[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#872646: qa.debian.org: [debcheck] Escape some HTML before outputting

Hi,

> qa.debian.org: [debcheck] Escape some HTML before outputting

Updated patch attached, although the last hunk is probably unnecessary
anyway.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

>From b57aea649dd0ee90d6f7e2bf44f6d6119ed71815 Mon Sep 17 00:00:00 2001
From: Chris Lamb <chris@chris-lamb.co.uk>
Date: Sat, 19 Aug 2017 10:59:07 -0700
Subject: [PATCH] debcheck: Escape some HTML before outputting.

Discovered as the parser doesn't support Build-Profiles, which end up as
literal < and > chars in the error message:

  build time dependency on 'tcl <!nocheck>' which is broken Syntax
                                ^        ^

Signed-off-by: Chris Lamb <lamby@debian.org>
---
 data/debcheck/debcheck | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/data/debcheck/debcheck b/data/debcheck/debcheck
index 863afe9..aabffe2 100755
--- a/data/debcheck/debcheck
+++ b/data/debcheck/debcheck
@@ -7,6 +7,7 @@ use strict;
 
 use Dpkg::ErrorHandling;
 use Dpkg::Version;
+use HTML::Escape qw{escape_html};
 report_options (quiet_warnings => 1);
 
 my $VERBOSE = -t 1; # output is a terminal
@@ -619,7 +620,7 @@ sub malformedbuilddepends($$$$) {
 	my ($pkg, $prob, $maint, $section) = @_;
 	print FILE "<h1>Malformed Build-Depends</h1><p>";
 	for my $dependency (keys %$prob) {
-		print FILE "Package declares a build time dependency on '$dependency' which is broken Syntax.<br>\n";
+		print FILE "Package declares a build time dependency on '" . html_escape($dependency) . "' which is broken Syntax.<br>\n";
 	};
 	registerSummaryItem('malformed-build-depends', undef, $pkg, $maint);
 	registerSummaryItem('main-only-malformed-build-depends', undef, $pkg, $maint) if ($section eq 'main');
@@ -628,7 +629,7 @@ sub malformedbuilddepends($$$$) {
 sub standardversion($$$$) {
 	my ($pkg, $prob, $maint, $section) = @_;
 	print FILE "<h1>Standards-Version</h1><p>";
-	print FILE "Package has a Standards-Version of $prob which is pretty old.<br>\n";
+	print FILE "Package has a Standards-Version of " . html_escape($prob) . " which is pretty old.<br>\n";
 	registerSummaryItem('Standards-Version', undef, $pkg, $maint);
 	registerSummaryItem('main-only-Standards-Version', undef, $pkg, $maint) if ($section eq 'main');
 };
@@ -636,7 +637,7 @@ sub standardversion($$$$) {
 sub wrongstandardversion($$$$) {
 	my ($pkg, $prob, $maint, $section) = @_;
 	print FILE "<h1>Wrong-Standards-Version-Syntax</h1><p>";
-	print FILE "Package has a Standards-Version of '$prob' which is broken Syntax.<br>\n";
+	print FILE "Package has a Standards-Version of '" . html_escape($prob) . "' which is broken Syntax.<br>\n";
 	registerSummaryItem('Wrong-Standards-Version-Syntax', undef, $pkg, $maint);
 	registerSummaryItem('main-only-Wrong-Standards-Version-Syntax', undef, $pkg, $maint) if ($section eq 'main');
 };
@@ -677,7 +678,7 @@ EOF
 					my $them = $2;
 					for my $arch (keys %{$prob->{$depType}->{$depTarget}->{$partdepTarget}->{$priType}}) {
 						if ($depTarget eq $partdepTarget) {
-							print FILE "Package is $me and has a $depType on $depTarget which is $them on $arch.<br>\n";
+							print FILE "Package is " . html_escape($me) . " and has a $depType on $depTarget which is $them on $arch.<br>\n";
 						} else {
 							print FILE "Package is $me and has a $depType on $partdepTarget (within $depTarget) which is $them on $arch.<br>\n";
 						};
-- 
2.14.1
Reply to: