Closed alexAubin closed 3 years ago
(because of version format)
* blogotext * zabbix * friendica * strut
Fixed on these 4 repos
Created a bunch of PR to hopefully fix the path traversal issues ..
Alrighty folks let's merge this in and move forward ... Note that it's expected some of the previously mentioned apps will fail linter because even though the issue got patched it's still only patched in 'testing' but hopefully that'll encourage people to merge the fixes in master...
Sooooo started working on this mostly because I wanted to be able to do bulk analysis of the linter results on all apps (or all level 5+ apps) to then be able to flag some stuff as errors (instead of warnings) and be able to check what apps are impacted.
For this, I needed a json output with some error-code-like flags, and ended up refactoring the entire script to have more of a atomic/unit-test-like approach (though could still be improved...) instead of huge functions calling
print()
After this, I ran a study over all the level 5+ apps to check what could / should now be reported as error ... and also what's the status of some tests like path traversal issue over all apps ...
So far this refactoring introduces the following "regressions" on currently level 5+ apps (meaning releasing this new version of the linter would decrease the level to 4) :
(because of path traversal issue) :
zaphubzillafriendicamailman(because of version format)
blogotextzabbixfriendicastrutI'm also wondering about adding a test that would flag the linter as failing if there's more than X warnings ... So far, among the 150ish apps level 5+, about 90 of them have 0, 1, or 2 warnings (congratz all the packaging folks !). If we look at the "apps with 10+ warnings" we have something like :
and I'm tempted to set the treshold at something like 15 (so 15 or more warnings = error)
Possibly I'm also wondering about report as error apps that still only request Yunohost >= 2.x (instead of 3.x or 4.x) because that may mean they are not up to date with relatively recent packaging practices (a lot happened since 2.7...) - or maybe these are just apps who do not care so much about maintaining the yunohost version requirement ...
For this we would have :
borglibretoredirectzap