[lintian] 02/02: Add detection of well known statistic website

To: debian-lint-maint@lists.debian.org
Subject: [lintian] 02/02: Add detection of well known statistic website
From: Bastien ROUCARIES <broucaries-guest@moszumanska.debian.org>
Date: Sat, 28 Dec 2013 21:05:26 +0000
Message-id: <[🔎] E1Vx14Y-0004EF-U8@moszumanska.debian.org>
Reply-to: Bastien ROUCARIÈS <roucaries.bastien@gmail.com>
In-reply-to: <[🔎] 20131228210526.16175.29598@moszumanska.debian.org>
References: <[🔎] 20131228210526.16175.29598@moszumanska.debian.org>

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 272434336dccc5efde80970728869527cb15481e
Author: Bastien ROUCARIÈS <roucaries.bastien@gmail.com>
Date:   Sat Dec 28 22:00:39 2013 +0100

    Add detection of well known statistic website
    
    Add detection tag for well known statistic website.
    
    signed-off-by: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
---
 checks/files.desc                                   | 21 ++++++++++++++++++++-
 checks/files.pm                                     |  4 ++--
 data/files/privacy-breaker-fragments                |  7 ++++---
 data/files/privacy-breaker-websites                 |  9 +++++----
 debian/changelog                                    |  4 +++-
 .../files-privacybreach/debian/src/statcounter.xml  | 11 +++++++++++
 .../files-privacybreach/debian/src/statcounter2.js  |  4 ++++
 t/tests/files-privacybreach/desc                    |  1 +
 t/tests/files-privacybreach/tags                    |  2 ++
 9 files changed, 52 insertions(+), 11 deletions(-)

diff --git a/checks/files.desc b/checks/files.desc
index 9e1f4d8..470f737 100644
--- a/checks/files.desc
+++ b/checks/files.desc
@@ -952,7 +952,7 @@ Info: This package creates a privacy breach by using Google Adsense.
  distributable in Debian, and thus a serious bug.
 
 Tag: privacy-breach-piwik
-Severity: important
+Severity: serious
 Certainty: possible
 Info: This package creates a privacy breach by using piwik.
  Piwik is a free and open source web analytics application.
@@ -960,6 +960,25 @@ Info: This package creates a privacy breach by using piwik.
  Even if piwik is free and respect the "do not track" browser
  option, it is nevertheless a breach on our user privacy.
 
+Tag: privacy-breach-statistics-website
+Severity: important
+Certainty: possible
+Info: This package creates a privacy breach by fetching some
+ data from external website in order to made visitor statistics.
+ .
+ Please remove these scripts from the local copy of the page.
+ .
+ Please ask upstream to use free software piwik that respect
+ "do not track" browser option.
+ .
+ This tag include the following website:
+ - cruel-carlota.pagodabox.com
+ - linkexchange.com (defunct)
+ - nedstatbasic.net
+ - statcounter.com
+ - sitemeter.com
+ - webstats.motigo.com
+
 Tag: privacy-breach-w3c-valid-html
 Severity: serious
 Certainty: possible
diff --git a/checks/files.pm b/checks/files.pm
index 2198896..ee26931 100644
--- a/checks/files.pm
+++ b/checks/files.pm
@@ -42,11 +42,11 @@ my $MULTIARCH_DIRS = Lintian::Data->new('common/multiarch-dirs', qr/\s++/,
 
 my $PRIVACY_BREAKER_WEBSITES
   = Lintian::Data->new('files/privacy-breaker-websites',
-    qr/\s*\~\~/o,sub { return qr/$_[1]/ism });
+    qr/\s*\~\~/o,sub { return qr/$_[1]/xism });
 
 my $PRIVACY_BREAKER_FRAGMENTS
   = Lintian::Data->new('files/privacy-breaker-fragments',
-    qr/\s*\~\~/o,sub { return qr/$_[1]/ism });
+    qr/\s*\~\~/o,sub { return qr/$_[1]/xism });
 
