diff --git a/qgis-app/plugins/tests/test_validator.py b/qgis-app/plugins/tests/test_validator.py
index 7a0e7e4e..6c23ac36 100644
--- a/qgis-app/plugins/tests/test_validator.py
+++ b/qgis-app/plugins/tests/test_validator.py
@@ -157,7 +157,10 @@ def test_zipfile_with_MACOSX(self, mock_namelist):
mock_namelist.return_value = ["__MACOSX/"]
with self.assertRaisesMessage(
Exception,
- ("For security reasons, zip file cannot contain " "'__MACOSX' directory"),
+ (
+ "For security reasons, zip file cannot contain '__MACOSX' directory. "
+ "However, there is one present at the root of the archive."
+ ),
):
validator(self.package)
@@ -167,8 +170,20 @@ def test_zipfile_with_pycache(self, mock_namelist):
with self.assertRaisesMessage(
Exception,
(
- "For security reasons, zip file cannot contain "
- "'__pycache__' directory"
+ "For security reasons, zip file cannot contain '__pycache__' directory. "
+ "However, there is one present at the root of the archive."
+ ),
+ ):
+ validator(self.package)
+
+ @mock.patch("zipfile.ZipFile.namelist")
+ def test_zipfile_with_pycache_in_children(self, mock_namelist):
+ mock_namelist.return_value = ["path/to/__pycache__/"]
+ with self.assertRaisesMessage(
+ Exception,
+ (
+ "For security reasons, zip file cannot contain '__pycache__' directory. "
+ "However, it has been found at 'path/to/__pycache__/' ."
),
):
validator(self.package)
@@ -178,7 +193,10 @@ def test_zipfile_with_git(self, mock_namelist):
mock_namelist.return_value = [".git"]
with self.assertRaisesMessage(
Exception,
- ("For security reasons, zip file cannot contain " "'.git' directory"),
+ (
+ "For security reasons, zip file cannot contain '.git' directory. "
+ "However, there is one present at the root of the archive."
+ ),
):
validator(self.package)
@@ -191,7 +209,8 @@ def test_zipfile_with_gitignore(self, mock_namelist):
exception = cm.exception
self.assertNotEqual(
exception.message,
- "For security reasons, zip file cannot contain '.git' directory",
+ "For security reasons, zip file cannot contain '.git' directory. ",
+ "However, there is one present at the root of the archive."
)
diff --git a/qgis-app/plugins/validator.py b/qgis-app/plugins/validator.py
index e1482bd4..a19aa143 100644
--- a/qgis-app/plugins/validator.py
+++ b/qgis-app/plugins/validator.py
@@ -189,11 +189,19 @@ def validator(package):
_("For security reasons, zip file cannot contain .pyc file")
)
for forbidden_dir in ["__MACOSX", ".git", "__pycache__"]:
- if forbidden_dir in zname.split("/"):
+ dir_name_list = zname.split("/")
+ if forbidden_dir in dir_name_list:
+ if forbidden_dir == dir_name_list[0]:
+ raise ValidationError(
+ _(
+ "For security reasons, zip file "
+ "cannot contain '%s' directory. However, there is one present at the root of the archive." % (forbidden_dir,)
+ )
+ )
raise ValidationError(
_(
"For security reasons, zip file "
- "cannot contain '%s' directory" % (forbidden_dir,)
+ "cannot contain '%s' directory. However, it has been found at '%s' ." % (forbidden_dir, zname)
)
)
bad_file = zip.testzip()