Bug#814326: Warn if filenames contain wildcard characters (*?)
Hi Jakub, Thanks for the review. :) > "Certainty: certain" seems wrong to me. Updated. > +if ($fname =~ m,[\*\?],) { > > You don't need backslashes here (and IMO they hurt readability). Updated. I tried without but they "looked" wrong without being escaped (they usually are, so it came across as a mistake), but no strong feelings and deferring to an actual Lintian maintainer. Updated patch attached. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- >From 95b7c75133961abb3e15f9b602ccbad750bc8d78 Mon Sep 17 00:00:00 2001 From: Chris LambDate: Sat, 27 Aug 2016 11:39:10 +0100 Subject: [PATCH] c/files: Warn if file name contains shell wildcard characters. (Closes: #814326) Signed-off-by: Chris Lamb --- checks/files.desc | 8 checks/files.pm | 4 t/tests/files-wildcard-characters/debian/.coverage| 0 t/tests/files-wildcard-characters/debian/debian/rules | 11 +++ t/tests/files-wildcard-characters/desc| 6 ++ t/tests/files-wildcard-characters/tags| 2 ++ 6 files changed, 31 insertions(+) create mode 100644 t/tests/files-wildcard-characters/debian/.coverage create mode 100755 t/tests/files-wildcard-characters/debian/debian/rules create mode 100644 t/tests/files-wildcard-characters/desc create mode 100644 t/tests/files-wildcard-characters/tags diff --git a/checks/files.desc b/checks/files.desc index 5ddc26b..8efd01b 100644 --- a/checks/files.desc +++ b/checks/files.desc @@ -1675,6 +1675,14 @@ Info: The given file is in PATH but consists of non-ASCII characters. Note that Lintian may be unable to display the filename accurately. Unprintable characters may have been replaced. +Tag: file-name-contains-wildcard-character +Severity: normal +Certainty: possible +Info: The file name contains shell wildcard characters. + . + These are most likely unexpanded wildcard characters from (for example) + debian/*.install files, or it may have been installed by accident. + Tag: incorrect-naming-of-pkcs11-module Severity: important Certainty: certain diff --git a/checks/files.pm b/checks/files.pm index b546cf9..0266311 100644 --- a/checks/files.pm +++ b/checks/files.pm @@ -364,6 +364,10 @@ sub run { tag 'file-name-is-not-valid-UTF-8', $file; } +if ($fname =~ m,[*?],) { + tag 'file-name-contains-wildcard-character', $file; +} + if ($file->is_hardlink) { my $link_target_dir = $link; $link_target_dir =~ s,[^/]*$,,; diff --git a/t/tests/files-wildcard-characters/debian/.coverage b/t/tests/files-wildcard-characters/debian/.coverage new file mode 100644 index 000..e69de29 diff --git a/t/tests/files-wildcard-characters/debian/debian/rules b/t/tests/files-wildcard-characters/debian/debian/rules new file mode 100755 index 000..c14beca --- /dev/null +++ b/t/tests/files-wildcard-characters/debian/debian/rules @@ -0,0 +1,11 @@ +#!/usr/bin/make -f + +PREFIX = $(CURDIR)/debian/files-wildcard-characters/usr/share/files-wildcard-characters + +%: + dh $@ + +override_dh_auto_install: + mkdir -p $(PREFIX) + touch $(PREFIX)/star* + touch $(PREFIX)/question-mark? diff --git a/t/tests/files-wildcard-characters/desc b/t/tests/files-wildcard-characters/desc new file mode 100644 index 000..c8a779f --- /dev/null +++ b/t/tests/files-wildcard-characters/desc @@ -0,0 +1,6 @@ +Testname: files-wildcard-characters +Sequence: 6000 +Version: 1.0 +Description: Check for wildcard characters in filenames +Test-For: + file-name-contains-wildcard-character diff --git a/t/tests/files-wildcard-characters/tags b/t/tests/files-wildcard-characters/tags new file mode 100644 index 000..d1ccd8a --- /dev/null +++ b/t/tests/files-wildcard-characters/tags @@ -0,0 +1,2 @@ +W: files-wildcard-characters: file-name-contains-wildcard-character usr/share/files-wildcard-characters/question-mark? +W: files-wildcard-characters: file-name-contains-wildcard-character usr/share/files-wildcard-characters/star* -- 2.9.3
Bug#814326: Warn if filenames contain wildcard characters (*?)
tags 814326 + patch thanks Patch attached. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- From ef3df20be90a63fc6be0ade9087230d480def336 Mon Sep 17 00:00:00 2001 From: Chris LambDate: Thu, 25 Aug 2016 12:23:34 +0100 Subject: [PATCH] c/files: Warn if file name contains shell wildcard characters. (Closes: #814326) Signed-off-by: Chris Lamb --- checks/files.desc | 8 checks/files.pm | 4 t/tests/files-wildcard-characters/debian/.coverage| 0 t/tests/files-wildcard-characters/debian/debian/rules | 11 +++ t/tests/files-wildcard-characters/desc| 6 ++ t/tests/files-wildcard-characters/tags| 2 ++ 6 files changed, 31 insertions(+) create mode 100644 t/tests/files-wildcard-characters/debian/.coverage create mode 100755 t/tests/files-wildcard-characters/debian/debian/rules create mode 100644 t/tests/files-wildcard-characters/desc create mode 100644 t/tests/files-wildcard-characters/tags diff --git a/checks/files.desc b/checks/files.desc index 5ddc26b..6d78088 100644 --- a/checks/files.desc +++ b/checks/files.desc @@ -1675,6 +1675,14 @@ Info: The given file is in PATH but consists of non-ASCII characters. Note that Lintian may be unable to display the filename accurately. Unprintable characters may have been replaced. +Tag: file-name-contains-wildcard-character +Severity: normal +Certainty: certain +Info: The file name contains shell wildcard characters. + . + These are most likely unexpanded wildcard characters from (for example) + debian/*.install files, or it may have been installed by accident. + Tag: incorrect-naming-of-pkcs11-module Severity: important Certainty: certain diff --git a/checks/files.pm b/checks/files.pm index b546cf9..a1c52bf 100644 --- a/checks/files.pm +++ b/checks/files.pm @@ -364,6 +364,10 @@ sub run { tag 'file-name-is-not-valid-UTF-8', $file; } +if ($fname =~ m,[\*\?],) { + tag 'file-name-contains-wildcard-character', $file; +} + if ($file->is_hardlink) { my $link_target_dir = $link; $link_target_dir =~ s,[^/]*$,,; diff --git a/t/tests/files-wildcard-characters/debian/.coverage b/t/tests/files-wildcard-characters/debian/.coverage new file mode 100644 index 000..e69de29 diff --git a/t/tests/files-wildcard-characters/debian/debian/rules b/t/tests/files-wildcard-characters/debian/debian/rules new file mode 100755 index 000..c14beca --- /dev/null +++ b/t/tests/files-wildcard-characters/debian/debian/rules @@ -0,0 +1,11 @@ +#!/usr/bin/make -f + +PREFIX = $(CURDIR)/debian/files-wildcard-characters/usr/share/files-wildcard-characters + +%: + dh $@ + +override_dh_auto_install: + mkdir -p $(PREFIX) + touch $(PREFIX)/star* + touch $(PREFIX)/question-mark? diff --git a/t/tests/files-wildcard-characters/desc b/t/tests/files-wildcard-characters/desc new file mode 100644 index 000..c8a779f --- /dev/null +++ b/t/tests/files-wildcard-characters/desc @@ -0,0 +1,6 @@ +Testname: files-wildcard-characters +Sequence: 6000 +Version: 1.0 +Description: Check for wildcard characters in filenames +Test-For: + file-name-contains-wildcard-character diff --git a/t/tests/files-wildcard-characters/tags b/t/tests/files-wildcard-characters/tags new file mode 100644 index 000..d1ccd8a --- /dev/null +++ b/t/tests/files-wildcard-characters/tags @@ -0,0 +1,2 @@ +W: files-wildcard-characters: file-name-contains-wildcard-character usr/share/files-wildcard-characters/question-mark? +W: files-wildcard-characters: file-name-contains-wildcard-character usr/share/files-wildcard-characters/star* -- 2.9.3
Bug#814326: Warn if filenames contain wildcard characters (*?)
Package: lintian Version: 2.5.40.2 Severity: wishlist Hi, I think lintian should complain if files in .deb files contain * or ? characters. These are most likely unexpanded wildcard characters from debian/*.install files or the like. There might legitimate uses for these filenames, but these will probably warrant an explicit override. A current apt-file search yields these (most duplicates removed): $ apt-file search '*' chise-db: /usr/lib/xemacs-21.4.15/etc/chise-db/feature/->ancient*sources chise-db: /usr/lib/xemacs-21.4.15/etc/chise-db/feature/=>ucs* chise-db: /usr/lib/xemacs-21.4.15/etc/chise-db/feature/name* clanlib-doc: /usr/share/doc/clanlib-doc/Reference/html/CL_FunctionSlot_v0__(*Callback)().html clanlib-doc: /usr/share/doc/clanlib-doc/Reference/html/CL_GLFunctions__*).html clanlib-doc: /usr/share/doc/clanlib-doc/Reference/html/CL_GLFunctions__**params).html clanlib-doc: /usr/share/doc/clanlib-doc/Reference/html/CL_GLFunctions__**pointer).html coq-theories: /usr/share/doc/coq-theories/html/index_abbreviation_*.html cppreference-doc-en-html: /usr/share/cppreference/doc/html/en/cpp/experimental/fs/directory_iterator/operator*.html hol88-help: /usr/share/hol88-2.02.19940316/help/ENTRIES/*.doc postgresql-contrib-9.5: /usr/share/doc/postgresql-contrib-*/autoinc.example $ apt-file search '?' chise-db: /usr/lib/xemacs-21.4.15/etc/chise-db/feature/cns-radical? ucblogo: /usr/share/ucblogo/logolib/?rest ucblogo: /usr/share/ucblogo/logolib/file? w3-recs: /usr/share/doc/w3-recs/html/www.w3.org/TR/2008/REC-SVGTiny12-20081222/relaxng/index.html?C=D;O=A.html I haven't checked the contents, but if I had to guess, only cpp's "operator*" looks like a valid file name, but even in that case that's unclear. (I'm submitting this because postgresql-contrib-9.5's example directory completely escaped my testing, and a lintian warning (or error) would have catched it.) Thanks, Christoph -- c...@df7cb.de | http://www.df7cb.de/ signature.asc Description: PGP signature