 my $COMPRESS_FILE_EXTENSIONS
   = Lintian::Data->new('files/compressed-file-extensions',
diff --git a/data/files/privacy-breaker-fragments b/data/files/privacy-breaker-fragments
index c9dc368..7db5dfc 100644
--- a/data/files/privacy-breaker-fragments
+++ b/data/files/privacy-breaker-fragments
@@ -1,10 +1,11 @@
 # Manually maintained table of well known privacy breakers html/js fragment
 # syntax:
-#   key ~~regex
+#   key ~~regex (xism)
 #
 # Note spaces on the right hand side of ~~ are assumed to be a part
 # of the regex.
 #
 # Please keep this sorted by tag.
-privacy-breach-google-adsense  ~~(?:google_ad_client\s*=|[\"\']\.?google-analytics.com/ga.js[\"\']|urchinTracker\s*\(\s*\)\s*;)
-privacy-breach-piwik           ~~(?:piwik_url\s*=|pkBaseURL\s*=|[\'"]piwik\.js[\'\"]|End\s+Piwik\h+(?:Tag|Code)|[\'\"]setTrackerUrl[\'\"])
+privacy-breach-google-adsense     ~~(?:google_ad_client\s*=|[\"\']\.?google-analytics.com/ga.js[\"\']|urchinTracker\s*\(\s*\)\s*;)
+privacy-breach-piwik              ~~(?:piwik_url\s*=|pkBaseURL\s*=|[\'"]piwik\.js[\'\"]|End\s+Piwik\h+(?:Tag|Code)|[\'\"]setTrackerUrl[\'\"])
+privacy-breach-statistics-website ~~(?:var\s+sc_project\s*=\s*\d+\s*;)
\ No newline at end of file
diff --git a/data/files/privacy-breaker-websites b/data/files/privacy-breaker-websites
index 0e670e9..f5908bd 100644
--- a/data/files/privacy-breaker-websites
+++ b/data/files/privacy-breaker-websites
@@ -1,11 +1,12 @@
 # Manually maintained table of well known privacy breakers site
 # syntax:
-#   key ~~regex
+#   key ~~regex (xism)
 #
 # Note spaces on the right hand side of ~~ are assumed to be a part
 # of the regex.
 #
 # Please keep this sorted by tag.
-privacy-breach-google-adsense	~~^(?:[^\./]+\.)?(?:googlesyndication\.com/pagead/show_ads\.js|google-analytics\.com/(?:ga|urchin)\.js)
-privacy-breach-piwik            ~~/piwik\.php\?
-privacy-breach-w3c-valid-html   ~~^(?:[^\./]+\.)?w3.org/Icons/valid-(?:[^/]+)?$
+privacy-breach-google-adsense	  ~~^(?:[^\./]+\.)?(?:googlesyndication\.com/pagead/show_ads\.js|google-analytics\.com/(?:ga|urchin)\.js)
+privacy-breach-piwik              ~~/piwik\.php\?
+privacy-breach-w3c-valid-html     ~~^(?:[^\./]+\.)?w3.org/Icons/valid-(?:[^/]+)?$
+privacy-breach-statistics-website ~~^(?:[^\./]+\.)?(?:cruel-carlota.pagodabox.com|linkexchange.com|nedstatbasic.net|statcounter.com|sitemeter.com|webstats.motigo.com)(?:/|$)
diff --git a/debian/changelog b/debian/changelog
index c6efaef..14de117 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -53,9 +53,11 @@ lintian (2.5.21) UNRELEASED; urgency=medium
   * data/files/obsolete-paths:
     + [BR] Add /etc/X11/fonts/X11R7 as obsolete path (Closes: #646872).
 
-  * data/files/privacy-breaker-website
+  * data/files/privacy-breaker-{fragments,websites}
     + [BR] Add w3c website valid x?html icons.
     + [BR] Add piwik detection.
+    + [BR] Add detection of well known statistics websites.
+    
 
   * data/rules/rules-should-not-use:
     + [BR] Detect use of $(_) variable in debian/rules (Closes: #585495).
diff --git a/t/tests/files-privacybreach/debian/src/statcounter.xml b/t/tests/files-privacybreach/debian/src/statcounter.xml
new file mode 100644
index 0000000..49b9736
--- /dev/null
+++ b/t/tests/files-privacybreach/debian/src/statcounter.xml
@@ -0,0 +1,11 @@
+<!-- Start of StatCounter Code -->
+<script type="text/javascript" language="javascript">
+ <!--
+    var sc_project=895001;
+    var sc_invisible=1;
+    var sc_partition=7;
+    var sc_security="5ea85181";
+//-->
+</script>
+<script type="text/javascript" language="javascript" src="http://www.statcounter.com/counter/counter.js";></script><noscript><a href="http://www.statcounter.com/"; target="_blank"><img  src="http://c8.statcounter.com/counter.php?sc_project=895001&amp;java=0&amp;security=5ea85181&amp;invisible=1"; alt="counter stats" border="0"></a> </noscript>
+<!-- End of StatCounter Code -->
\ No newline at end of file
diff --git a/t/tests/files-privacybreach/debian/src/statcounter2.js b/t/tests/files-privacybreach/debian/src/statcounter2.js
new file mode 100644
index 0000000..c0533cb
--- /dev/null
+++ b/t/tests/files-privacybreach/debian/src/statcounter2.js
@@ -0,0 +1,4 @@
+var sc_project=895001;
+var sc_invisible=1;
+var sc_partition=7;
+var sc_security="5ea85181";
\ No newline at end of file
diff --git a/t/tests/files-privacybreach/desc b/t/tests/files-privacybreach/desc
index 754cd93..111b302 100644
--- a/t/tests/files-privacybreach/desc
+++ b/t/tests/files-privacybreach/desc
@@ -6,4 +6,5 @@ Test-For:
  privacy-breach-generic
  privacy-breach-google-adsense
  privacy-breach-piwik
+ privacy-breach-statistics-website
  privacy-breach-w3c-valid-html
diff --git a/t/tests/files-privacybreach/tags b/t/tests/files-privacybreach/tags
index 547b9e4..dd756c1 100644
--- a/t/tests/files-privacybreach/tags
+++ b/t/tests/files-privacybreach/tags
@@ -7,6 +7,8 @@ E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/urchi
 E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/urchinloader.js
 E: files-privacybreach: privacy-breach-piwik usr/share/files-privacybreach/html/piwik.html
 E: files-privacybreach: privacy-breach-piwik usr/share/files-privacybreach/html/piwikvariant.html
+E: files-privacybreach: privacy-breach-statistics-website usr/share/htmlfragment/statcounter.xml
+E: files-privacybreach: privacy-breach-statistics-website usr/share/javascript/statcounter2.js
 E: files-privacybreach: privacy-breach-w3c-valid-html usr/share/files-privacybreach/html/htmlvalid.html
 X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/applet.html 1984.os/trackme
 X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/div.html trackme.1984/index-2.html

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git

Reply to:

References:
- [lintian] branch master updated (7e5c15f -> 2724343)
  - From: Bastien ROUCARIES <broucaries-guest@moszumanska.debian.org>

Prev by Date: [lintian] branch master updated (7e5c15f -> 2724343)
Next by Date: [lintian] 01/02: Detect piwik privacy breach
Previous by thread: [lintian] branch master updated (7e5c15f -> 2724343)
Next by thread: [lintian] 01/02: Detect piwik privacy breach
Index(es):
- Date
- Thread