unnecessary trailing space")),
|
|
],
|
|
'Summary': [
|
|
(
|
|
re.compile(r'.*\b(free software|open source)\b.*', re.IGNORECASE),
|
|
_("No need to specify that the app is Free Software"),
|
|
),
|
|
(
|
|
re.compile(
|
|
r'.*((your|for).*android|android.*(app|device|client|port|version))',
|
|
re.IGNORECASE,
|
|
),
|
|
_("No need to specify that the app is for Android"),
|
|
),
|
|
(re.compile(r'.*[a-z0-9][.!?]( |$)'), _("Punctuation should be avoided")),
|
|
(re.compile(r'^\s'), _("Unnecessary leading space")),
|
|
(re.compile(r'.*\s$'), _("Unnecessary trailing space")),
|
|
],
|
|
'Description': https_enforcings
|
|
+ http_url_shorteners
|
|
+ [
|
|
(re.compile(r'\s*[*#][^ .]'), _("Invalid bulleted list")),
|
|
(
|
|
re.compile(r'https://f-droid.org/[a-z][a-z](_[A-Za-z]{2,4})?/'),
|
|
_("Locale included in f-droid.org URL"),
|
|
),
|
|
(re.compile(r'^\s'), _("Unnecessary leading space")),
|
|
(re.compile(r'.*\s$'), _("Unnecessary trailing space")),
|
|
(
|
|
re.compile(
|
|
r'.*<(applet|base|body|button|embed|form|head|html|iframe|img|input|link|object|picture|script|source|style|svg|video).*',
|
|
re.IGNORECASE,
|
|
),
|
|
_("Forbidden HTML tags"),
|
|
),
|
|
(
|
|
re.compile(r'''.*\s+src=["']javascript:.*'''),
|
|
_("Javascript in HTML src attributes"),
|
|
),
|
|
],
|
|
}
|
|
|
|
locale_pattern = re.compile(r"[a-z]{2,3}(-([A-Z][a-zA-Z]+|\d+|[a-z]+))*")
|
|
|
|
versioncode_check_pattern = re.compile(r"(\\d|\[(0-9|\\d)_?(a-fA-F)?])[+]")
|
|
|
|
ANTIFEATURES_KEYS = None
|
|
ANTIFEATURES_PATTERN = None
|
|
CATEGORIES_KEYS = list()
|
|
|
|
|
|
def load_antiFeatures_config():
|
|
"""Lazy loading, since it might read a lot of files."""
|
|
global ANTIFEATURES_KEYS, ANTIFEATURES_PATTERN
|
|
k = common.ANTIFEATURES_CONFIG_NAME
|
|
if not ANTIFEATURES_KEYS or k not in common.config:
|
|
common.config[k] = common.load_localized_config(k, 'repo')
|
|
ANTIFEATURES_KEYS = sorted(common.config[k].keys())
|
|
ANTIFEATURES_PATTERN = ','.join(ANTIFEATURES_KEYS)
|
|
|
|
|
|
def load_categories_config():
|
|
"""Lazy loading, since it might read a lot of files."""
|
|
global CATEGORIES_KEYS
|
|
k = common.CATEGORIES_CONFIG_NAME
|
|
if not CATEGORIES_KEYS:
|
|
if config and k in config:
|
|
CATEGORIES_KEYS = config[k]
|
|
else:
|
|
config[k] = common.load_localized_config(k, 'repo')
|
|
CATEGORIES_KEYS = list(config[k].keys())
|
|
|
|
|
|
def check_regexes(app):
|
|
for f, checks in regex_checks.items():
|
|
for m, r in checks:
|
|
v = app.get(f)
|
|
t = metadata.fieldtype(f)
|
|
if t == metadata.TYPE_MULTILINE:
|
|
for line in v.splitlines():
|
|
if m.match(line):
|
|
yield "%s at line '%s': %s" % (f, line, r)
|
|
else:
|
|
if v is None:
|
|
continue
|
|
if m.match(v):
|
|
yield "%s '%s': %s" % (f, v, r)
|
|
|
|
|
|
def get_lastbuild(builds):
|
|
lowest_vercode = -1
|
|
lastbuild = None
|
|
for build in builds:
|
|
if not build.disable:
|
|
vercode = build.versionCode
|
|
if lowest_vercode == -1 or vercode < lowest_vercode:
|
|
lowest_vercode = vercode
|
|
if not lastbuild or build.versionCode > lastbuild.versionCode:
|
|
lastbuild = build
|
|
return lastbuild
|
|
|
|
|
|
def check_update_check_data_url(app): # noqa: D403
|
|
"""UpdateCheckData must have a valid HTTPS URL to protect checkupdates runs."""
|
|
if app.UpdateCheckData and app.UpdateCheckMode == 'HTTP':
|
|
urlcode, codeex, urlver, verex = app.UpdateCheckData.split('|')
|
|
for url in (urlcode, urlver):
|
|
if url != '.':
|
|
parsed = urllib.parse.urlparse(url)
|
|
if not parsed.scheme or not parsed.netloc:
|
|
yield _('UpdateCheckData not a valid URL: {url}').format(url=url)
|
|
if parsed.scheme != 'https':
|
|
yield _('UpdateCheckData must use HTTPS URL: {url}').format(url=url)
|
|
|
|
|
|
def check_update_check_data_int(app): # noqa: D403
|
|
"""UpdateCheckData regex must match integers."""
|
|
if app.UpdateCheckData:
|
|
urlcode, codeex, urlver, verex = app.UpdateCheckData.split('|')
|
|
# codeex can be empty as well
|
|
if codeex and not versioncode_check_pattern.search(codeex):
|
|
yield _(
|
|
f'UpdateCheckData must match the version code as integer (\\d or [0-9]): {codeex}'
|
|
)
|
|
|
|
|
|
def check_vercode_operation(app):
|
|
if not app.VercodeOperation:
|
|
return
|
|
invalid_ops = []
|
|
for op in app.VercodeOperation:
|
|
if not common.VERCODE_OPERATION_RE.match(op):
|
|
invalid_ops += op
|
|
if invalid_ops:
|
|
yield _('Invalid VercodeOperation: {invalid_ops}').format(
|
|
invalid_ops=invalid_ops
|
|
)
|
|
|
|
|
|
def check_ucm_tags(app):
|
|
lastbuild = get_lastbuild(app.get('Builds', []))
|
|
if (
|
|
lastbuild is not None
|
|
and lastbuild.commit
|
|
and app.UpdateCheckMode == 'RepoManifest'
|
|
and not lastbuild.commit.startswith('unknown')
|
|
and lastbuild.versionCode == app.CurrentVersionCode
|
|
and not lastbuild.forcevercode
|
|
and any(s in lastbuild.commit for s in '.,_-/')
|
|
):
|
|
yield _(
|
|
"Last used commit '{commit}' looks like a tag, but UpdateCheckMode is '{ucm}'"
|
|
).format(commit=lastbuild.commit, ucm=app.UpdateCheckMode)
|
|
|
|
|
|
def check_char_limits(app):
|
|
limits = config['char_limits']
|
|
|
|
if len(app.Summary) > limits['summary']:
|
|
yield _("Summary of length {length} is over the {limit} char limit").format(
|
|
length=len(app.Summary), limit=limits['summary']
|
|
)
|
|
|
|
if len(app.Description) > limits['description']:
|
|
yield _("Description of length {length} is over the {limit} char limit").format(
|
|
length=len(app.Description), limit=limits['description']
|
|
)
|
|
|
|
|
|
def check_old_links(app):
|
|
usual_sites = [
|
|
'github.com',
|
|
'gitlab.com',
|
|
'bitbucket.org',
|
|
]
|
|
old_sites = [
|
|
'gitorious.org',
|
|
'code.google.com',
|
|
]
|
|
if any(s in app.Repo for s in usual_sites):
|
|
for f in ['WebSite', 'SourceCode', 'IssueTracker', 'Changelog']:
|
|
v = app.get(f)
|
|
if any(s in v for s in old_sites):
|
|
yield _("App is in '{repo}' but has a link to {url}").format(
|
|
repo=app.Repo, url=v
|
|
)
|
|
|
|
|
|
def check_useless_fields(app):
|
|
if app.UpdateCheckName == app.id:
|
|
yield _("UpdateCheckName is set to the known application ID, it can be removed")
|
|
|
|
|
|
filling_ucms = re.compile(r'^(Tags.*|RepoManifest.*)')
|
|
|
|
|
|
def check_checkupdates_ran(app):
|
|
if filling_ucms.match(app.UpdateCheckMode):
|
|
if not app.AutoName and not app.CurrentVersion and app.CurrentVersionCode == 0:
|
|
yield _(
|
|
"UpdateCheckMode is set but it looks like"
|
|
"checkupdates hasn't been run yet"
|
|
)
|
|
|
|
|
|
def check_empty_fields(app):
|
|
if not app.Categories:
|
|
yield _("Categories are not set")
|
|
|
|
|
|
def check_categories(app):
|
|
"""App uses 'Categories' key and parsed config uses 'categories' key."""
|
|
for categ in app.Categories:
|
|
if categ not in CATEGORIES_KEYS:
|
|
yield _("Categories '%s' is not valid" % categ)
|
|
|
|
|
|
def check_duplicates(app):
|
|
links_seen = set()
|
|
for f in ['Source Code', 'Web Site', 'Issue Tracker', 'Changelog']:
|
|
v = app.get(f)
|
|
if not v:
|
|
continue
|
|
v = v.lower()
|
|
if v in links_seen:
|
|
yield _("Duplicate link in '{field}': {url}").format(field=f, url=v)
|
|
else:
|
|
links_seen.add(v)
|
|
|
|
name = common.get_app_display_name(app)
|
|
if app.Summary and name:
|
|
if app.Summary.lower() == name.lower():
|
|
yield _("Summary '%s' is just the app's name") % app.Summary
|
|
|
|
if app.Summary and app.Description and len(app.Description) == 1:
|
|
if app.Summary.lower() == app.Description[0].lower():
|
|
yield _("Description '%s' is just the app's summary") % app.Summary
|
|
|
|
seenlines = set()
|
|
for line in app.Description.splitlines():
|
|
if len(line) < 1:
|
|
continue
|
|
if line in seenlines:
|
|
yield _("Description has a duplicate line")
|
|
seenlines.add(line)
|
|
|
|
|
|
desc_url = re.compile(r'(^|[^[])\[([^ ]+)( |\]|$)')
|
|
|
|
|
|
def check_mediawiki_links(app):
|
|
wholedesc = ' '.join(app.Description)
|
|
for um in desc_url.finditer(wholedesc):
|
|
url = um.group(1)
|
|
for m, r in http_checks:
|
|
if m.match(url):
|
|
yield _("URL {url} in Description: {error}").format(url=url, error=r)
|
|
|
|
|
|
def check_builds(app):
|
|
supported_flags = set(metadata.build_flags)
|
|
# needed for YAML and JSON
|
|
for build in app.get('Builds', []):
|
|
if build.disable:
|
|
if build.disable.startswith('Generated by import.py'):
|
|
yield _(
|
|
"Build generated by `fdroid import` - remove disable line once ready"
|
|
)
|
|
continue
|
|
for s in ['master', 'main', 'origin', 'HEAD', 'default', 'trunk']:
|
|
if build.commit and build.commit.startswith(s):
|
|
yield _(
|
|
"Branch '{branch}' used as commit in build '{versionName}'"
|
|
).format(branch=s, versionName=build.versionName)
|
|
for srclib in build.srclibs:
|
|
if '@' in srclib:
|
|
ref = srclib.split('@')[1].split('/')[0]
|
|
if ref.startswith(s):
|
|
yield _(
|
|
"Branch '{branch}' used as commit in srclib '{srclib}'"
|
|
).format(branch=s, srclib=srclib)
|
|
else:
|
|
yield _(
|
|
'srclibs missing name and/or @'
|
|
) + ' (srclibs: ' + srclib + ')'
|
|
for key in build.keys():
|
|
if key not in supported_flags:
|
|
yield _('%s is not an accepted build field') % key
|
|
|
|
|
|
def check_files_dir(app):
|
|
dir_path = Path('metadata') / app.id
|
|
if not dir_path.is_dir():
|
|
return
|
|
files = set()
|
|
for path in dir_path.iterdir():
|
|
name = path.name
|
|
if not (
|
|
path.is_file() or name == 'signatures' or locale_pattern.fullmatch(name)
|
|
):
|
|
yield _("Found non-file at %s") % path
|
|
continue
|
|
files.add(name)
|
|
|
|
used = {
|
|
'signatures',
|
|
}
|
|
for build in app.get('Builds', []):
|
|
for fname in build.patch:
|
|
if fname not in files:
|
|
yield _("Unknown file '{filename}' in build '{versionName}'").format(
|
|
filename=fname, versionName=build.versionName
|
|
)
|
|
else:
|
|
used.add(fname)
|
|
|
|
for name in files.difference(used):
|
|
if locale_pattern.fullmatch(name):
|
|
continue
|
|
yield _("Unused file at %s") % (dir_path / name)
|
|
|
|
|
|
def check_format(app):
|
|
if options.format and not rewritemeta.proper_format(app):
|
|
yield _("Run rewritemeta to fix formatting")
|
|
|
|
|
|
def check_license_tag(app):
|
|
"""Ensure all license tags contain only valid/approved values."""
