[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[lintian] 01/02: Detect piwik privacy breach

This is an automated email from the git hooks/post-receive script.

broucaries-guest pushed a commit to branch master
in repository lintian.

commit 8479dcf99ec22ceb63812c4b5b090b200032f82f
Author: Bastien ROUCARIÈS <roucaries.bastien@gmail.com>
Date:   Sat Dec 28 20:23:09 2013 +0100

    Detect piwik privacy breach
    
    Detect piwik and warn user.
    
    Signed-off-by: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
---
 checks/files.desc                    | 9 +++++++++
 data/files/privacy-breaker-fragments | 3 ++-
 data/files/privacy-breaker-websites  | 3 ++-
 debian/changelog                     | 1 +
 t/tests/files-privacybreach/desc     | 1 +
 t/tests/files-privacybreach/tags     | 3 ++-
 6 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/checks/files.desc b/checks/files.desc
index 5505d67..9e1f4d8 100644
--- a/checks/files.desc
+++ b/checks/files.desc
@@ -951,6 +951,15 @@ Info: This package creates a privacy breach by using Google Adsense.
  Google Adsense terms of use. This violation renders this package not
  distributable in Debian, and thus a serious bug.
 
+Tag: privacy-breach-piwik
+Severity: important
+Certainty: possible
+Info: This package creates a privacy breach by using piwik.
+ Piwik is a free and open source web analytics application.
+ .
+ Even if piwik is free and respect the "do not track" browser
+ option, it is nevertheless a breach on our user privacy.
+
 Tag: privacy-breach-w3c-valid-html
 Severity: serious
 Certainty: possible
diff --git a/data/files/privacy-breaker-fragments b/data/files/privacy-breaker-fragments
index 8b05277..c9dc368 100644
--- a/data/files/privacy-breaker-fragments
+++ b/data/files/privacy-breaker-fragments
@@ -6,4 +6,5 @@
 # of the regex.
 #
 # Please keep this sorted by tag.
-privacy-breach-google-adsense  ~~(?:google_ad_client\s*=|[\"\']\.?google-analytics.com/ga.js[\"\']|urchinTracker\s*\(\s*\)\s*;)
\ No newline at end of file
+privacy-breach-google-adsense  ~~(?:google_ad_client\s*=|[\"\']\.?google-analytics.com/ga.js[\"\']|urchinTracker\s*\(\s*\)\s*;)
+privacy-breach-piwik           ~~(?:piwik_url\s*=|pkBaseURL\s*=|[\'"]piwik\.js[\'\"]|End\s+Piwik\h+(?:Tag|Code)|[\'\"]setTrackerUrl[\'\"])
diff --git a/data/files/privacy-breaker-websites b/data/files/privacy-breaker-websites
index e1983e2..0e670e9 100644
--- a/data/files/privacy-breaker-websites
+++ b/data/files/privacy-breaker-websites
@@ -7,4 +7,5 @@
 #
 # Please keep this sorted by tag.
 privacy-breach-google-adsense	~~^(?:[^\./]+\.)?(?:googlesyndication\.com/pagead/show_ads\.js|google-analytics\.com/(?:ga|urchin)\.js)
-privacy-breach-w3c-valid-html   ~~^(?:[^\./]+\.)?w3.org/Icons/valid-(?:[^/]+)?$
\ No newline at end of file
+privacy-breach-piwik            ~~/piwik\.php\?
+privacy-breach-w3c-valid-html   ~~^(?:[^\./]+\.)?w3.org/Icons/valid-(?:[^/]+)?$
diff --git a/debian/changelog b/debian/changelog
index 8165cf9..c6efaef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -55,6 +55,7 @@ lintian (2.5.21) UNRELEASED; urgency=medium
 
   * data/files/privacy-breaker-website
     + [BR] Add w3c website valid x?html icons.
+    + [BR] Add piwik detection.
 
   * data/rules/rules-should-not-use:
     + [BR] Detect use of $(_) variable in debian/rules (Closes: #585495).
diff --git a/t/tests/files-privacybreach/desc b/t/tests/files-privacybreach/desc
index 70a156d..754cd93 100644
--- a/t/tests/files-privacybreach/desc
+++ b/t/tests/files-privacybreach/desc
@@ -5,4 +5,5 @@ Description: Check for different html privacy breach
 Test-For:
  privacy-breach-generic
  privacy-breach-google-adsense
+ privacy-breach-piwik
  privacy-breach-w3c-valid-html
diff --git a/t/tests/files-privacybreach/tags b/t/tests/files-privacybreach/tags
index 9e11089..547b9e4 100644
--- a/t/tests/files-privacybreach/tags
+++ b/t/tests/files-privacybreach/tags
@@ -5,6 +5,8 @@ E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/adsen
 E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/urchin.js
 E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/urchinconstructor.js
 E: files-privacybreach: privacy-breach-google-adsense usr/share/javascript/urchinloader.js
+E: files-privacybreach: privacy-breach-piwik usr/share/files-privacybreach/html/piwik.html
+E: files-privacybreach: privacy-breach-piwik usr/share/files-privacybreach/html/piwikvariant.html
 E: files-privacybreach: privacy-breach-w3c-valid-html usr/share/files-privacybreach/html/htmlvalid.html
 X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/applet.html 1984.os/trackme
 X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/div.html trackme.1984/index-2.html
@@ -16,7 +18,6 @@ X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/htm
 X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/importcss.html trackme.css/track.css
 X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/input.html 1984.os/hiddentrackme.png
 X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/object.html 1984.os/hellotrackme.swf
-X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/piwik.html apps.sourceforge.net/piwik/matplotlib/piwik.php?idsite=1
 X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/source.html 1984.os/tracking.mp3
 X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/track.html 1984.os/notracking.vtt
 X: files-privacybreach: privacy-breach-generic usr/share/files-privacybreach/html/video.html 1984.os/tuxistrackingme.ogg

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: