2016-01-25 12:52:18 +01:00
#!/usr/bin/env python3
2017-01-31 09:15:18 +01:00
# -*- coding: utf8 -*-
2016-01-25 12:52:18 +01:00
import sys
import os
2016-12-23 18:06:44 +01:00
import re
2016-01-25 12:52:18 +01:00
import json
2017-08-31 02:01:29 +02:00
import shlex
import urllib . request
import codecs
2020-03-31 19:17:54 +02:00
import subprocess
2020-04-08 02:35:03 +02:00
import time
2017-08-31 02:01:29 +02:00
reader = codecs . getreader ( " utf-8 " )
2016-01-25 12:52:18 +01:00
2020-03-31 21:15:08 +02:00
# ############################################################################
# Helper list
# ############################################################################
# Generated March 31st using:
# cat /path/to/yunohost/data/helpers.d/* | grep "^ynh_" | tr -d '(){ ' > helperlist
# for HELPER in $(cat helperlist); do REQUIRE=$(grep -whB1 "^$HELPER" /path/to/yunohost/data/helpers.d/* | grep Requires | grep -o -E "[0-9].[0-9].[0-9]"); echo "'$HELPER': '$REQUIRE'",; done
official_helpers = {
' ynh_wait_dpkg_free ' : ' 3.3.1 ' ,
' ynh_package_is_installed ' : ' 2.2.4 ' ,
' ynh_package_version ' : ' 2.2.4 ' ,
' ynh_apt ' : ' 2.4.0 ' ,
' ynh_package_update ' : ' 2.2.4 ' ,
' ynh_package_install ' : ' 2.2.4 ' ,
' ynh_package_remove ' : ' 2.2.4 ' ,
' ynh_package_autoremove ' : ' 2.2.4 ' ,
' ynh_package_autopurge ' : ' 2.7.2 ' ,
' ynh_package_install_from_equivs ' : ' 2.2.4 ' ,
' ynh_install_app_dependencies ' : ' 2.6.4 ' ,
' ynh_remove_app_dependencies ' : ' 2.6.4 ' ,
' ynh_backup ' : ' 2.4.0 ' ,
' ynh_restore ' : ' 2.6.4 ' ,
' ynh_restore_file ' : ' 2.6.4 ' ,
' ynh_bind_or_cp ' : ' ' ,
' ynh_store_file_checksum ' : ' 2.6.4 ' ,
' ynh_backup_if_checksum_is_different ' : ' 2.6.4 ' ,
' ynh_delete_file_checksum ' : ' 3.3.1 ' ,
' ynh_backup_before_upgrade ' : ' 2.7.2 ' ,
' ynh_restore_upgradebackup ' : ' 2.7.2 ' ,
' ynh_add_fail2ban_config ' : ' 3.5.0 ' ,
' ynh_remove_fail2ban_config ' : ' 3.5.0 ' ,
' ynh_handle_getopts_args ' : ' 3.2.2 ' ,
' ynh_die ' : ' 2.4.0 ' ,
' ynh_print_info ' : ' 3.2.0 ' ,
' ynh_no_log ' : ' 2.6.4 ' ,
' ynh_print_log ' : ' 3.2.0 ' ,
' ynh_print_warn ' : ' 3.2.0 ' ,
' ynh_print_err ' : ' 3.2.0 ' ,
' ynh_exec_err ' : ' 3.2.0 ' ,
' ynh_exec_warn ' : ' 3.2.0 ' ,
' ynh_exec_warn_less ' : ' 3.2.0 ' ,
' ynh_exec_quiet ' : ' 3.2.0 ' ,
' ynh_exec_fully_quiet ' : ' 3.2.0 ' ,
' ynh_print_OFF ' : ' 3.2.0 ' ,
' ynh_print_ON ' : ' 3.2.0 ' ,
' ynh_script_progression ' : ' 3.5.0 ' ,
' ynh_return ' : ' 3.6.0 ' ,
' ynh_debug ' : ' 3.5.0 ' ,
' ynh_debug_exec ' : ' 3.5.0 ' ,
' ynh_use_logrotate ' : ' 2.6.4 ' ,
' ynh_remove_logrotate ' : ' 2.6.4 ' ,
' ynh_mysql_connect_as ' : ' 2.2.4 ' ,
' ynh_mysql_execute_as_root ' : ' 2.2.4 ' ,
' ynh_mysql_execute_file_as_root ' : ' 2.2.4 ' ,
' ynh_mysql_create_db ' : ' 2.2.4 ' ,
' ynh_mysql_drop_db ' : ' 2.2.4 ' ,
' ynh_mysql_dump_db ' : ' 2.2.4 ' ,
' ynh_mysql_create_user ' : ' 2.2.4 ' ,
' ynh_mysql_user_exists ' : ' 2.2.4 ' ,
' ynh_mysql_drop_user ' : ' 2.2.4 ' ,
' ynh_mysql_setup_db ' : ' 2.6.4 ' ,
' ynh_mysql_remove_db ' : ' 2.6.4 ' ,
' ynh_find_port ' : ' 2.6.4 ' ,
' ynh_port_available ' : ' ' ,
' ynh_validate_ip ' : ' 2.2.4 ' ,
' ynh_validate_ip4 ' : ' 2.2.4 ' ,
' ynh_validate_ip6 ' : ' 2.2.4 ' ,
' ynh_add_nginx_config ' : ' 2.7.2 ' ,
' ynh_remove_nginx_config ' : ' 2.7.2 ' ,
' ynh_install_n ' : ' 2.7.1 ' ,
' ynh_use_nodejs ' : ' 2.7.1 ' ,
' ynh_install_nodejs ' : ' 2.7.1 ' ,
' ynh_remove_nodejs ' : ' 2.7.1 ' ,
' ynh_cron_upgrade_node ' : ' 2.7.1 ' ,
' ynh_add_fpm_config ' : ' 2.7.2 ' ,
' ynh_remove_fpm_config ' : ' 2.7.2 ' ,
' ynh_psql_connect_as ' : ' 3.5.0 ' ,
' ynh_psql_execute_as_root ' : ' 3.5.0 ' ,
' ynh_psql_execute_file_as_root ' : ' 3.5.0 ' ,
' ynh_psql_create_db ' : ' 3.5.0 ' ,
' ynh_psql_drop_db ' : ' 3.5.0 ' ,
' ynh_psql_dump_db ' : ' 3.5.0 ' ,
' ynh_psql_create_user ' : ' 3.5.0 ' ,
' ynh_psql_user_exists ' : ' ' ,
' ynh_psql_database_exists ' : ' ' ,
' ynh_psql_drop_user ' : ' 3.5.0 ' ,
' ynh_psql_setup_db ' : ' ' ,
' ynh_psql_remove_db ' : ' ' ,
' ynh_psql_test_if_first_run ' : ' ' ,
' ynh_app_setting_get ' : ' 2.2.4 ' ,
' ynh_app_setting_set ' : ' 2.2.4 ' ,
' ynh_app_setting_delete ' : ' 2.2.4 ' ,
' ynh_add_skipped_uris ' : ' 3.6.0 ' ,
' ynh_add_unprotected_uris ' : ' 3.6.0 ' ,
' ynh_add_protected_uris ' : ' 3.6.0 ' ,
' ynh_app_setting ' : ' ' ,
' ynh_webpath_available ' : ' 2.6.4 ' ,
' ynh_webpath_register ' : ' 2.6.4 ' ,
' ynh_permission_create ' : ' 3.7.0 ' ,
' ynh_permission_delete ' : ' 3.7.0 ' ,
' ynh_permission_exists ' : ' 3.7.0 ' ,
' ynh_permission_url ' : ' 3.7.0 ' ,
' ynh_permission_update ' : ' 3.7.0 ' ,
' ynh_string_random ' : ' 2.2.4 ' ,
' ynh_replace_string ' : ' 2.6.4 ' ,
' ynh_replace_special_string ' : ' 2.7.7 ' ,
' ynh_sanitize_dbid ' : ' 2.2.4 ' ,
' ynh_normalize_url_path ' : ' 2.6.4 ' ,
' ynh_add_systemd_config ' : ' 2.7.2 ' ,
' ynh_remove_systemd_config ' : ' 2.7.2 ' ,
' ynh_systemd_action ' : ' ' ,
' ynh_clean_check_starting ' : ' ' ,
' ynh_user_exists ' : ' 2.2.4 ' ,
' ynh_user_get_info ' : ' 2.2.4 ' ,
' ynh_user_list ' : ' 2.4.0 ' ,
' ynh_system_user_exists ' : ' 2.2.4 ' ,
' ynh_system_group_exists ' : ' ' ,
' ynh_system_user_create ' : ' 2.6.4 ' ,
' ynh_system_user_delete ' : ' 2.6.4 ' ,
' ynh_exit_properly ' : ' ' ,
' ynh_abort_if_errors ' : ' 2.6.4 ' ,
' ynh_setup_source ' : ' 2.6.4 ' ,
' ynh_local_curl ' : ' 2.6.4 ' ,
' ynh_render_template ' : ' ' ,
' ynh_get_debian_release ' : ' 2.7.1 ' ,
' ynh_mkdir_tmp ' : ' ' ,
' ynh_secure_remove ' : ' 2.6.4 ' ,
' ynh_get_plain_key ' : ' 2.2.4 ' ,
' ynh_read_manifest ' : ' 3.5.0 ' ,
' ynh_app_upstream_version ' : ' 3.5.0 ' ,
' ynh_app_package_version ' : ' 3.5.0 ' ,
' ynh_check_app_version_changed ' : ' 3.5.0 ' ,
}
2016-11-03 19:09:07 +01:00
2019-01-28 23:33:27 +01:00
# ############################################################################
# Utilities
# ############################################################################
2019-03-09 19:54:55 +01:00
# Taken from https://stackoverflow.com/a/49518779
def check_for_duplicate_keys ( ordered_pairs ) :
dict_out = { }
for key , val in ordered_pairs :
if key in dict_out :
print_warning ( " Duplicated key ' %s ' in %s " % ( key , ordered_pairs ) )
else :
dict_out [ key ] = val
return dict_out
2019-01-28 23:33:27 +01:00
2016-01-25 12:52:18 +01:00
class c :
2019-01-28 23:33:27 +01:00
HEADER = ' \033 [94m '
2016-11-03 19:09:07 +01:00
OKBLUE = ' \033 [94m '
OKGREEN = ' \033 [92m '
WARNING = ' \033 [93m '
2017-08-31 02:01:29 +02:00
MAYBE_FAIL = ' \033 [96m '
2016-11-03 19:09:07 +01:00
FAIL = ' \033 [91m '
END = ' \033 [0m '
BOLD = ' \033 [1m '
UNDERLINE = ' \033 [4m '
2016-01-25 12:52:18 +01:00
2019-01-28 23:33:27 +01:00
def header ( app ) :
print ( """
[ { header } { bold } YunoHost App Package Linter { end } ]
App packaging documentation - https : / / yunohost . org / #/packaging_apps
App package example - https : / / github . com / YunoHost / example_ynh
Official helpers - https : / / yunohost . org / #/packaging_apps_helpers_en
Experimental helpers - https : / / github . com / YunoHost - Apps / Experimental_helpers
2020-03-31 21:28:38 +02:00
If you believe this linter returns false negative ( warnings / errors which shouldn ' t happen),
please report them on https : / / github . com / YunoHost / package_linter / issues
2019-01-28 23:33:27 +01:00
Analyzing package { header } { app } { end } """
. format ( header = c . HEADER , bold = c . BOLD , end = c . END , app = app ) )
def print_header ( str ) :
print ( " \n [ " + c . BOLD + c . HEADER + str . title ( ) + c . END + " ] \n " )
2016-11-03 19:09:07 +01:00
2016-01-25 12:52:18 +01:00
2019-04-19 16:58:57 +02:00
def print_warning_not_reliable ( str ) :
print ( c . MAYBE_FAIL + " ? " , str , c . END )
2016-11-03 19:09:07 +01:00
2016-01-25 12:52:18 +01:00
2020-03-31 04:40:00 +02:00
warning_count = 0
2017-08-31 02:01:29 +02:00
def print_warning ( str ) :
2020-03-31 04:40:00 +02:00
global warning_count
warning_count + = 1
2017-08-31 02:01:29 +02:00
print ( c . WARNING + " ! " , str , c . END )
2020-03-31 04:40:00 +02:00
error_count = 0
2019-04-19 16:58:57 +02:00
def print_error ( str ) :
2020-03-31 04:40:00 +02:00
global error_count
error_count + = 1
2019-04-19 16:58:57 +02:00
print ( c . FAIL + " ✘ " , str , c . END )
2017-08-31 02:01:29 +02:00
2020-03-31 04:40:00 +02:00
def print_happy ( str ) :
print ( c . OKGREEN + " ☺ " , str , " ♥ " )
2017-08-31 02:01:29 +02:00
def urlopen ( url ) :
try :
conn = urllib . request . urlopen ( url )
except urllib . error . HTTPError as e :
return { ' content ' : ' ' , ' code ' : e . code }
except urllib . error . URLError as e :
print ( ' URLError ' )
return { ' content ' : conn . read ( ) . decode ( ' UTF8 ' ) , ' code ' : 200 }
2016-11-03 19:09:07 +01:00
2016-01-25 12:52:18 +01:00
2019-01-28 23:33:27 +01:00
def file_exists ( file_path ) :
return os . path . isfile ( file_path ) and os . stat ( file_path ) . st_size > 0
2016-11-03 19:09:07 +01:00
2020-03-31 04:27:41 +02:00
def spdx_licenses ( ) :
cachefile = " .spdx_licenses "
2020-04-08 02:35:03 +02:00
if os . path . exists ( cachefile ) and time . time ( ) - os . path . getmtime ( cachefile ) < 3600 :
2020-03-31 04:27:41 +02:00
return open ( cachefile ) . read ( )
link = " https://spdx.org/licenses/ "
content = urlopen ( link ) [ ' content ' ]
open ( cachefile , " w " ) . write ( content )
return content
2016-01-25 12:52:18 +01:00
2019-01-28 23:33:27 +01:00
# ############################################################################
# Actual high-level checks
# ############################################################################
2020-03-31 05:45:51 +02:00
scriptnames = [ " _common.sh " , " install " , " remove " , " upgrade " , " backup " , " restore " ]
2019-03-02 01:19:40 +01:00
class App ( ) :
def __init__ ( self , path ) :
print_header ( " LOADING APP " )
self . path = path
2020-03-31 05:45:51 +02:00
self . scripts = { f : Script ( self . path , f ) for f in scriptnames }
2019-01-28 23:33:27 +01:00
2019-03-02 01:43:29 +01:00
def analyze ( self ) :
2016-12-18 02:37:07 +01:00
2020-03-31 21:15:08 +02:00
self . check_manifest ( )
2019-03-02 01:43:29 +01:00
self . misc_file_checks ( )
2020-03-31 21:15:08 +02:00
self . check_helpers_usage ( )
2019-03-02 01:43:29 +01:00
2020-03-31 05:45:51 +02:00
for script in [ self . scripts [ s ] for s in scriptnames if self . scripts [ s ] . exists ] :
script . analyze ( )
2019-03-02 01:43:29 +01:00
2020-03-31 21:15:08 +02:00
def check_helpers_usage ( self ) :
print_header ( " HELPERS USAGE " )
# Check for custom helpers definition that are now official...
cmd = " grep -IhEro ' ynh_ \ w+ * \ ( * \ ) ' ' %s /scripts ' | tr -d ' () ' " % self . path
custom_helpers = subprocess . check_output ( cmd , shell = True ) . decode ( ' utf-8 ' ) . strip ( ) . split ( " \n " )
custom_helpers = [ c . split ( " __ " ) [ 0 ] for c in custom_helpers ]
for custom_helper in custom_helpers :
if custom_helper in official_helpers . keys ( ) :
print_warning ( " %s is now an official helper since version ' %s ' " % ( custom_helper , official_helpers [ custom_helper ] or ' ? ' ) )
# Check for helpers usage that do not match version required in manifest...
if self . yunohost_version_req :
2020-04-03 14:48:45 +02:00
cmd = " grep -IhEro ' ynh_ \ w+ ' ' %s /scripts ' " % self . path
2020-03-31 21:15:08 +02:00
helpers_used = subprocess . check_output ( cmd , shell = True ) . decode ( ' utf-8 ' ) . strip ( ) . split ( " \n " )
helpers_used = sorted ( set ( helpers_used ) )
manifest_req = [ int ( i ) for i in self . yunohost_version_req . strip ( " >= " ) . split ( ' . ' ) ] + [ 0 , 0 , 0 ]
def validate_version_requirement ( helper_req ) :
if helper_req == ' ' :
return True
helper_req = [ int ( i ) for i in helper_req . split ( ' . ' ) ]
for i in range ( 0 , len ( helper_req ) ) :
if helper_req [ i ] == manifest_req [ i ] :
continue
return helper_req [ i ] < = manifest_req [ i ]
return True
for helper in [ h for h in helpers_used if h in official_helpers . keys ( ) ] :
if helper in custom_helpers :
continue
helper_req = official_helpers [ helper ]
if not validate_version_requirement ( helper_req ) :
major_diff = manifest_req [ 0 ] > int ( helper_req [ 0 ] )
message = " Using official helper %s implies requiring at least version %s , but manifest only requires %s " % ( helper , helper_req , self . yunohost_version_req )
if major_diff :
print_error ( message )
else :
print_warning ( message )
2019-03-02 01:43:29 +01:00
def misc_file_checks ( self ) :
print_header ( " MISC FILE CHECKS " )
#
# Check for recommended and mandatory files
#
filenames = ( " manifest.json " , " LICENSE " , " README.md " ,
" scripts/install " , " scripts/remove " ,
" scripts/upgrade " ,
" scripts/backup " , " scripts/restore " )
non_mandatory = ( " script/backup " , " script/restore " )
for filename in filenames :
if file_exists ( self . path + " / " + filename ) :
continue
elif filename in non_mandatory :
print_warning ( " Consider adding a file %s " % filename )
else :
2020-03-31 04:29:12 +02:00
print_error ( " Providing a %s is mandatory " % filename )
2019-03-02 01:43:29 +01:00
#
# Deprecated php-fpm.ini thing
#
if file_exists ( self . path + " /conf/php-fpm.ini " ) :
2019-03-02 02:06:43 +01:00
print_warning (
" Using a separate php-fpm.ini file is deprecated. "
" Please merge your php-fpm directives directly in the pool file. "
" (c.f. https://github.com/YunoHost-Apps/nextcloud_ynh/issues/138 ) "
)
2019-03-02 01:43:29 +01:00
#
2020-04-08 01:50:29 +02:00
# Source management
#
source_dir = os . path . join ( self . path , " sources " )
if os . path . exists ( source_dir ) \
and len ( [ name for name in os . listdir ( source_dir ) if os . path . isfile ( os . path . join ( source_dir , name ) ) ] ) > 5 :
print_warning (
" [YEP-3.3] Upstream app sources shouldn ' t be stored in this ' sources ' folder of this git repository as a copy/paste \n "
" During installation, the package should download sources from upstream via ' ynh_setup_source ' . \n "
" See the helper documentation. "
" Original discussion happened here : "
" https://github.com/YunoHost/issues/issues/201#issuecomment-391549262 "
)
#
2019-03-09 18:38:37 +01:00
# Analyze nginx conf
# - Deprecated usage of 'add_header' in nginx conf
# - Spot path traversal issue vulnerability
2019-03-02 01:43:29 +01:00
#
2020-03-31 21:22:35 +02:00
for filename in os . listdir ( self . path + " /conf " ) if os . path . exists ( self . path + " /conf " ) else [ ] :
2019-03-09 18:38:37 +01:00
# Ignore subdirs or filename not containing nginx in the name
if not os . path . isfile ( self . path + " /conf/ " + filename ) or " nginx " not in filename :
2019-03-02 01:43:29 +01:00
continue
2019-03-09 18:38:37 +01:00
#
# 'add_header' usage
#
2019-03-02 01:43:29 +01:00
content = open ( self . path + " /conf/ " + filename ) . read ( )
if " location " in content and " add_header " in content :
2019-03-02 02:06:43 +01:00
print_warning (
" Do not use ' add_header ' in the nginx conf. Use ' more_set_headers ' instead. "
" (See https://www.peterbe.com/plog/be-very-careful-with-your-add_header-in-nginx "
" and https://github.com/openresty/headers-more-nginx-module#more_set_headers ) "
)
2019-03-02 01:43:29 +01:00
2019-03-09 18:38:37 +01:00
#
# Path traversal issues
#
2019-03-20 18:32:53 +01:00
def find_location_with_alias ( locationblock ) :
if locationblock [ 0 ] [ 0 ] != " location " :
return
location = locationblock [ 0 ] [ - 1 ]
for line in locationblock [ 1 ] :
instruction = line [ 0 ]
if instruction == " alias " :
2019-03-20 20:32:30 +01:00
yield ( location , line )
2019-03-20 18:32:53 +01:00
elif isinstance ( instruction , list ) and instruction and instruction [ 0 ] == " location " :
yield from find_location_with_alias ( instruction )
else :
continue
def find_path_traversal_issue ( nginxconf ) :
for block in nginxconf :
2019-03-20 20:32:30 +01:00
for location , alias in find_location_with_alias ( block ) :
alias_path = alias [ - 1 ]
2019-03-20 21:59:04 +01:00
# For path traversal issues to occur, both of those are needed :
# - location /foo { (*without* a / after foo)
# - alias /var/www/foo/ (*with* a / after foo)
#
# Note that we also consider a positive the case where
# the alias folder (e.g. /var/www/foo/) does not ends
# with / if __FINALPATH__ ain't used ... that probably
# means that the app is not using the standard nginx
# helper, and therefore it is likely to be replaced by
# something ending with / ...
if not location . endswith ( " / " ) \
and ( alias_path . endswith ( " / " ) or " __FINALPATH__ " not in alias_path ) :
2019-03-20 18:32:53 +01:00
yield location
2020-03-31 19:17:54 +02:00
do_path_traversal_check = False
try :
import pyparsing , six
do_path_traversal_check = True
except :
# If inside a venv, try to magically install pyparsing
if ' VIRTUAL_ENV ' in os . environ :
try :
print ( " (Trying to auto install pyparsing...) " )
subprocess . check_output ( " pip3 install pyparsing six " , shell = True )
import pyparsing
print ( " Ok! " )
do_path_traversal_check = True
except Exception as e :
print ( " Failed :[ : %s " % str ( e ) )
if not do_path_traversal_check :
print ( " N.B.: The package linter need you to run ' pip3 install pyparsing six ' if you want it to be able to check for path traversal issue in nginx confs " )
if do_path_traversal_check :
from lib . nginxparser import nginxparser
2020-03-31 20:06:03 +02:00
try :
nginxconf = nginxparser . load ( open ( self . path + " /conf/ " + filename ) )
except Exception as e :
print_warning_not_reliable ( " Could not parse nginx conf ... : " + str ( e ) )
nginxconf = [ ]
2020-03-31 19:17:54 +02:00
for location in find_path_traversal_issue ( nginxconf ) :
2020-04-03 04:39:06 +02:00
print_warning (
2020-03-31 19:17:54 +02:00
" The nginx configuration (especially location %s ) "
" appears vulnerable to path traversal issues as explained in \n "
" https://www.acunetix.com/vulnerabilities/web/path-traversal-via-misconfigured-nginx-alias/ \n "
" To fix it, look at the first lines of the nginx conf of the example app : \n "
" https://github.com/YunoHost/example_ynh/blob/master/conf/nginx.conf " % location
)
2019-03-09 18:38:37 +01:00
2019-03-02 02:24:13 +01:00
def check_helper_consistency ( self ) :
"""
check if ynh_install_app_dependencies is present in install / upgrade / restore
so dependencies are up to date after restoration or upgrade
"""
install_script = self . scripts [ " install " ]
if install_script . exists :
if install_script . contains ( " ynh_install_app_dependencies " ) :
for name in [ " upgrade " , " restore " ] :
if self . scripts [ name ] . exists and not self . scripts [ name ] . contains ( " ynh_install_app_dependencies " ) :
print_warning ( " ynh_install_app_dependencies should also be in %s script " % name )
if install_script . contains ( " yunohost service add " ) :
if self . scripts [ " remove " ] . exists and not self . scripts [ " remove " ] . contains ( " yunohost service remove " ) :
print_error (
" You used ' yunohost service add ' in the install script, "
" but not ' yunohost service remove ' in the remove script. "
)
2019-03-02 01:43:29 +01:00
def check_manifest ( self ) :
manifest = os . path . join ( self . path , ' manifest.json ' )
if not os . path . exists ( manifest ) :
return
print_header ( " MANIFEST " )
"""
Check if there is no comma syntax issue
"""
2016-12-18 02:37:07 +01:00
2019-03-02 01:43:29 +01:00
try :
with open ( manifest , encoding = ' utf-8 ' ) as data_file :
2019-03-09 19:54:55 +01:00
manifest = json . loads ( data_file . read ( ) , object_pairs_hook = check_for_duplicate_keys )
2019-03-02 01:43:29 +01:00
except :
2019-03-02 02:06:43 +01:00
print_error ( " [YEP-2.1] Syntax (comma) or encoding issue with manifest.json. Can ' t check file. " )
2016-12-18 02:37:07 +01:00
2019-03-02 01:43:29 +01:00
fields = ( " name " , " id " , " packaging_format " , " description " , " url " , " version " ,
" license " , " maintainer " , " requirements " , " multi_instance " ,
" services " , " arguments " )
2016-12-18 02:37:07 +01:00
2019-03-02 01:43:29 +01:00
for field in fields :
if field not in manifest :
print_warning ( " [YEP-2.1] \" " + field + " \" field is missing " )
"""
Check values in keys
"""
2016-12-18 02:37:07 +01:00
2019-03-02 01:43:29 +01:00
if " packaging_format " not in manifest :
print_error ( " [YEP-2.1] \" packaging_format \" key is missing " )
elif not isinstance ( manifest [ " packaging_format " ] , int ) :
print_error ( " [YEP-2.1] \" packaging_format \" : value isn ' t an integer type " )
elif manifest [ " packaging_format " ] != 1 :
print_error ( " [YEP-2.1] \" packaging_format \" field: current format value is ' 1 ' " )
# YEP 1.1 Name is app
if " id " in manifest :
if not re . match ( ' ^[a-z1-9]((_|-)?[a-z1-9])+$ ' , manifest [ " id " ] ) :
2019-03-02 02:06:43 +01:00
print_error ( " [YEP-1.1] ' id ' field ' %s ' should respect this regex ' ^[a-z1-9]((_|-)?[a-z1-9])+$ ' " )
2019-03-02 01:43:29 +01:00
if " name " in manifest :
if len ( manifest [ " name " ] ) > 22 :
2019-03-02 02:06:43 +01:00
print_warning (
" [YEP-1.1] The ' name ' field shouldn ' t be too long to be able to be with one line in the app list. "
" The most current bigger name is actually compound of 22 characters. "
)
2019-03-02 01:43:29 +01:00
# YEP 1.3 License
2019-03-02 02:24:13 +01:00
def license_mentionned_in_readme ( path ) :
2019-03-02 01:43:29 +01:00
readme_path = os . path . join ( path , ' README.md ' )
if os . path . isfile ( readme_path ) :
return " LICENSE " in open ( readme_path ) . read ( )
return False
if " license " in manifest :
for license in manifest [ ' license ' ] . replace ( ' & ' , ' , ' ) . split ( ' , ' ) :
code_license = ' <code property= " spdx:licenseId " > ' + license + ' </code> '
if license == " nonfree " :
2019-03-02 02:06:43 +01:00
print_warning ( " [YEP-1.3] The correct value for non free license in license field is ' non-free ' and not ' nonfree ' " )
2019-03-02 01:43:29 +01:00
license = " non-free "
if license in [ " free " , " non-free " , " dep-non-free " ] :
if not license_mentionned_in_readme ( self . path ) :
2019-03-02 02:06:43 +01:00
print_warning (
" [YEP-1.3] The use of ' %s ' in license field implies "
" to write something about the license in your README.md " % ( license )
)
2019-03-02 01:43:29 +01:00
if license in [ " non-free " , " dep-non-free " ] :
2019-03-02 02:06:43 +01:00
print_warning (
" [YEP-1.3] ' non-free ' apps can ' t be officialized. "
" Their integration is still being discussed, especially for apps with non-free dependencies "
)
2020-03-31 04:27:41 +02:00
elif code_license not in spdx_licenses ( ) :
2019-03-02 02:06:43 +01:00
print_warning (
" [YEP-1.3] The license ' %s ' is not registered in https://spdx.org/licenses/ . "
" It can be a typo error. If not, you should replace it by ' free ' "
" or ' non-free ' and give some explanations in the README.md. " % ( license )
)
2019-03-02 01:43:29 +01:00
# YEP 1.4 Inform if we continue to maintain the app
# YEP 1.5 Update regularly the app status
# YEP 1.6 Check regularly the evolution of the upstream
2020-04-08 02:35:03 +02:00
# YEP 1.2 Put the app in a weel known repo
2019-03-02 01:43:29 +01:00
# YEP 1.7 - Add an app to the YunoHost-Apps organization
if " id " in manifest :
2020-04-08 02:35:03 +02:00
cachefile = " ./.apps.json "
if os . path . exists ( cachefile ) and time . time ( ) - os . path . getmtime ( cachefile ) < 3600 :
app_list = open ( cachefile ) . read ( )
else :
app_list_url = " https://raw.githubusercontent.com/YunoHost/apps/master/apps.json "
app_list = urlopen ( app_list_url ) [ ' content ' ]
open ( cachefile , " w " ) . write ( app_list )
app_list = json . loads ( app_list )
if manifest [ " id " ] not in app_list :
print_warning ( " [YEP-1.2] This app is not registered in our applications list " )
all_urls = [ infos . get ( " url " , " " ) . lower ( ) for infos in app_list . values ( ) ]
repo_org = " https://github.com/YunoHost-Apps/ %s _ynh " % ( manifest [ " id " ] )
repo_brique = " https://github.com/labriqueinternet/ %s _ynh " % ( manifest [ " id " ] )
if repo_org . lower ( ) not in all_urls and repo_brique . lower ( ) not in all_urls :
is_not_added_to_org = urlopen ( repo_org ) [ ' code ' ] == 404
is_not_added_to_brique = urlopen ( repo_brique ) [ ' code ' ] == 404
if is_not_added_to_org and is_not_added_to_brique :
print_warning ( " [YEP-1.7] You should add your app in the YunoHost-Apps organisation. " )
2019-03-02 01:43:29 +01:00
# YEP 1.8 Publish test request
# YEP 1.9 Document app
if " description " in manifest :
descr = manifest [ " description " ]
if isinstance ( descr , dict ) :
descr = descr . get ( " en " , None )
2019-03-09 19:54:55 +01:00
if descr is None or descr == " " or descr == manifest . get ( " name " , None ) :
2019-03-02 02:06:43 +01:00
print_warning (
" [YEP-1.9] You should write a good description of the app, "
" at least in english (1 line is enough). "
)
2019-03-02 01:43:29 +01:00
2019-04-25 23:14:45 +02:00
if len ( descr ) > 150 :
print_warning (
" [YEP-1.9] Please use a shorter description (or the rendering on the webadmin / app list will be messy ...). Just describe in consise terms what the app is / does. "
)
2019-03-02 01:43:29 +01:00
elif " for yunohost " in descr . lower ( ) :
2019-03-02 02:06:43 +01:00
print_warning (
" [YEP-1.9] The ' description ' should explain what the app actually does. "
" No need to say that it is ' for YunoHost ' - this is a YunoHost app "
" so of course we know it is for YunoHost ;-). "
)
2019-03-02 01:43:29 +01:00
# TODO test a specific template in README.md
# YEP 1.10 Garder un historique de version propre
# YEP 1.11 Cancelled
# YEP 2.1
if " multi_instance " in manifest and manifest [ " multi_instance " ] != 1 and manifest [ " multi_instance " ] != 0 :
print_error (
" [YEP-2.1] \" multi_instance \" field must be boolean type values ' true ' or ' false ' and not string type " )
2019-02-27 13:47:26 +01:00
if " services " in manifest and self . scripts [ " install " ] . exists :
known_services = ( " nginx " , " mysql " , " uwsgi " , " metronome " ,
" php5-fpm " , " php7.0-fpm " , " php-fpm " ,
" postfix " , " dovecot " , " rspamd " )
2019-03-02 01:43:29 +01:00
for service in manifest [ " services " ] :
2019-02-27 13:47:26 +01:00
if service not in known_services :
if not self . scripts [ " install " ] . contains ( " yunohost service add %s " % service ) :
print_error ( " [YEP-2.1?] " + service + " service not installed by the install file but present in the manifest " )
2019-03-02 01:43:29 +01:00
if " install " in manifest [ " arguments " ] :
recognized_types = ( " domain " , " path " , " boolean " , " app " , " password " , " user " , " string " )
for argument in manifest [ " arguments " ] [ " install " ] :
2019-03-27 14:52:10 +01:00
if " optional " in argument . keys ( ) :
if not isinstance ( argument [ " optional " ] , bool ) :
print_warning ( " The key ' optional ' value for setting %s should be a boolean (true or false) " % argument [ " name " ] )
2019-03-02 01:43:29 +01:00
if " type " not in argument . keys ( ) :
2019-03-02 02:06:43 +01:00
print_warning (
" [YEP-2.1] You should specify the type of the argument ' %s ' . "
" You can use : %s . " % ( argument [ " name " ] , ' , ' . join ( recognized_types ) )
)
2019-03-02 01:43:29 +01:00
elif argument [ " type " ] not in recognized_types :
2019-03-02 02:06:43 +01:00
print_warning (
" [YEP-2.1] The type ' %s ' for argument ' %s ' is not recognized... "
" it probably doesn ' t behave as you expect ? Choose among those instead : %s " % ( argument [ " type " ] , argument [ " name " ] , ' , ' . join ( recognized_types ) )
)
2019-03-02 01:43:29 +01:00
if " choices " in argument . keys ( ) :
choices = [ c . lower ( ) for c in argument [ " choices " ] ]
if len ( choices ) == 2 :
if ( " true " in choices and " false " in choices ) or ( " yes " in choices and " no " in choices ) :
2019-03-02 02:06:43 +01:00
print_warning (
" Argument %s : you might want to simply use a boolean-type argument. "
" No need to specify the choices list yourself. " % argument [ " name " ]
)
2019-03-02 01:43:29 +01:00
2019-03-09 17:52:08 +01:00
if argument [ " name " ] == " is_public " and " help " not in argument . keys ( ) :
2020-03-31 04:28:53 +02:00
print_warning_not_reliable (
2019-03-09 17:52:08 +01:00
" Consider adding an ' help ' key for argument ' is_public ' "
" to explain to the user what it means for *this* app "
" to be public or private : \n "
' " help " : { \n '
' " en " : " Some explanation " \n '
' } ' )
2019-03-02 01:43:29 +01:00
if " url " in manifest and manifest [ " url " ] . endswith ( " _ynh " ) :
2019-03-02 02:06:43 +01:00
print_warning (
" ' url ' is not meant to be the url of the yunohost package, "
" but rather the website or repo of the upstream app itself... "
)
2016-11-03 19:09:07 +01:00
2020-03-31 21:15:08 +02:00
self . yunohost_version_req = manifest . get ( " requirements " , { } ) . get ( " yunohost " , None )
2019-03-09 20:26:30 +01:00
2016-01-25 12:52:18 +01:00
2019-02-23 20:14:56 +01:00
class Script ( ) :
def __init__ ( self , app_path , name ) :
self . name = name
2019-04-19 17:42:40 +02:00
self . app_path = app_path
2019-02-23 20:14:56 +01:00
self . path = app_path + " /scripts/ " + name
self . exists = file_exists ( self . path )
if not self . exists :
return
2019-03-02 01:19:40 +01:00
self . lines = list ( self . read_file ( ) )
2019-02-23 20:14:56 +01:00
def read_file ( self ) :
with open ( self . path ) as f :
lines = f . readlines ( )
# Remove trailing spaces, empty lines and comment lines
lines = [ line . strip ( ) for line in lines ]
lines = [ line for line in lines if line and not line . startswith ( ' # ' ) ]
# Merge lines when ending with \
lines = ' \n ' . join ( lines ) . replace ( " \\ \n " , " " ) . split ( " \n " )
2019-04-19 16:58:57 +02:00
some_parsing_failed = False
2019-02-23 20:14:56 +01:00
for line in lines :
2019-02-27 13:47:26 +01:00
2019-02-23 20:14:56 +01:00
try :
line = shlex . split ( line , True )
yield line
except Exception as e :
2019-04-19 16:58:57 +02:00
if not some_parsing_failed :
print ( " Some lines could not be parsed in script %s . (That ' s probably not really critical) " % self . name )
some_parsing_failed = True
print_warning_not_reliable ( " %s : %s " % ( e , line ) )
2019-03-02 01:19:40 +01:00
2019-02-23 20:14:56 +01:00
def contains ( self , command ) :
"""
Iterate on lines to check if command is contained in line
For instance , " app setting " is contained in " yunohost app setting $app ... "
"""
return any ( command in line
2019-02-27 13:47:26 +01:00
for line in [ ' ' . join ( line ) for line in self . lines ] )
2019-02-23 20:14:56 +01:00
2020-03-31 04:30:11 +02:00
def containsregex ( self , regex ) :
"""
Iterate on lines to check if command is contained in line
For instance , " app setting " is contained in " yunohost app setting $app ... "
"""
2020-04-03 15:32:30 +02:00
return any ( re . search ( regex , line )
2020-03-31 04:30:11 +02:00
for line in [ ' ' . join ( line ) for line in self . lines ] )
2019-02-23 20:14:56 +01:00
def analyze ( self ) :
print_header ( self . name . upper ( ) + " SCRIPT " )
2019-03-02 02:24:13 +01:00
self . check_set_usage ( )
self . check_helper_usage_dependencies ( )
self . check_deprecated_practices ( )
2019-02-23 20:14:56 +01:00
2019-03-02 02:10:54 +01:00
def check_set_usage ( self ) :
2020-03-31 05:45:51 +02:00
if self . name == " _common.sh " :
return
2019-03-02 02:10:54 +01:00
present = False
if self . name in [ " backup " , " remove " ] :
present = self . contains ( " ynh_abort_if_errors " ) or self . contains ( " set -eu " )
else :
present = self . contains ( " ynh_abort_if_errors " )
if self . name == " remove " :
# Remove script shouldn't use set -eu or ynh_abort_if_errors
if present :
print_error (
" [YEP-2.4] set -eu or ynh_abort_if_errors is present. "
" If there is a crash, it could put yunohost system in "
" a broken state. For details, look at "
" https://github.com/YunoHost/issues/issues/419 "
)
elif not present :
print_error (
" [YEP-2.4] ynh_abort_if_errors is missing. For details, "
" look at https://github.com/YunoHost/issues/issues/419 "
)
def check_helper_usage_dependencies ( self ) :
"""
Detect usage of ynh_package_ * & apt - get *
and suggest herlpers ynh_install_app_dependencies and ynh_remove_app_dependencies
"""
2020-03-31 05:45:51 +02:00
# Skip this in common.sh, sometimes custom not-yet-official helpers need this
if self . name == " _common.sh " :
return
2019-03-02 02:10:54 +01:00
if self . contains ( " ynh_package_install " ) or self . contains ( " apt-get install " ) :
print_warning (
" You should not use `ynh_package_install` or `apt-get install`, "
" use `ynh_install_app_dependencies` instead "
)
if self . contains ( " ynh_package_remove " ) or self . contains ( " apt-get remove " ) :
print_warning (
" You should not use `ynh_package_remove` or `apt-get remove`, "
" use `ynh_remove_app_dependencies` instead "
)
def check_deprecated_practices ( self ) :
if self . contains ( " yunohost app setting " ) :
2020-03-31 05:26:03 +02:00
print_error ( " Do not use ' yunohost app setting ' directly. Please use ' ynh_app_setting_(set,get,delete) ' instead. " )
2019-03-02 02:10:54 +01:00
if self . contains ( " yunohost app checkurl " ) :
2020-03-31 05:26:03 +02:00
print_error ( " ' yunohost app checkurl ' is obsolete!!! Please use ' ynh_webpath_register ' instead. " )
2019-03-02 02:10:54 +01:00
if self . contains ( " yunohost app checkport " ) :
2020-03-31 05:26:03 +02:00
print_error ( " ' yunohost app checkport ' is obsolete!!! Please use ' ynh_find_port ' instead. " )
2019-03-02 02:10:54 +01:00
if self . contains ( " yunohost app initdb " ) :
2020-03-31 05:26:03 +02:00
print_error ( " ' yunohost app initdb ' is obsolete!!! Please use ' ynh_mysql_setup_db ' instead. " )
2019-03-02 02:10:54 +01:00
if self . contains ( " exit " ) :
print_warning ( " ' exit ' command shouldn ' t be used. Please use ' ynh_die ' instead. " )
2020-03-31 04:30:57 +02:00
2020-03-31 18:44:50 +02:00
if self . contains ( " yunohost service regen-conf " ) :
print_warning ( " ' yunohost tools regen-conf ' has been replaced by ' yunohost tools regen-conf ' . " )
2020-03-31 04:30:57 +02:00
# Dirty hack to check only the 10 last lines for ssowatconf
# (the "bad" practice being using this at the very end of the script, but some apps legitimately need this in the middle of the script)
oldlines = list ( self . lines )
self . lines = self . lines [ - 10 : ]
2019-04-29 20:23:50 +02:00
if self . contains ( " yunohost app ssowatconf " ) :
print_warning ( " You probably don ' t need to run ' yunohost app ssowatconf ' in the app script. It ' s supposed to be ran automatically after the script. " )
2020-03-31 04:30:57 +02:00
self . lines = oldlines
2019-03-02 02:10:54 +01:00
if self . contains ( " rm -rf " ) :
print_error ( " [YEP-2.12] You should avoid using ' rm -rf ' , please use ' ynh_secure_remove ' instead " )
2020-04-03 15:32:30 +02:00
if self . containsregex ( r " sed \ s+(-i|--in-place) \ s+(-r \ s+)?s " ) or self . containsregex ( r " sed \ s+s \ S* \ s+(-i|--in-place) " ) :
print_warning ( " [YEP-2.12] You should avoid using ' sed -i ' for substitutions, please use ' ynh_replace_string ' instead " )
2020-03-31 04:30:11 +02:00
if self . containsregex ( r " sudo \ w " ) : # \w is here to not match sudo -u, legit use because ynh_exec_as not official yet...
2019-03-02 02:10:54 +01:00
print_warning (
" [YEP-2.12] You should not need to use ' sudo ' , the script is being run as root. "
" (If you need to run a command using a specific user, use ' ynh_exec_as ' ) "
)
if self . contains ( " dd if=/dev/urandom " ) or self . contains ( " openssl rand " ) :
print_warning (
" Instead of ' dd if=/dev/urandom ' or ' openssl rand ' , "
" you might want to use ynh_string_random "
)
if self . contains ( " systemctl restart nginx " ) or self . contains ( " service nginx restart " ) :
print_error (
" Restarting nginx is quite dangerous (especially for web installs) "
" and should be avoided at all cost. Use ' reload ' instead. "
)
if self . name == " install " and not self . contains ( " ynh_print_info " ) and not self . contains ( " ynh_script_progression " ) :
print_warning (
" Please add a few messages for the user, to explain what is going on "
" (in friendly, not-too-technical terms) during the installation. "
" You can use ' ynh_print_info ' or ' ynh_script_progression ' for this. "
)
2019-04-19 17:42:40 +02:00
if self . name == " install " :
if self . contains ( " /etc/apt/sources.list " ) \
2019-05-24 14:20:24 +02:00
or ( os . path . exists ( self . app_path + " /scripts/_common.sh " ) and " /etc/apt/sources.list " in open ( self . app_path + " /scripts/_common.sh " ) . read ( ) and " ynh_add_repo " not in open ( self . app_path + " /scripts/_common.sh " ) . read ( ) ) :
2019-04-19 17:58:12 +02:00
print_error (
2019-04-19 17:42:40 +02:00
" [YEP-3.7] Manually messing with apt ' s sources.lists is strongly discouraged "
" and should be avoided. Please consider alternatives like using a .deb directly "
" or using experimental helpers (c.f. "
2019-05-24 14:20:24 +02:00
" https://github.com/YunoHost-Apps/Experimental_helpers/tree/master/ynh_add_extra_apt_repos ) "
2019-04-19 17:42:40 +02:00
)
2019-03-09 19:36:52 +01:00
2020-04-08 01:43:08 +02:00
helpers_after_official = subprocess . check_output ( " head -n 30 %s | grep -A 10 ' ^ *source */usr/share/yunohost/helpers ' | grep ' ^ *source ' | tail -n +2 " % self . path , shell = True ) . decode ( " utf-8 " )
helpers_after_official = helpers_after_official . replace ( " source " , " " ) . replace ( " " , " " ) . strip ( )
if helpers_after_official :
helpers_after_official = helpers_after_official . split ( " \n " )
print_warning ( " Please avoid sourcing additional helpers after the official helpers (in this case file %s ) " % " , " . join ( helpers_after_official ) )
2019-03-09 17:39:00 +01:00
if self . name in [ " backup " , " restore " ] :
if self . contains ( " source _common.sh " ) or self . contains ( " source ./_common.sh " ) :
2019-03-19 00:10:26 +01:00
print_warning ( " In the context of backup and restore script, you should load _common.sh with \" source ../settings/scripts/_common.sh \" " )
2019-02-25 23:24:28 +01:00
2019-03-02 02:24:13 +01:00
2019-01-28 23:33:27 +01:00
def main ( ) :
2016-11-03 19:09:07 +01:00
if len ( sys . argv ) != 2 :
print ( " Give one app package path. " )
exit ( )
2016-12-18 02:37:07 +01:00
2016-11-03 19:09:07 +01:00
app_path = sys . argv [ 1 ]
header ( app_path )
2019-03-02 01:43:29 +01:00
App ( app_path ) . analyze ( )
2019-02-25 23:24:28 +01:00
2020-03-31 04:40:00 +02:00
if error_count > 0 :
sys . exit ( 1 )
elif warning_count > 3 :
print ( " Still some warnings to be fixed :s " )
elif warning_count > 0 :
print ( " Only %s warning remaining! You can do it! " % warning_count )
else :
print_happy ( " Not even a warning! Congratz and thank you for keeping that package up to date with good practices ! " )
2019-01-28 23:33:27 +01:00
if __name__ == ' __main__ ' :
main ( )