|
|
if config['lint_licenses'] is None:
|
|
return
|
|
if app.License not in config['lint_licenses']:
|
|
if config['lint_licenses'] == APPROVED_LICENSES:
|
|
yield _(
|
|
'Unexpected license tag "{}"! Only use FSF or OSI '
|
|
'approved tags from https://spdx.org/license-list'
|
|
).format(app.License)
|
|
else:
|
|
yield _(
|
|
'Unexpected license tag "{}"! Only use license tags '
|
|
'configured in your config file'
|
|
).format(app.License)
|
|
|
|
|
|
def check_extlib_dir(apps):
|
|
dir_path = Path('build/extlib')
|
|
extlib_files = set()
|
|
for path in dir_path.glob('**/*'):
|
|
if path.is_file():
|
|
extlib_files.add(path.relative_to(dir_path))
|
|
|
|
used = set()
|
|
for app in apps:
|
|
for build in app.get('Builds', []):
|
|
for path in build.extlibs:
|
|
path = Path(path)
|
|
if path not in extlib_files:
|
|
yield _(
|
|
"{appid}: Unknown extlib {path} in build '{versionName}'"
|
|
).format(appid=app.id, path=path, versionName=build.versionName)
|
|
else:
|
|
used.add(path)
|
|
|
|
for path in extlib_files.difference(used):
|
|
if path.name not in [
|
|
'.gitignore',
|
|
'source.txt',
|
|
'origin.txt',
|
|
'md5.txt',
|
|
'LICENSE',
|
|
'LICENSE.txt',
|
|
'COPYING',
|
|
'COPYING.txt',
|
|
'NOTICE',
|
|
'NOTICE.txt',
|
|
]:
|
|
yield _("Unused extlib at %s") % (dir_path / path)
|
|
|
|
|
|
def check_app_field_types(app):
|
|
"""Check the fields have valid data types."""
|
|
for field in app.keys():
|
|
v = app.get(field)
|
|
t = metadata.fieldtype(field)
|
|
if v is None:
|
|
continue
|
|
elif field == 'Builds':
|
|
if not isinstance(v, list):
|
|
yield (
|
|
_(
|
|
"{appid}: {field} must be a '{type}', but it is a '{fieldtype}'!"
|
|
).format(
|
|
appid=app.id,
|
|
field=field,
|
|
type='list',
|
|
fieldtype=v.__class__.__name__,
|
|
)
|
|
)
|
|
elif t == metadata.TYPE_LIST and not isinstance(v, list):
|
|
yield (
|
|
_(
|
|
"{appid}: {field} must be a '{type}', but it is a '{fieldtype}!'"
|
|
).format(
|
|
appid=app.id,
|
|
field=field,
|
|
type='list',
|
|
fieldtype=v.__class__.__name__,
|
|
)
|
|
)
|
|
elif t == metadata.TYPE_STRING and not type(v) in (str, bool, dict):
|
|
yield (
|
|
_(
|
|
"{appid}: {field} must be a '{type}', but it is a '{fieldtype}'!"
|
|
).format(
|
|
appid=app.id,
|
|
field=field,
|
|
type='str',
|
|
fieldtype=v.__class__.__name__,
|
|
)
|
|
)
|
|
elif t == metadata.TYPE_STRINGMAP and not isinstance(v, dict):
|
|
yield (
|
|
_(
|
|
"{appid}: {field} must be a '{type}', but it is a '{fieldtype}'!"
|
|
).format(
|
|
appid=app.id,
|
|
field=field,
|
|
type='dict',
|
|
fieldtype=v.__class__.__name__,
|
|
)
|
|
)
|
|
elif t == metadata.TYPE_INT and not isinstance(v, int):
|
|
yield (
|
|
_(
|
|
"{appid}: {field} must be a '{type}', but it is a '{fieldtype}'!"
|
|
).format(
|
|
appid=app.id,
|
|
field=field,
|
|
type='int',
|
|
fieldtype=v.__class__.__name__,
|
|
)
|
|
)
|
|
|
|
|
|
def check_antiFeatures(app):
|
|
"""Check the Anti-Features keys match those declared in the config."""
