svn commit: r491045 - in head/security/vuxml: . files
Ryan Steinmetz
zi at FreeBSD.org
Wed Jan 23 16:03:34 UTC 2019
Author: zi
Date: Wed Jan 23 16:03:33 2019
New Revision: 491045
URL: https://svnweb.freebsd.org/changeset/ports/491045
Log:
- Add package name validation
Modified:
head/security/vuxml/Makefile
head/security/vuxml/files/extra-validation.py
Modified: head/security/vuxml/Makefile
==============================================================================
--- head/security/vuxml/Makefile Wed Jan 23 15:10:37 2019 (r491044)
+++ head/security/vuxml/Makefile Wed Jan 23 16:03:33 2019 (r491045)
@@ -3,7 +3,7 @@
PORTNAME= vuxml
PORTVERSION= 1.1
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= security textproc
MASTER_SITES= http://www.vuxml.org/dtd/vuxml-1/
DISTFILES= vuxml-10.dtd vuxml-model-10.mod \
Modified: head/security/vuxml/files/extra-validation.py
==============================================================================
--- head/security/vuxml/files/extra-validation.py Wed Jan 23 15:10:37 2019 (r491044)
+++ head/security/vuxml/files/extra-validation.py Wed Jan 23 16:03:33 2019 (r491045)
@@ -11,6 +11,7 @@ if len(sys.argv) != 2:
sys.exit(1)
re_date = re.compile(r'^(19|20)[0-9]{2}-[0-9]{2}-[0-9]{2}$')
+re_invalid_package_name = re.compile('[@!#$%^&*()<>?/\|}{~:]')
# warn if description has more than X characters
DESCRIPTION_LENGTH = 5000
@@ -88,5 +89,16 @@ for vuln in root:
if description_len > DESCRIPTION_LENGTH:
print("Warning: description too long ({0} chars, {1} is warning threshold): {2})" \
.format(description_len, DESCRIPTION_LENGTH, vid))
+
+ # Walk and validate package names
+ affects = vuln.find(namespace + "affects")
+ packages = affects.findall(namespace + "package")
+ for package in packages:
+ names = package.findall(namespace + "name")
+
+ for name in names:
+ if (re_invalid_package_name.search(name.text) is not None):
+ print("Error: invalid package name: " + name.text + " for VID " + format(vid))
+ ret = 1
sys.exit(ret)
More information about the svn-ports-all
mailing list