Bug#718427: [lintian] patch
Package: lintian
Version: 2.5.14
control: tag -1 + patch
two new tag for detecting privacy breach.
This patch workbut it will be better to use sliding windows in order to ibe immune to newline.
Bastien
From c0d16a3623cb0c356ffca6ac0359fd071d91b432 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bastien@gmail.com>
Date: Tue, 6 Aug 2013 11:03:01 +0200
Subject: [PATCH 1/2] Test google adsense privacy breach
Google adsense breach the privacy of our user. Detect such problem on installed file
---
checks/files.desc | 8 ++++++
checks/files.pm | 28 ++++++++++++++++++++
t/tests/files-privacybreach/debian/debian/install | 1 +
t/tests/files-privacybreach/debian/src/adsense.js | 12 +++++++++
.../debian/src/adsenseonlyadds.js | 1 +
.../debian/src/adsenseonlyvar.js | 12 +++++++++
t/tests/files-privacybreach/desc | 5 ++++
t/tests/files-privacybreach/tags | 3 +++
8 files changed, 70 insertions(+)
create mode 100644 t/tests/files-privacybreach/debian/debian/install
create mode 100644 t/tests/files-privacybreach/debian/src/adsense.js
create mode 100644 t/tests/files-privacybreach/debian/src/adsenseonlyadds.js
create mode 100644 t/tests/files-privacybreach/debian/src/adsenseonlyvar.js
create mode 100644 t/tests/files-privacybreach/desc
create mode 100644 t/tests/files-privacybreach/tags
diff --git a/checks/files.desc b/checks/files.desc
index 5c22059..225d280 100644
--- a/checks/files.desc
+++ b/checks/files.desc
@@ -914,6 +914,14 @@ Info: This package contains an embedded copy of JavaScript libraries
package and symlink the library into the appropriate location.
Ref: policy 4.13
+Tag: privacy-breach-google-adsense
+Severity: important
+Certainty: possible
+Info: This package create a privacy breach by fetching some data from
+ google adsense and feed some private data to google.
+ Please remove this script.
+Ref: https://wiki.debian.org/Lintian/Tags/privacy-breach-google-adsense
+
Tag: embedded-feedparser-library
Severity: normal
Certainty: certain
diff --git a/checks/files.pm b/checks/files.pm
index c5ec884..63e2fce 100644
--- a/checks/files.pm
+++ b/checks/files.pm
@@ -22,6 +22,8 @@ package Lintian::files;
use strict;
use warnings;
use autodie;
+use v5.10;
+use feature qw(switch);
use File::Basename;
@@ -1005,6 +1007,32 @@ foreach my $file ($info->sorted_index) {
}
}
+ # ---------------- html file or fragment
+ if($file =~ m,\.(?:x?html?|js|xht|xml)$,i) {
+ open(my $fd, '<', $info->unpacked($file));
+ my $googleadsensedetected = 0;
+ while (<$fd>) {
+ if(m,google_ad_client\s*=,) {
+ unless($googleadsensedetected) {
+ tag 'privacy-breach-google-adsense', $file;
+ $googleadsensedetected = 1;
+ }
+ }
+ if(m,<script\s+[^>]*?\s+src="(?:http|ftp)://(?'website'[^"]*?)"[^>]*?>,){
+ my $website=$+{website};
+ given($website) {
+ when(m,googlesyndication.com/pagead/show_ads.js,) {
+ unless($googleadsensedetected) {
+ tag 'privacy-breach-google-adsense', $file;
+ $googleadsensedetected = 1;
+ }
+ }
+ }
+ }
+ }
+ close($fd);
+ }
+
# ---------------- fonts
if ($file =~ m,/([\w-]+\.(?:[to]tf|pfb))$,i) {
my $font = lc $1;
diff --git a/t/tests/files-privacybreach/debian/debian/install b/t/tests/files-privacybreach/debian/debian/install
new file mode 100644
index 0000000..12abe36
--- /dev/null
+++ b/t/tests/files-privacybreach/debian/debian/install
@@ -0,0 +1 @@
+src/*.js /usr/share/javascript/
diff --git a/t/tests/files-privacybreach/debian/src/adsense.js b/t/tests/files-privacybreach/debian/src/adsense.js
new file mode 100644
index 0000000..da53cc1
--- /dev/null
+++ b/t/tests/files-privacybreach/debian/src/adsense.js
@@ -0,0 +1,12 @@
+<script type="text/javascript">
+google_ad_client = "pub-123456789";
+google_ad_width = 728;
+google_ad_height = 90;
+google_ad_format = "728x90_as";
+google_ad_type = "text_image";
+google_color_border = "FFFFFF";
+google_color_bg = "0000FF";
+google_color_link = "FFFFFF";
+google_color_text = "000000";
+google_color_url = "008000";
+</script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
\ No newline at end of file
diff --git a/t/tests/files-privacybreach/debian/src/adsenseonlyadds.js b/t/tests/files-privacybreach/debian/src/adsenseonlyadds.js
new file mode 100644
index 0000000..907e5fb
--- /dev/null
+++ b/t/tests/files-privacybreach/debian/src/adsenseonlyadds.js
@@ -0,0 +1 @@
+<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
\ No newline at end of file
diff --git a/t/tests/files-privacybreach/debian/src/adsenseonlyvar.js b/t/tests/files-privacybreach/debian/src/adsenseonlyvar.js
new file mode 100644
index 0000000..eb7bdb6
--- /dev/null
+++ b/t/tests/files-privacybreach/debian/src/adsenseonlyvar.js
@@ -0,0 +1,12 @@
+<script type="text/javascript">
+google_ad_client = "pub-123456789";
+google_ad_width = 728;
+google_ad_height = 90;
+google_ad_format = "728x90_as";
+google_ad_type = "text_image";
+google_color_border = "FFFFFF";
+google_color_bg = "0000FF";
+google_color_link = "FFFFFF";
+google_color_text = "000000";
+google_color_url = "008000";
+</script>
\ No newline at end of file
diff --git a/t/tests/files-privacybreach/desc b/t/tests/files-privacybreach/desc
new file mode 100644
index 0000000..2f1b42f
--- /dev/null
+++ b/t/tests/files-privacybreach/desc
@@ -0,0 +1,5 @@
+Testname: files-privacybreach
+Sequence: 6000
+Version: 1.0
+Description: Check for different html privacy breach
+Test-For: privacy-breach-google-adsense
diff --git a/t/tests/files-privacybreach/tags b/t/tests/files-privacybreach/tags
new file mode 100644
index 0000000..7941e66
--- /dev/null
+++ b/t/tests/files-privacybreach/tags
@@ -0,0 +1,3 @@
+E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/adsense.js
+E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/adsenseonlyadds.js
+E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/adsenseonlyvar.js
--
1.7.10.4
From c20a3fd81b1f036a6ef9c70a5c941fa49cde4adb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bastien@gmail.com>
Date: Tue, 6 Aug 2013 11:32:36 +0200
Subject: [PATCH 2/2] Detect generic privacy breach
When a script fetch an external website they are a potential privacy breach.
Add an experimental tag for it.
---
checks/files.desc | 7 +++++++
checks/files.pm | 7 +++++++
t/tests/files-privacybreach/debian/src/genericwebsite.js | 1 +
t/tests/files-privacybreach/desc | 4 +++-
t/tests/files-privacybreach/tags | 1 +
5 files changed, 19 insertions(+), 1 deletion(-)
create mode 100644 t/tests/files-privacybreach/debian/src/genericwebsite.js
diff --git a/checks/files.desc b/checks/files.desc
index 225d280..c023c47 100644
--- a/checks/files.desc
+++ b/checks/files.desc
@@ -922,6 +922,13 @@ Info: This package create a privacy breach by fetching some data from
Please remove this script.
Ref: https://wiki.debian.org/Lintian/Tags/privacy-breach-google-adsense
+Tag: privacy-breach-generic
+Severity: important
+Certainty: wild-guess
+Experimental: yes
+Info: This package create a privacy breach by fetching some data from
+ an external website. Please remove this script.
+
Tag: embedded-feedparser-library
Severity: normal
Certainty: certain
diff --git a/checks/files.pm b/checks/files.pm
index 63e2fce..ff7f59e 100644
--- a/checks/files.pm
+++ b/checks/files.pm
@@ -1011,6 +1011,7 @@ foreach my $file ($info->sorted_index) {
if($file =~ m,\.(?:x?html?|js|xht|xml)$,i) {
open(my $fd, '<', $info->unpacked($file));
my $googleadsensedetected = 0;
+ my $genericwebsitedetected = 0;
while (<$fd>) {
if(m,google_ad_client\s*=,) {
unless($googleadsensedetected) {
@@ -1027,6 +1028,12 @@ foreach my $file ($info->sorted_index) {
$googleadsensedetected = 1;
}
}
+ default {
+ unless($genericwebsitedetected) {
+ tag 'privacy-breach-generic', $file, $website;
+ $genericwebsitedetected = 1;
+ }
+ }
}
}
}
diff --git a/t/tests/files-privacybreach/debian/src/genericwebsite.js b/t/tests/files-privacybreach/debian/src/genericwebsite.js
new file mode 100644
index 0000000..37aaa96
--- /dev/null
+++ b/t/tests/files-privacybreach/debian/src/genericwebsite.js
@@ -0,0 +1 @@
+<script type="text/javascript" src="http://www.example.com/trackme.js"></script>
\ No newline at end of file
diff --git a/t/tests/files-privacybreach/desc b/t/tests/files-privacybreach/desc
index 2f1b42f..d6cc677 100644
--- a/t/tests/files-privacybreach/desc
+++ b/t/tests/files-privacybreach/desc
@@ -2,4 +2,6 @@ Testname: files-privacybreach
Sequence: 6000
Version: 1.0
Description: Check for different html privacy breach
-Test-For: privacy-breach-google-adsense
+Test-For:
+ privacy-breach-generic
+ privacy-breach-google-adsense
diff --git a/t/tests/files-privacybreach/tags b/t/tests/files-privacybreach/tags
index 7941e66..b84771b 100644
--- a/t/tests/files-privacybreach/tags
+++ b/t/tests/files-privacybreach/tags
@@ -1,3 +1,4 @@
E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/adsense.js
E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/adsenseonlyadds.js
E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/adsenseonlyvar.js
+X: files-privacybreach: privacy-breach-generic usr/share/javascript/genericwebsite.js www.example.com/trackme.js
--
1.7.10.4
Reply to: