From cdb98b14c46f95c54e3b6c6092e6e97dd5d213bf Mon Sep 17 00:00:00 2001
From: Lova ANDRIARIMALALA <43842786+Xpirix@users.noreply.github.com>
Date: Mon, 22 Apr 2024 14:10:48 +0300
Subject: [PATCH 1/2] Show the path for forbidden dir in child folder
---
qgis-app/plugins/tests/test_validator.py | 29 ++++++++++++++++++++----
qgis-app/plugins/validator.py | 12 ++++++++--
2 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/qgis-app/plugins/tests/test_validator.py b/qgis-app/plugins/tests/test_validator.py
index 7a0e7e4e..2129dd79 100644
--- a/qgis-app/plugins/tests/test_validator.py
+++ b/qgis-app/plugins/tests/test_validator.py
@@ -157,7 +157,10 @@ def test_zipfile_with_MACOSX(self, mock_namelist):
mock_namelist.return_value = ["__MACOSX/"]
with self.assertRaisesMessage(
Exception,
- ("For security reasons, zip file cannot contain " "'__MACOSX' directory"),
+ (
+ "For security reasons, zip file cannot contain '__MACOSX' directory. "
+ "However, it has been found in your root folder."
+ ),
):
validator(self.package)
@@ -167,8 +170,20 @@ def test_zipfile_with_pycache(self, mock_namelist):
with self.assertRaisesMessage(
Exception,
(
- "For security reasons, zip file cannot contain "
- "'__pycache__' directory"
+ "For security reasons, zip file cannot contain '__pycache__' directory. "
+ "However, it has been found in your root folder."
+ ),
+ ):
+ validator(self.package)
+
+ @mock.patch("zipfile.ZipFile.namelist")
+ def test_zipfile_with_pycache_in_children(self, mock_namelist):
+ mock_namelist.return_value = ["path/to/__pycache__/"]
+ with self.assertRaisesMessage(
+ Exception,
+ (
+ "For security reasons, zip file cannot contain '__pycache__' directory. "
+ "However, it has been found at 'path/to/__pycache__/' ."
),
):
validator(self.package)
@@ -178,7 +193,10 @@ def test_zipfile_with_git(self, mock_namelist):
mock_namelist.return_value = [".git"]
with self.assertRaisesMessage(
Exception,
- ("For security reasons, zip file cannot contain " "'.git' directory"),
+ (
+ "For security reasons, zip file cannot contain '.git' directory. "
+ "However, it has been found in your root folder."
+ ),
):
validator(self.package)
@@ -191,7 +209,8 @@ def test_zipfile_with_gitignore(self, mock_namelist):
exception = cm.exception
self.assertNotEqual(
exception.message,
- "For security reasons, zip file cannot contain '.git' directory",
+ "For security reasons, zip file cannot contain '.git' directory. ",
+ "However, it has been found in your root folder."
)
diff --git a/qgis-app/plugins/validator.py b/qgis-app/plugins/validator.py
index e1482bd4..3988fa08 100644
--- a/qgis-app/plugins/validator.py
+++ b/qgis-app/plugins/validator.py
@@ -189,11 +189,19 @@ def validator(package):
_("For security reasons, zip file cannot contain .pyc file")
)
for forbidden_dir in ["__MACOSX", ".git", "__pycache__"]:
- if forbidden_dir in zname.split("/"):
+ dir_name_list = zname.split("/")
+ if forbidden_dir in dir_name_list:
+ if forbidden_dir == dir_name_list[0]:
+ raise ValidationError(
+ _(
+ "For security reasons, zip file "
+ "cannot contain '%s' directory. However, it has been found in your root folder." % (forbidden_dir,)
+ )
+ )
raise ValidationError(
_(
"For security reasons, zip file "
- "cannot contain '%s' directory" % (forbidden_dir,)
+ "cannot contain '%s' directory. However, it has been found at '%s' ." % (forbidden_dir, zname)
)
)
bad_file = zip.testzip()
From 498b2067c2b6216abab04c2925a39742090bb7df Mon Sep 17 00:00:00 2001
From: Lova ANDRIARIMALALA <43842786+Xpirix@users.noreply.github.com>
Date: Tue, 23 Apr 2024 08:07:49 +0300
Subject: [PATCH 2/2] Improve the error message for forbidden dir in the root
of the archive
---
qgis-app/plugins/tests/test_validator.py | 8 ++++----
qgis-app/plugins/validator.py | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/qgis-app/plugins/tests/test_validator.py b/qgis-app/plugins/tests/test_validator.py
index 2129dd79..6c23ac36 100644
--- a/qgis-app/plugins/tests/test_validator.py
+++ b/qgis-app/plugins/tests/test_validator.py
@@ -159,7 +159,7 @@ def test_zipfile_with_MACOSX(self, mock_namelist):
Exception,
(
"For security reasons, zip file cannot contain '__MACOSX' directory. "
- "However, it has been found in your root folder."
+ "However, there is one present at the root of the archive."
),
):
validator(self.package)
@@ -171,7 +171,7 @@ def test_zipfile_with_pycache(self, mock_namelist):
Exception,
(
"For security reasons, zip file cannot contain '__pycache__' directory. "
- "However, it has been found in your root folder."
+ "However, there is one present at the root of the archive."
),
):
validator(self.package)
@@ -195,7 +195,7 @@ def test_zipfile_with_git(self, mock_namelist):
Exception,
(
"For security reasons, zip file cannot contain '.git' directory. "
- "However, it has been found in your root folder."
+ "However, there is one present at the root of the archive."
),
):
validator(self.package)
@@ -210,7 +210,7 @@ def test_zipfile_with_gitignore(self, mock_namelist):
self.assertNotEqual(
exception.message,
"For security reasons, zip file cannot contain '.git' directory. ",
- "However, it has been found in your root folder."
+ "However, there is one present at the root of the archive."
)
diff --git a/qgis-app/plugins/validator.py b/qgis-app/plugins/validator.py
index 3988fa08..a19aa143 100644
--- a/qgis-app/plugins/validator.py
+++ b/qgis-app/plugins/validator.py
@@ -195,7 +195,7 @@ def validator(package):
raise ValidationError(
_(
"For security reasons, zip file "
- "cannot contain '%s' directory. However, it has been found in your root folder." % (forbidden_dir,)
+ "cannot contain '%s' directory. However, there is one present at the root of the archive." % (forbidden_dir,)
)
)
raise ValidationError(