Bug#907957: privacy-breach-generic: false positives for commented out javascript code
Package: lintian
Version: 2.5.99
Severity: normal
When packaging a JS file with a commented out script tag with src pointing to a
http* resource, lintian falsely produces the 'privacy-breach-generic' warning.
For example, a .js file in a package which includes:
> /**
> * <script src="http://domainB.com/users?theCallbackFunction=callback1"></script>
> */
would output that warning, even if this code never can possibly get executed as
it's commented out:
> W: pve-manager: privacy-breach-generic usr/share/pve-manager/touch/sencha-touch-all-debug.js [<script src="http://domainb.com/users?callback=callback1">] (http://domainb.com/users?callback=callback1)
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.17.17-1-pve (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages lintian depends on:
ii binutils 2.31.1-5
ii bzip2 1.0.6-9
ii diffstat 1.61-1+b1
ii dpkg 1.19.0.5+b1
ii file 1:5.34-2
ii gettext 0.19.8.1-7
ii intltool-debian 0.35.0+20060710.4
ii libapt-pkg-perl 0.1.34
ii libarchive-zip-perl 1.63-1
ii libclass-accessor-perl 0.51-1
ii libclone-perl 0.39-1
ii libdpkg-perl 1.19.0.5
ii libemail-valid-perl 1.202-1
ii libfile-basedir-perl 0.08-1
ii libipc-run-perl 20180523.0-1
ii liblist-moreutils-perl 0.416-1+b3
ii libparse-debianchangelog-perl 1.2.0-12
ii libtext-levenshtein-perl 0.13-1
ii libtimedate-perl 2.3000-2
ii liburi-perl 1.74-1
ii libxml-simple-perl 2.25-1
ii libyaml-libyaml-perl 0.72+repack-1
ii man-db 2.8.4-2
ii patchutils 0.3.4-2
ii perl [libdigest-sha-perl] 5.26.2-7
ii t1utils 1.41-2
ii xz-utils 5.2.2-1.3
Versions of packages lintian recommends:
ii libperlio-gzip-perl 0.19-1+b4
Versions of packages lintian suggests:
pn binutils-multiarch <none>
ii dpkg-dev 1.19.0.5
ii libhtml-parser-perl 3.72-3+b2
pn libtext-template-perl <none>
-- no debconf information
(note: generated with reportbug tool but had problems with my smtp server config,
so using thunderbird to send)
Reply to: