Bug#877421: lintian: privacy-breach-donation check should ignore URLs in comments
Package: lintian
Version: 2.5.53
Severity: normal
Hi,
the privacy-breach-donation check is currently also recognizing URLs
that are placed within one or more comments. Due this a false positive
is sometimes detected and showed as error.
Currently I have a JS file Ext.ux.form.MetaForm.js (from ExtJS from
Sencha [1]) which have some example code (inside a comment) within the
head of the file which points to Paypal and Lintian is of course
complaining about. Beneath the complete head of the JS which is
provoking a message from the Lintian run.
> E: kopano-webapp-files: privacy-breach-donation usr/share/kopano-webapp/plugins/files/js/external/Ext.ux.form.MetaForm-debug.js (https://www.paypal.com/en_us/i/scr/pixel.gif)
>> /**
>> * @class Ext.ux.form.MetaForm
>> * @extends Ext.form.FormPanel
>> *
>> * A FormPanel configured by metadata received from server
>> *
>> * @author Ing. Jozef Sakalos
>> * @copyright (c) 2008, by Ing. Jozef Sakalos
>> * @version 1.3
>> * @date <ul>
>> * <li>6. February 2007</li>
>> * <li>6. March 2009</li>
>> * <li>12. Nov 2014</li>
>> * </ul>
>> * @revision $Id: Ext.ux.form.MetaForm.js 625 2014-11-12 00:04:59Z chaas $
>> *
>> * @license Ext.ux.form.MetaForm is licensed under the terms of
>> * the Open Source LGPL 3.0 license. Commercial use is permitted to the extent
>> * that the code/component(s) do NOT become part of another Open Source or Commercially
>> * licensed development library or toolkit without explicit permission.
>> *
>> * <p>License details: <a href="http://www.gnu.org/licenses/lgpl.html"
>> * target="_blank">http://www.gnu.org/licenses/lgpl.html</a></p>
>> *
>> * @forum 25551
>> *
>> * @donate
>> * <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
>> * <input type="hidden" name="cmd" value="_s-xclick">
>> * <input type="hidden" name="hosted_button_id" value="3430419">
>> * <input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-butcc-donate.gif"
>> * border="0" name="submit" alt="PayPal - The safer, easier way to pay online.">
>> * <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> <-----------
>> * </form>
>> */
Lintian should not check for possible privacy breaking stuff that is
only within some out-commented code.
[1] https://www.sencha.com/products/extjs/
Regards
Carsten
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lintian depends on:
ii binutils 2.29.1-3
ii bzip2 1.0.6-8.1
ii diffstat 1.61-1+b1
ii dpkg 1.18.24
ii file 1:5.32-1
ii gettext 0.19.8.1-4
ii intltool-debian 0.35.0+20060710.4
ii libapt-pkg-perl 0.1.33
ii libarchive-zip-perl 1.59-1
ii libclass-accessor-perl 0.34-1
ii libclone-perl 0.38-2+b2
ii libdpkg-perl 1.18.24
ii libemail-valid-perl 1.202-1
ii libfile-basedir-perl 0.07-1
ii libipc-run-perl 0.96-1
ii liblist-moreutils-perl 0.416-1+b3
ii libparse-debianchangelog-perl 1.2.0-12
ii libperl5.26 [libdigest-sha-perl] 5.26.0-8
ii libtext-levenshtein-perl 0.13-1
ii libtimedate-perl 2.3000-2
ii liburi-perl 1.72-1
ii libxml-simple-perl 2.24-1
ii libyaml-libyaml-perl 0.63-2+b2
ii man-db 2.7.6.1-2
ii patchutils 0.3.4-2
ii perl 5.26.0-8
ii t1utils 1.40-2
ii xz-utils 5.2.2-1.3
Versions of packages lintian recommends:
ii libperlio-gzip-perl 0.19-1+b4
Versions of packages lintian suggests:
pn binutils-multiarch <none>
ii dpkg-dev 1.18.24
ii libhtml-parser-perl 3.72-3+b2
ii libtext-template-perl 1.47-1
-- no debconf information
Reply to: