scanner: fix regex for matching URLs in gradle maven{} blocks

closes #465 This script generated gradle-maven-blocks.yaml: ```python import os import re import yaml pat = re.compile(r'\smaven\s*{[^}]+}') finds = set() for root, dirs, files in os.walk('.'): for f in files: if '.gradle' in f: with open(os.path.join(root, f), errors='surrogateescape') as fp: contents = fp.read() for m in pat.findall(contents): finds.add(m) with open('finds.yaml', 'w') as fp: yaml.dump(sorted(finds), fp, default_flow_style=False) ```
2025-11-04 22:40:29 +03:00 · 2020-06-03 23:40:01 +02:00 · 2020-06-03 23:40:01 +02:00 · 0837289935
commit 0837289935
parent 6590f3869e
3 changed files with 819 additions and 5 deletions
--- a/tests/scanner.TestCase
+++ b/tests/scanner.TestCase
@ -11,6 +11,7 @@ import tempfile
 import textwrap
 import unittest
 import uuid
+import yaml
 from unittest import mock

 localmodule = os.path.realpath(
@ -82,6 +83,27 @@ class ScannerTest(unittest.TestCase):
                            i += 1
            self.assertEqual(count, i)

+    def test_scan_source_files_sneaky_maven(self):
+        """Check for sneaking in banned maven repos"""
+        testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)
+        os.chdir(testdir)
+        fdroidserver.scanner.config = None
+        fdroidserver.scanner.options = mock.Mock()
+        fdroidserver.scanner.options.json = True
+        with open('build.gradle', 'w') as fp:
+            fp.write(textwrap.dedent("""
+                 maven {
+                    "https://jitpack.io"
+                    url 'https://maven.fabric.io/public'
+                 }
+                 maven {
+                    "https://maven.google.com"
+                    setUrl('https://evilcorp.com/maven')
+                 }
+            """))
+        count = fdroidserver.scanner.scan_source(testdir)
+        self.assertEqual(2, count, 'there should be this many errors')
+
    def test_scan_source_file_types(self):
        """Build product files are not allowed, test they are detected"""
        testdir = tempfile.mkdtemp(prefix=inspect.currentframe().f_code.co_name, dir=self.tmpdir)
@ -221,6 +243,20 @@ class ScannerTest(unittest.TestCase):
        self.assertTrue(os.path.exists('foo.aar'))
        self.assertFalse(os.path.exists('gradle-wrapper.jar'))

+    def test_gradle_maven_url_regex(self):
+        """Check the regex can find all the cases"""
+        with open(os.path.join(self.basedir, 'gradle-maven-blocks.yaml')) as fp:
+            data = yaml.safe_load(fp)
+
+        urls = []
+        for entry in data:
+            found = False
+            for m in fdroidserver.scanner.MAVEN_URL_REGEX.findall(entry):
+                urls.append(m)
+                found = True
+            self.assertTrue(found, 'this block should produce a URL:\n' + entry)
+        self.assertEqual(len(data), len(urls), 'each data example should produce a URL')
+

 if __name__ == "__main__":
    os.chdir(os.path.dirname(__file__))