Skip to content

Commit

Permalink
Merge pull request #57 from AdmiringWorm/issue28
Browse files Browse the repository at this point in the history
(#28) Add rule to disallow icon URL using GitHub links
  • Loading branch information
gep13 authored Dec 5, 2024
2 parents a25dd20 + ee6fa4b commit 422fa4f
Show file tree
Hide file tree
Showing 8 changed files with 163 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
Chocolatey.Community.Validation.Rules.CopyrightElementRules,
Chocolatey.Community.Validation.Rules.DependenciesElementRules,
Chocolatey.Community.Validation.Rules.DescriptionElementRules,
Chocolatey.Community.Validation.Rules.IconUrlElementRules,
Chocolatey.Community.Validation.Rules.IdElementRules,
Chocolatey.Community.Validation.Rules.NuspecContainsEmailsRule,
Chocolatey.Community.Validation.Rules.ProjectUrlElementRules,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
Chocolatey.Community.Validation.Rules.CopyrightElementRules,
Chocolatey.Community.Validation.Rules.DependenciesElementRules,
Chocolatey.Community.Validation.Rules.DescriptionElementRules,
Chocolatey.Community.Validation.Rules.IconUrlElementRules,
Chocolatey.Community.Validation.Rules.IdElementRules,
Chocolatey.Community.Validation.Rules.NuspecContainsEmailsRule,
Chocolatey.Community.Validation.Rules.ProjectUrlElementRules,
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[
{
HelpUrl: https://ch0.co/rules/cpmr0076,
Id: CPMR0076,
Message: Icon URL uses a URL that is a GitHub raw URL.,
Severity: Error
}
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[
{
HelpUrl: https://ch0.co/rules/cpmr0076,
Id: CPMR0076,
Message: Icon URL uses a URL that is a RawGit URL.,
Severity: Error
}
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[
{
Severity: Error,
Id: CPMR0076,
Summary: Icon URL uses a URL that is a GitHub raw URL.,
HelpUrl: https://ch0.co/rules/cpmr0076
}
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
namespace Chocolatey.Community.Validation.Tests.Rules
{
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Chocolatey.Community.Validation.Rules;
using NUnit.Framework;
using VerifyNUnit;

public class IconUrlElementRulesTest : RuleTestBase<IconUrlElementRules>
{
[TestCase(nameof(InvalidUrlValues))]
public async Task ShouldNotFlagInvalidUrls(string value)
{
var testContent = GetTestContent(value);

await VerifyEmptyResults(testContent);
}

[TestCaseSource(nameof(EmptyTestValues))]
public async Task ShouldNotFlagEmptyValues(string value)
{
var testContent = GetTestContent(value);

await VerifyEmptyResults(testContent);
}

[TestCase("https://github.com/chocolatey-community/chocolatey-packages/blob/master/icons/7zip.svg")]
[TestCase("https://github.com/chocolatey-community/chocolatey-packages/raw/refs/heads/master/icons/filezilla.svg")]
[TestCase("https://raw.githubusercontent.com/chocolatey-community/chocolatey-packages/refs/heads/master/icons/1password4.png")]
public async Task ShouldFlagUrlsUsingGitHubLinks(string value)
{
var testContent = GetTestContent(value);

var results = GetRuleResults(testContent, Encoding.UTF8);

await Verifier.Verify(results)
// We ignore the parameter value, as it will result in
// failure due to long paths not being supported.
.IgnoreParametersForVerified(nameof(value))
.DisableRequireUniquePrefix();
}

[Test]
public async Task ShouldFlagUrlsUsingRawGitLinks()
{
var testContent = GetTestContent("https://cdn.rawgit.com/chocolatey/chocolatey-coreteampackages/049a3a3d/icons/winff.png");

await VerifyNuspec(testContent);
}

private static string GetTestContent(string? iconUrl)
{
const string format = @"<?xml version=""1.0"" encoding=""utf-8""?>
<!-- Do not remove this test for UTF-8: if “Ω” doesn’t appear as greek uppercase omega letter enclosed in quotation marks, you should use an editor that supports UTF-8, not this one. -->
<package xmlns=""http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"">
<metadata>
<id>short-copyright</id>
<version>1.0.0</version>
<authors>Author</authors>
<iconUrl>{0}</iconUrl>
<packageSourceUrl>https://test-url.com/</packageSourceUrl>
<tags>tag-1 tag-2 tag-3</tags>
<dependencies>
<dependency id=""basic"" />
</dependencies>
</metadata>
<files />
</package>";

return string.Format(CultureInfo.InvariantCulture, format, iconUrl);
}
}
}
3 changes: 3 additions & 0 deletions src/Chocolatey.Community.Validation/PublicAPI.Unshipped.txt
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ Chocolatey.Community.Validation.Rules.DependenciesElementRules
Chocolatey.Community.Validation.Rules.DependenciesElementRules.DependenciesElementRules() -> void
Chocolatey.Community.Validation.Rules.DescriptionElementRules
Chocolatey.Community.Validation.Rules.DescriptionElementRules.DescriptionElementRules() -> void
Chocolatey.Community.Validation.Rules.IconUrlElementRules
Chocolatey.Community.Validation.Rules.IconUrlElementRules.IconUrlElementRules() -> void
Chocolatey.Community.Validation.Rules.IdElementRules
Chocolatey.Community.Validation.Rules.IdElementRules.IdElementRules() -> void
Chocolatey.Community.Validation.Rules.NuspecContainsEmailsRule
Expand All @@ -35,6 +37,7 @@ override Chocolatey.Community.Validation.Rules.AuthorMatchesMaintainerRule.Valid
override Chocolatey.Community.Validation.Rules.CopyrightElementRules.Validate(NuGet.Packaging.NuspecReader! reader) -> System.Collections.Generic.IEnumerable<chocolatey.infrastructure.rules.RuleResult!>!
override Chocolatey.Community.Validation.Rules.DependenciesElementRules.Validate(NuGet.Packaging.NuspecReader! reader) -> System.Collections.Generic.IEnumerable<chocolatey.infrastructure.rules.RuleResult!>!
override Chocolatey.Community.Validation.Rules.DescriptionElementRules.Validate(NuGet.Packaging.NuspecReader! reader) -> System.Collections.Generic.IEnumerable<chocolatey.infrastructure.rules.RuleResult!>!
override Chocolatey.Community.Validation.Rules.IconUrlElementRules.Validate(NuGet.Packaging.NuspecReader! reader) -> System.Collections.Generic.IEnumerable<chocolatey.infrastructure.rules.RuleResult!>!
override Chocolatey.Community.Validation.Rules.IdElementRules.Validate(NuGet.Packaging.NuspecReader! reader) -> System.Collections.Generic.IEnumerable<chocolatey.infrastructure.rules.RuleResult!>!
override Chocolatey.Community.Validation.Rules.NuspecContainsEmailsRule.Validate(NuGet.Packaging.NuspecReader! reader) -> System.Collections.Generic.IEnumerable<chocolatey.infrastructure.rules.RuleResult!>!
override Chocolatey.Community.Validation.Rules.RequireLicenseAcceptanceElementRules.Validate(NuGet.Packaging.NuspecReader! reader) -> System.Collections.Generic.IEnumerable<chocolatey.infrastructure.rules.RuleResult!>!
Expand Down
57 changes: 57 additions & 0 deletions src/Chocolatey.Community.Validation/Rules/IconUrlElementRules.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
namespace Chocolatey.Community.Validation.Rules
{
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using chocolatey;
using chocolatey.infrastructure.rules;

public sealed class IconUrlElementRules : CCRMetadataRuleBase
{
private const string RawUrlRuleId = "CPMR0076";

public override IEnumerable<RuleResult> Validate(global::NuGet.Packaging.NuspecReader reader)
{
if (reader is null)
{
throw new ArgumentNullException(nameof(reader));
}

var iconUrl = reader.GetIconUrl();

if (!Uri.TryCreate(iconUrl, UriKind.Absolute, out var iconUri))
{
yield break;
}

if (IsGitHubIconUrl(iconUri))
{
yield return GetRule(RawUrlRuleId);
}
else if (iconUri.Host.IsEqualTo("cdn.rawgit.com") || iconUri.Host.IsEqualTo("rawgit.com"))
{
yield return GetRule(RawUrlRuleId, "Icon URL uses a URL that is a RawGit URL.");
}
}

private bool IsGitHubIconUrl(Uri iconUri)
{
var hosts = new[]
{
"raw.githubusercontent.com",
"githubusercontent.com",
"github.com",
"gist.github.com"
};

return hosts.Contains(iconUri.Host.ToLowerInvariant());
}

protected internal override IEnumerable<(RuleType severity, string? id, string summary)> GetRulesInformation()
{
yield return (RuleType.Error, RawUrlRuleId, "Icon URL uses a URL that is a GitHub raw URL.");
}
}
}

0 comments on commit 422fa4f

Please sign in to comment.