|
|
pattern = ANTIFEATURES_PATTERN
|
|
msg = _("'{value}' is not a valid {field} in {appid}. Regex pattern: {pattern}")
|
|
|
|
field = 'AntiFeatures' # App entries use capitalized CamelCase
|
|
for value in app.get(field, []):
|
|
if value not in ANTIFEATURES_KEYS:
|
|
yield msg.format(value=value, field=field, appid=app.id, pattern=pattern)
|
|
|
|
field = 'antifeatures' # Build entries use all lowercase
|
|
for build in app.get('Builds', []):
|
|
build_antiFeatures = build.get(field, [])
|
|
for value in build_antiFeatures:
|
|
if value not in ANTIFEATURES_KEYS:
|
|
yield msg.format(
|
|
value=value, field=field, appid=app.id, pattern=pattern
|
|
)
|
|
|
|
|
|
def check_for_unsupported_metadata_files(basedir=""):
|
|
"""Check whether any non-metadata files are in metadata/."""
|
|
basedir = Path(basedir)
|
|
global config
|
|
|
|
if not (basedir / 'metadata').exists():
|
|
return False
|
|
return_value = False
|
|
for f in (basedir / 'metadata').iterdir():
|
|
if f.is_dir():
|
|
if not Path(str(f) + '.yml').exists():
|
|
print(_('"%s/" has no matching metadata file!') % f)
|
|
return_value = True
|
|
elif f.suffix == '.yml':
|
|
packageName = f.stem
|
|
if not common.is_valid_package_name(packageName):
|
|
print(
|
|
'"'
|
|
+ packageName
|
|
+ '" is an invalid package name!\n'
|
|
+ 'https://developer.android.com/studio/build/application-id'
|
|
)
|
|
return_value = True
|
|
else:
|
|
print(
|
|
_(
|
|
'"{path}" is not a supported file format (use: metadata/*.yml)'
|
|
).format(path=f.relative_to(basedir))
|
|
)
|
|
return_value = True
|
|
|
|
return return_value
|
|
|
|
|
|
def check_current_version_code(app):
|
|
"""Check that the CurrentVersionCode is currently available."""
|
|
if app.get('ArchivePolicy') == 0:
|
|
return
|
|
cv = app.get('CurrentVersionCode')
|
|
if cv is not None and cv == 0:
|
|
return
|
|
|
|
builds = app.get('Builds')
|
|
active_builds = 0
|
|
min_versionCode = None
|
|
if builds:
|
|
for build in builds:
|
|
vc = build['versionCode']
|
|
if min_versionCode is None or min_versionCode > vc:
|
|
min_versionCode = vc
|
|
if not build.get('disable'):
|
|
active_builds += 1
|
|
if cv == build['versionCode']:
|
|
break
|
|
if active_builds == 0:
|
|
return # all builds are disabled
|
|
if cv is not None and cv < min_versionCode:
|
|
yield (
|
|
_(
|
|
'CurrentVersionCode {cv} is less than oldest build entry {versionCode}'
|
|
).format(cv=cv, versionCode=min_versionCode)
|
|
)
|
|
|
|
|
|
def check_updates_expected(app):
|
|
"""Check if update checking makes sense."""
|
|
if (app.get('NoSourceSince') or app.get('ArchivePolicy') == 0) and not all(
|
|
app.get(key, 'None') == 'None' for key in ('AutoUpdateMode', 'UpdateCheckMode')
|
|
):
|
|
yield _(
|
|
'App has NoSourceSince or ArchivePolicy "0 versions" or 0 but AutoUpdateMode or UpdateCheckMode are not None'
|
|
)
|
|
|
|
|
|
def check_updates_ucm_http_aum_pattern(app): # noqa: D403
|
|
"""AutoUpdateMode with UpdateCheckMode: HTTP must have a pattern."""
|
|
if app.UpdateCheckMode == "HTTP" and app.AutoUpdateMode == "Version":
|
|
yield _("AutoUpdateMode with UpdateCheckMode: HTTP must have a pattern.")
|
|
|
|
|
|
def check_certificate_pinned_binaries(app):
|
|
if len(app.get('AllowedAPKSigningKeys')) > 0:
|
|
return
|
|
if app.get('Binaries') is not None:
|
|
yield _(
|
|
'App has Binaries but does not have corresponding AllowedAPKSigningKeys to pin certificate.'
|
|
)
|
|
return
|
|
builds = app.get('Builds')
|
|
if builds is None:
|
|
return
|
|
for build in builds:
|
|
if build.get('binary') is not None:
|
|
yield _(
|
|
'App version has binary but does not have corresponding AllowedAPKSigningKeys to pin certificate.'
|
|
)
|
|
return
|
|
|
|
|
|
def lint_config(arg):
|
|
path = Path(arg)
|
|
passed = True
|
|
yamllintresult = common.run_yamllint(path)
|
|
if yamllintresult:
|
|
print(yamllintresult)
|
|
passed = False
|
|
|
|
with path.open() as fp:
|
|
data = ruamel.yaml.YAML(typ='safe').load(fp)
|
|
common.config_type_check(arg, data)
|
|
|
|
if path.name == 'mirrors.yml':
|
|
import pycountry
|
|
|
|
valid_country_codes = [c.alpha_2 for c in pycountry.countries]
|
|
for mirror in data:
|
|
code = mirror.get('countryCode')
|
|
if code and code not in valid_country_codes:
|
|
passed = False
|
|
msg = _(
|
|
'{path}: "{code}" is not a valid ISO_3166-1 alpha-2 country code!'
|
|
).format(path=str(path), code=code)
|
|
if code.upper() in valid_country_codes:
|
|
m = [code.upper()]
|
|
else:
|
|
m = difflib.get_close_matches(
|
|
code.upper(), valid_country_codes, 2, 0.5
|
|
)
|
|
if m:
|
|
msg += ' '
|
|
msg += _('Did you mean {code}?').format(code=', '.join(sorted(m)))
|
|
print(msg)
|
|
|
|
return passed
|
|
|
|
|
|
def main():
|
|
global config, options
|
|
|
|
# Parse command line...
|
|
parser = ArgumentParser()
|
|
common.setup_global_opts(parser)
|
|
parser.add_argument(
|
|
"-f",
|
|
"--format",
|
|
action="store_true",
|
|
default=False,
|
|
help=_("Also warn about formatting issues, like rewritemeta -l"),
|
|
)
|
|
parser.add_argument(
|
|
'--force-yamllint',
|
|
action="store_true",
|
|
default=False,
|
|
help=_(
|
|
"When linting the entire repository yamllint is disabled by default. "
|
|
"This option forces yamllint regardless."
|
|
),
|
|
)
|
|
parser.add_argument(
|
|
"appid", nargs='*', help=_("application ID of file to operate on")
|
|
)
|
|
metadata.add_metadata_arguments(parser)
|
|
options = parser.parse_args()
|
|
metadata.warnings_action = options.W
|
|
|
|
config = common.read_config(options)
|
|
load_antiFeatures_config()
|
|
load_categories_config()
|
|
|
|
if options.force_yamllint:
|
|
import yamllint # throw error if it is not installed
|
|
|
|
yamllint # make pyflakes ignore this
|
|
|
|
paths = list()
|
|
for arg in options.appid:
|
|
if (
|
|
arg == 'config.yml'
|
|
or Path(arg).parent.name == 'config'
|
|
or Path(arg).parent.parent.name == 'config' # localized
|
|
):
|
|
paths.append(arg)
|
|
|
|
failed = 0
|
|
if paths:
|
|
for path in paths:
|
|
options.appid.remove(path)
|
|
if not lint_config(path):
|
|
failed += 1
|
|
# an empty list of appids means check all apps, avoid that if files were given
|
|
if not options.appid:
|
|
sys.exit(failed)
|
|
|
|
if not lint_metadata(options):
|
|
failed += 1
|
|
|
|
if failed:
|
|
sys.exit(failed)
|
|
|
|
|
|
def lint_metadata(options):
|
|
# Get all apps...
|
|
allapps = metadata.read_metadata(options.appid)
|
|
apps = common.read_app_args(options.appid, allapps, False)
|
|
|
|
anywarns = check_for_unsupported_metadata_files()
|
|
|
|
apps_check_funcs = []
|
|
if not options.appid:
|
|
# otherwise it finds tons of unused extlibs
|
|
apps_check_funcs.append(check_extlib_dir)
|
|
for check_func in apps_check_funcs:
|
|
for warn in check_func(apps.values()):
|
|
anywarns = True
|
|
print(warn)
|
|
|
|
for appid, app in apps.items():
|
|
if app.Disabled:
|
|
continue
|
|
|
|
# only run yamllint when linting individual apps.
|
|
if options.appid or options.force_yamllint:
|
|
# run yamllint on app metadata
|
|
ymlpath = Path('metadata') / (appid + '.yml')
|
|
if ymlpath.is_file():
|
|
yamllintresult = common.run_yamllint(ymlpath)
|
|
if yamllintresult:
|
|
print(yamllintresult)
|
|
|
|
# run yamllint on srclib metadata
|
|
srclibs = set()
|
|
for build in app.get('Builds', []):
|
|
for srclib in build.srclibs:
|
|
name, _ref, _number, _subdir = common.parse_srclib_spec(srclib)
|
|
srclibs.add(name + '.yml')
|
|
for srclib in srclibs:
|
|
srclibpath = Path('srclibs') / srclib
|
|
if srclibpath.is_file():
|
|
if platform.system() == 'Windows':
|
|
# Handle symlink on Windows
|
|
symlink = srclibpath.read_text()
|
|
if symlink in srclibs:
|
|
continue
|
|
elif (srclibpath.parent / symlink).is_file():
|
|
srclibpath = srclibpath.parent / symlink
|
|
yamllintresult = common.run_yamllint(srclibpath)
|
|
if yamllintresult:
|
|
print(yamllintresult)
|
|
|
|
app_check_funcs = [
|
|
check_app_field_types,
|
|
check_antiFeatures,
|
|
check_regexes,
|
|
check_update_check_data_url,
|
|
check_update_check_data_int,
|
|
check_vercode_operation,
|
|
check_ucm_tags,
|
|
check_char_limits,
|
|
check_old_links,
|
|
check_checkupdates_ran,
|
|
check_useless_fields,
|
|
check_empty_fields,
|
|
check_categories,
|
|
check_duplicates,
|
|
check_mediawiki_links,
|
|
check_builds,
|
|
check_files_dir,
|
|
check_format,
|
|
check_license_tag,
|
|
check_current_version_code,
|
|
check_updates_expected,
|
|
check_updates_ucm_http_aum_pattern,
|
|
check_certificate_pinned_binaries,
|
|
]
|
|
|
|
for check_func in app_check_funcs:
|
|
for warn in check_func(app):
|
|
anywarns = True
|
|
print("%s: %s" % (appid, warn))
|
|
|
|
return not anywarns
|
|
|
|
|
|
# A compiled, public domain list of official SPDX license tags. generated
|
|
# using: `python3 -m spdx_license_list print --filter-fsf-or-osi` Only contains
|
|
# licenes approved by either FSF to be free/libre software or OSI to be open
|
|
# source
|
|
APPROVED_LICENSES = [
|
|
'0BSD',
|
|
'AAL',
|
|
'AFL-1.1',
|
|
'AFL-1.2',
|
|
'AFL-2.0',
|
|
'AFL-2.1',
|
|
'AFL-3.0',
|
|
'AGPL-3.0-only',
|
|
'AGPL-3.0-or-later',
|
|
'APL-1.0',
|
|
'APSL-1.0',
|
|
'APSL-1.1',
|
|
'APSL-1.2',
|
|
'APSL-2.0',
|
|
'Apache-1.0',
|
|
'Apache-1.1',
|
|
'Apache-2.0',
|
|
'Artistic-1.0',
|
|
'Artistic-1.0-Perl',
|
|
'Artistic-1.0-cl8',
|
|
'Artistic-2.0',
|
|
'BSD-1-Clause',
|
|
'BSD-2-Clause',
|
|
'BSD-2-Clause-Patent',
|
|
'BSD-3-Clause',
|
|
'BSD-3-Clause-Clear',
|
|
'BSD-3-Clause-LBNL',
|
|
'BSD-4-Clause',
|
|
'BSL-1.0',
|
|
'BitTorrent-1.1',
|
|
'CAL-1.0',
|
|
'CAL-1.0-Combined-Work-Exception',
|
|
'CATOSL-1.1',
|
|
'CC-BY-4.0',
|
|
'CC-BY-SA-4.0',
|
|
'CC0-1.0',
|
|
'CDDL-1.0',
|
|
'CECILL-2.0',
|
|
'CECILL-2.1',
|
|
'CECILL-B',
|
|
'CECILL-C',
|
|
'CNRI-Python',
|
|
'CPAL-1.0',
|
|
'CPL-1.0',
|
|
'CUA-OPL-1.0',
|
|
'ClArtistic',
|
|
'Condor-1.1',
|
|
'ECL-1.0',
|
|
'ECL-2.0',
|
|
'EFL-1.0',
|
|
'EFL-2.0',
|
|
'EPL-1.0',
|
|
'EPL-2.0',
|
|
'EUDatagrid',
|
|
'EUPL-1.1',
|
|
'EUPL-1.2',
|
|
'Entessa',
|
|
'FSFAP',
|
|
'FTL',
|
|
'Fair',
|
|
'Frameworx-1.0',
|
|
'GFDL-1.1-only',
|
|
'GFDL-1.1-or-later',
|
|
'GFDL-1.2-only',
|
|
'GFDL-1.2-or-later',
|
|
'GFDL-1.3-only',
|
|
'GFDL-1.3-or-later',
|
|
'GPL-2.0-only',
|
|
'GPL-2.0-or-later',
|
|
'GPL-3.0-only',
|
|
'GPL-3.0-or-later',
|
|
'HPND',
|
|
'IJG',
|
|
'IPA',
|
|
'IPL-1.0',
|
|
'ISC',
|
|
'Imlib2',
|
|
'Intel',
|
|
'LGPL-2.0-only',
|
|
'LGPL-2.0-or-later',
|
|
'LGPL-2.1-only',
|
|
'LGPL-2.1-or-later',
|
|
'LGPL-3.0-only',
|
|
'LGPL-3.0-or-later',
|
|
'LPL-1.0',
|
|
'LPL-1.02',
|
|
'LPPL-1.2',
|
|
'LPPL-1.3a',
|
|
'LPPL-1.3c',
|
|
'LiLiQ-P-1.1',
|
|
'LiLiQ-R-1.1',
|
|
'LiLiQ-Rplus-1.1',
|
|
'MIT',
|
|
'MIT-0',
|
|
'MPL-1.0',
|
|
'MPL-1.1',
|
|
'MPL-2.0',
|
|
'MPL-2.0-no-copyleft-exception',
|
|
'MS-PL',
|
|
'MS-RL',
|
|
'MirOS',
|
|
'Motosoto',
|
|
'MulanPSL-2.0',
|
|
'Multics',
|
|
'NASA-1.3',
|
|
'NCSA',
|
|
'NGPL',
|
|
'NOSL',
|
|
'NPL-1.0',
|
|
'NPL-1.1',
|
|
'NPOSL-3.0',
|
|
'NTP',
|
|
'Naumen',
|
|
'Nokia',
|
|
'OCLC-2.0',
|
|
'ODbL-1.0',
|
|
'OFL-1.0',
|
|
'OFL-1.1',
|
|
'OFL-1.1-RFN',
|
|
'OFL-1.1-no-RFN',
|
|
'OGTSL',
|
|
'OLDAP-2.3',
|
|
'OLDAP-2.7',
|
|
'OLDAP-2.8',
|
|
'OSET-PL-2.1',
|
|
'OSL-1.0',
|
|
'OSL-1.1',
|
|
'OSL-2.0',
|
|
'OSL-2.1',
|
|
'OSL-3.0',
|
|
'OpenSSL',
|
|
'PHP-3.0',
|
|
'PHP-3.01',
|
|
'PostgreSQL',
|
|
'Python-2.0',
|
|
'QPL-1.0',
|
|
'RPL-1.1',
|
|
'RPL-1.5',
|
|
'RPSL-1.0',
|
|
'RSCPL',
|
|
'Ruby',
|
|
'SGI-B-2.0',
|
|
'SISSL',
|
|
'SMLNJ',
|
|
'SPL-1.0',
|
|
'SimPL-2.0',
|
|
'Sleepycat',
|
|
'UCL-1.0',
|
|
'UPL-1.0',
|
|
'Unicode-DFS-2016',
|
|
'Unlicense',
|
|
'VSL-1.0',
|
|
'Vim',
|
|
'W3C',
|
|
'WTFPL',
|
|
'Watcom-1.0',
|
|
'X11',
|
|
'XFree86-1.1',
|
|
'Xnet',
|
|
'YPL-1.1',
|
|
'ZPL-2.0',
|
|
'ZPL-2.1',
|
|
'Zend-2.0',
|
|
'Zimbra-1.3',
|
|
'Zlib',
|
|
'gnuplot',
|
|
'iMatix',
|
|
'xinetd',
|
|
]
|
|
|
|
# an F-Droid addition, until we can enforce a better option
|
|
APPROVED_LICENSES.append("PublicDomain")
|
|
|
|
if __name__ == "__main__":
|
|
main()
|