[lintian] 03/03: Really detect // tricks
This is an automated email from the git hooks/post-receive script.
broucaries-guest pushed a commit to branch master
in repository lintian.
commit 5850722bb3bc17c9bf40b08321aab783ab0431ce
Author: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
Date: Mon May 25 19:46:06 2015 +0200
Really detect // tricks
Detect external ressource that begin with //
---
checks/files.pm | 7 ++++-
data/files/privacy-breaker-tag-attr | 32 +++++++++++-----------
.../debian/src/privacy-breach-generic/applet.html | 1 +
.../debian/src/privacy-breach-generic/div.html | 4 +++
.../debian/src/privacy-breach-generic/embed.html | 2 +-
.../debian/src/privacy-breach-generic/frame.html | 1 +
.../privacy-breach-generic/link-double-slash.xml | 1 -
t/tests/files-privacybreach/tags | 3 ++
8 files changed, 32 insertions(+), 19 deletions(-)
diff --git a/checks/files.pm b/checks/files.pm
index bd4ee1a..27265bc 100644
--- a/checks/files.pm
+++ b/checks/files.pm
@@ -74,7 +74,7 @@ my $PRIVACY_BREAKER_TAG_ATTR= Lintian::Data->new(
qr/\s*\~\~\s*/o,
sub {
my ($keywords,$regex) = split(/\s*\~\~\s*/, $_[1], 2);
- $regex =~ s/&URL/(?:ht|f)tps?:\/\/[^"\r\n]*/g;
+ $regex =~ s/&URL/(?:(?:ht|f)tps?:)?\/\/[^"\r\n]*/g;
my @keywordlist;
my @keywordsorraw = split(/\s*\|\|\s*/,$keywords);
foreach my $keywordor (@keywordsorraw) {
@@ -2014,14 +2014,19 @@ sub detect_privacy_breach {
}
if( index($block,'src="http') > -1
||index($block,'src="ftp') > -1
+ ||index($block,'src="//') > -1
||index($block,'data-href="http') > -1
||index($block,'data-href="ftp') > -1
+ ||index($block,'data-href="//') > -1
||index($block,'codebase="http') > -1
||index($block,'codebase="ftp') > -1
+ ||index($block,'codebase="//') > -1
||index($block,'data="http') > -1
||index($block,'data="ftp') > -1
+ ||index($block,'data="//') > -1
||index($block,'poster="http') > -1
||index($block,'poster="ftp') > -1
+ ||index($block,'poster="//') > -1
||index($block,'<link') > -1
||index($block,'@import') > -1){
detect_generic_privacy_breach($block,\%privacybreachhash,$file);
diff --git a/data/files/privacy-breaker-tag-attr b/data/files/privacy-breaker-tag-attr
index 9c4f3b9..8d696d2 100644
--- a/data/files/privacy-breaker-tag-attr
+++ b/data/files/privacy-breaker-tag-attr
@@ -3,19 +3,19 @@
# in regex &URL is replaced by URL regex
# could not use @import
import ~~ @import && url ~~ (([@]import) \s+ url \s* \( \s* \"(&URL)\" \s* \) \s*;)
-applet ~~ codebase="http && <applet || codebase="ftp && <applet ~~ (<(applet) (?:\s[^>]+)? \s+ codebase="(&URL)" [^>]*>)
-div src= ~~ src="http && <div || src="ftp && <div ~~ (<(div) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
-div data-href= ~~ data-href="http && <div || data-href="ftp && <div ~~ (<(div) (?:\s[^>]+)? \s+ data-href="(&URL)" [^>]*>)
-embed ~~ src="http && <embed || src="ftp && <embed ~~ (<(embed) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
-frame ~~ src="http && <frame || src="ftp && <frame ~~ (<(frame) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
-iframe ~~ src="http && <iframe || src="ftp && <iframe ~~ (<(iframe) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
-img ~~ src="http && <img || src="ftp && <img ~~ (<(img) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
-input ~~ src="http && <input || src="ftp && <input ~~ (<(input) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
-link ~~ <link && href="http || <link && href="ftp ~~ (<(link) (?:\s[^>]+)? \s+ href="(&URL)" [^>]*>)
-object codebase= ~~ codebase="http && <object || codebase="ftp && <object ~~ (<(object) (?:\s[^>]+)? \s+ codebase="(&URL)" [^>]*>)
-object data= ~~ data="http && <object || data="ftp && <object ~~ (<(object) (?:\s[^>]+)? \s+ data="(&URL)" [^>]*>)
-script ~~ src="http && <script || src="ftp && <script ~~ (<(script) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
-source ~~ src="http && <source || src="ftp && <source ~~ (<(source) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
-track ~~ src="http && <track || src="ftp && <track ~~ (<(track) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
-video src= ~~ src="http && <video || src="ftp && <video ~~ (<(video) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
-video poster= ~~ poster="http && <video || poster="ftp && <video ~~ (<(video) (?:\s[^>]+)? \s+ poster="(&URL)" [^>]*>)
\ No newline at end of file
+applet ~~ codebase="http && <applet || codebase="ftp && <applet || codebase="// && <applet ~~ (<(applet) (?:\s[^>]+)? \s+ codebase="(&URL)" [^>]*>)
+div src= ~~ src="http && <div || src="ftp && <div || src="// && <div ~~ (<(div) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
+div data-href= ~~ data-href="http && <div || data-href="ftp && <div || data-href="// && <div ~~ (<(div) (?:\s[^>]+)? \s+ data-href="(&URL)" [^>]*>)
+embed ~~ src="http && <embed || src="ftp && <embed || src="// && <embed ~~ (<(embed) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
+frame ~~ src="http && <frame || src="ftp && <frame || src="// && <frame ~~ (<(frame) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
+iframe ~~ src="http && <iframe || src="ftp && <iframe || src="// && <iframe ~~ (<(iframe) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
+img ~~ src="http && <img || src="ftp && <img || src="// && <img ~~ (<(img) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
+input ~~ src="http && <input || src="ftp && <input || src="// && <input ~~ (<(input) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
+link ~~ <link && href="http || <link && href="ftp|| <link && href="//~~ (<(link) (?:\s[^>]+)? \s+ href="(&URL)" [^>]*>)
+object codebase= ~~ codebase="http && <object || codebase="ftp && <object || codebase="// && <object ~~ (<(object) (?:\s[^>]+)? \s+ codebase="(&URL)" [^>]*>)
+object data= ~~ data="http && <object || data="ftp && <object || data="// && <object ~~ (<(object) (?:\s[^>]+)? \s+ data="(&URL)" [^>]*>)
+script ~~ src="http && <script || src="ftp && <script || src="// && <script ~~ (<(script) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
+source ~~ src="http && <source || src="ftp && <source || src="// && <source ~~ (<(source) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
+track ~~ src="http && <track || src="ftp && <track || src="// && <track ~~ (<(track) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
+video src= ~~ src="http && <video || src="ftp && <video || src="// && <video ~~ (<(video) (?:\s[^>]+)? \s+ src="(&URL)" [^>]*>)
+video poster= ~~ poster="http && <video || poster="ftp && <video || poster="// && <video ~~ (<(video) (?:\s[^>]+)? \s+ poster="(&URL)" [^>]*>)
diff --git a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/applet.html b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/applet.html
index 866d63a..f26b5bf 100644
--- a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/applet.html
+++ b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/applet.html
@@ -1,5 +1,6 @@
<html>
<body>
<applet width=1 height=1 code="MyClass" type="application/x-java-applet;jpi-version=6" archive="myjar.jar" codebase="http://1984.os/trackme" />
+<applet width=1 height=1 code="MyClass" type="application/x-java-applet;jpi-version=6" archive="myjar.jar" codebase="//1984.os/trackme2" />
</body>
</html>
\ No newline at end of file
diff --git a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/div.html b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/div.html
index 6d703db..8ab3c60 100644
--- a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/div.html
+++ b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/div.html
@@ -5,5 +5,9 @@
<div src="http://trackme.1984/index-2.html">
Please enable javascript to track me.
</div>
+ <div src="//trackme.1984/index-3.html">
+ Please enable javascript to track me.
+ </div>
+
</body>
</html>
diff --git a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/embed.html b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/embed.html
index 43382dd..5415b0a 100644
--- a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/embed.html
+++ b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/embed.html
@@ -4,6 +4,6 @@
<embed src="helloworld.swf" />
<embed src="http://1984.os/givemydata.swf" />
-
+<embed src="//1984.os/givemydata2.swf" />
</body>
</html>
diff --git a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/frame.html b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/frame.html
index d08ca35..b6c7006 100644
--- a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/frame.html
+++ b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/frame.html
@@ -7,5 +7,6 @@
<!-- valid -->
<frame src="file://frame_b.htm">
<frame src="http://1984.os/trackme_frame_c.htm">
+ <frame src="//1984.os/trackme_frame_c.htm">
</frameset>
</html>
diff --git a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/link-double-slash.xml b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/link-double-slash.xml
deleted file mode 100644
index 9fac333..0000000
--- a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/link-double-slash.xml
+++ /dev/null
@@ -1 +0,0 @@
-<link href="//1984.org/style.css" rel="stylesheet" type="text/css" media="all">
diff --git a/t/tests/files-privacybreach/tags b/t/tests/files-privacybreach/tags
index aea35f3..24c6c2a 100644
--- a/t/tests/files-privacybreach/tags
+++ b/t/tests/files-privacybreach/tags
@@ -47,8 +47,11 @@ E: files-privacybreach: privacy-breach-statistics-website usr/share/files-privac
E: files-privacybreach: privacy-breach-twitter usr/share/files-privacy-breach/privacy-breach-twitter/awstat.xml
E: files-privacybreach: privacy-breach-twitter usr/share/files-privacy-breach/privacy-breach-twitter/official.js
E: files-privacybreach: privacy-breach-w3c-valid-html usr/share/files-privacy-breach/privacy-breach-w3c-valid-html/htmlvalid.html (http://www.w3.org/icons/valid-xhtml10)
+X: files-privacybreach: privacy-breach-generic usr/share/files-privacy-breach/privacy-breach-generic/applet.html (//1984.os/trackme2)
X: files-privacybreach: privacy-breach-generic usr/share/files-privacy-breach/privacy-breach-generic/applet.html (http://1984.os/trackme)
+X: files-privacybreach: privacy-breach-generic usr/share/files-privacy-breach/privacy-breach-generic/div.html (//trackme.1984/index-3.html)
X: files-privacybreach: privacy-breach-generic usr/share/files-privacy-breach/privacy-breach-generic/div.html (http://trackme.1984/index-2.html)
+X: files-privacybreach: privacy-breach-generic usr/share/files-privacy-breach/privacy-breach-generic/embed.html (//1984.os/givemydata2.swf)
X: files-privacybreach: privacy-breach-generic usr/share/files-privacy-breach/privacy-breach-generic/embed.html (http://1984.os/givemydata.swf)
X: files-privacybreach: privacy-breach-generic usr/share/files-privacy-breach/privacy-breach-generic/externalimg.xml (http://1984.ow/bigbrotheriswatchingyou.png)
X: files-privacybreach: privacy-breach-generic usr/share/files-privacy-breach/privacy-breach-generic/frame.html (http://1984.os/trackme_frame_c.htm)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: