When scanner.py::ScannerTool is instatiated but the calling code was
started by a call to e.g. `build.py` ScannerTool will crash. This change
makes it so that ScannerTool will intializes with a default value
instead of crashing when triging to access a non existen cli argument.
also see https://gitlab.com/fdroid/fdroidserver/-/issues/1212
In this particular case bandit was complaining about potential path
escape exploits on urlopen. However the urls are safe enough, because
all template parameters inserted into the url are from:
* config.yml - malicious changes to config.yml are possible that's
already a lot bigger issue than this than redirecting github api
calls.
* git tags witch are present in bot the local index-v2.json file (as
versionName) and the remote github API. (git tags don't allow the
string '..')
Don't deploy versions of to GitHub releases where a `releaseChannels`
value is set in index-v2.json. (This usually would mean it's a alpha or
beta version.)
Use whatsNew text (if available) as release notes text when deploying to
Github releases. This feature will always use 'en-US' locale texts,
since English is the lingua franka on GitHub. Additionally this change
also adds a config option to preprend a static text to those release
notes.
There is no longer any reason for these to be intertwined.
This deliberately avoids touching some files as much as possible because
they are super tangled and due to be replaced. Those files are:
* fdroidserver/build.py
* fdroidserver/update.py
# Conflicts:
# tests/testcommon.py
# Conflicts:
# fdroidserver/btlog.py
# fdroidserver/import_subcommand.py
For some APKs, get_certificate() was returning a different result than
apksigner and keytool. So I just took the algorithm from androguard, which
uses asn1crypto instead of pyasn1. So that removes a dependency as well.
asn1crypto is already required by androguard.
The original get_certificate() came from 6e2d0a9e1
