[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[lintian] 03/03: Ignore privacy breach violations in comments. (Closes: #877421)

This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository lintian.

commit 077f99c547c9e79b40b625e8d60aea05258637b7
Author: Chris Lamb <lamby@debian.org>
Date:   Fri Oct 6 19:31:38 2017 +0100

    Ignore privacy breach violations in comments. (Closes: #877421)
---
 checks/files.pm                                                |  4 ++++
 debian/changelog                                               |  2 ++
 .../debian/src/privacy-breach-generic/audio.html               |  4 ++++
 .../debian/src/privacy-breach-twitter/commented.js             | 10 ++++++++++
 t/tests/files-privacybreach/tags                               |  2 +-
 5 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/checks/files.pm b/checks/files.pm
index d48a160..0fa9d6e 100644
--- a/checks/files.pm
+++ b/checks/files.pm
@@ -2141,6 +2141,10 @@ sub detect_privacy_breach {
     my $sfd = Lintian::SlidingWindow->new($fd,sub { $_=lc($_); },BLOCKSIZE);
 
     while (my $block = $sfd->readwindow) {
+        # Strip comments
+        for my $x (qw(<!--.*?--\s*> /\*.*?\*/)) {
+            $block =~ s@$x@@gs;
+        }
         # try generic fragment tagging
         foreach my $keyword ($PRIVACY_BREAKER_FRAGMENTS->all) {
             if(index($block,$keyword) > -1) {
diff --git a/debian/changelog b/debian/changelog
index eef5419..5c70bde 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@ lintian (2.5.55) UNRELEASED; urgency=medium
     + [CL] Drop copyright-year-in-future after all; it's just too error
       prone and time-consuming to maintain given the severity of the issues
       it can find.  (Closes: #877766)
+  * checks/files.pm:
+    + [CL] Ignore privacy breach violations in comments.  (Closes: #877421)
   * checks/{files,manpages}.{desc,pm}:
     + [NT] Stop treating usr/man and usr/X11R6/man as manpage directories
       to simplify some code paths.  Nothing ships manpages in these
diff --git a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/audio.html b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/audio.html
index a363372..7aa0666 100644
--- a/t/tests/files-privacybreach/debian/src/privacy-breach-generic/audio.html
+++ b/t/tests/files-privacybreach/debian/src/privacy-breach-generic/audio.html
@@ -2,6 +2,10 @@
 <html>
 <body>
 <audio src="ftp://1984.os/tuxistrackingme.ogg"; />
+<!-- <audio src="ftp://1984.os/inline-comment.ogg"; /> -->
+<!--
+<audio src="ftp://1984.os/multi-line-comment.ogg"; />
+-->
 </audio>
 </body>
 </html>
diff --git a/t/tests/files-privacybreach/debian/src/privacy-breach-twitter/commented.js b/t/tests/files-privacybreach/debian/src/privacy-breach-twitter/commented.js
new file mode 100644
index 0000000..eb09f20
--- /dev/null
+++ b/t/tests/files-privacybreach/debian/src/privacy-breach-twitter/commented.js
@@ -0,0 +1,10 @@
+/***
+ * This as a false positive.
+
+ window.twttr = (function (d,s,id) {
+      var t, js, fjs = d.getElementsByTagName(s)[0];
+      if (d.getElementById(id)) return; js=d.createElement(s); js.id=id;
+      js.src="https://platform.twitter.com/widgets.js";; fjs.parentNode.insertBefore(js, fjs);
+      return window.twttr || (t = { _e: [], ready: function(f){ t._e.push(f) } });
+    }(document, "script", "twitter-wjs"));
+*/
diff --git a/t/tests/files-privacybreach/tags b/t/tests/files-privacybreach/tags
index 6a20d19..9ab216d 100644
--- a/t/tests/files-privacybreach/tags
+++ b/t/tests/files-privacybreach/tags
@@ -39,7 +39,7 @@ E: files-privacybreach: privacy-breach-logo usr/share/files-privacy-breach/priva
 E: files-privacybreach: privacy-breach-piwik usr/share/files-privacy-breach/privacy-breach-piwik/piwik.html
 E: files-privacybreach: privacy-breach-piwik usr/share/files-privacy-breach/privacy-breach-piwik/piwikvariant.html
 E: files-privacybreach: privacy-breach-statistics-website usr/share/files-privacy-breach/privacy-breach-statistics-website/img.html (http://counter.ceres.dti.ne.jp/cgi-bin/count.cgi?df=knak.01.dat|dd=d|ft=0|md=10|comma=y|srgb=00ff00|prgb=ff0000|trgb=black)
-E: files-privacybreach: privacy-breach-statistics-website usr/share/files-privacy-breach/privacy-breach-statistics-website/statcounter.xml
+E: files-privacybreach: privacy-breach-statistics-website usr/share/files-privacy-breach/privacy-breach-statistics-website/statcounter.xml (http://c8.statcounter.com/counter.php?sc_project=895001&amp;java=0&amp;security=5ea85181&amp;invisible=1)
 E: files-privacybreach: privacy-breach-statistics-website usr/share/files-privacy-breach/privacy-breach-statistics-website/statcounter2.js
 E: files-privacybreach: privacy-breach-twitter usr/share/files-privacy-breach/privacy-breach-twitter/awstat.xml
 E: files-privacybreach: privacy-breach-twitter usr/share/files-privacy-breach/privacy-breach-twitter/official.js

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: