Denis Ryabov
0c9c53038c
fix Joomla codestyle
2021-04-04 15:08:43 +03:00
Denis Ryabov
37e563b14b
fix Joomla codestyle
2021-04-04 15:06:48 +03:00
Denis Ryabov
ce7058f121
Check both filename and file nodes
2021-04-04 15:03:55 +03:00
Denis Ryabov
fefbb2ca8e
check namespace path directory exists
2021-04-04 15:03:40 +03:00
Denis Ryabov
a88050c37b
check addfieldpath/addformpath/addrulepath directories exist
2021-04-04 15:03:25 +03:00
Denis Ryabov
75e93bad90
add "tgz" into a list of possible archive extensions
2021-04-04 15:03:11 +03:00
Denis Ryabov
715b061840
Check files in the fileset node of type="file" extensions
2021-04-04 15:02:32 +03:00
Denis Ryabov
3e03b981e8
check fonts in language package
2021-04-04 15:02:16 +03:00
Denis Ryabov
9e2c702b6b
add a comment
2021-04-04 15:00:40 +03:00
Denis Ryabov
58e3bebf67
Auto-detect external library directories
2021-04-04 14:58:17 +03:00
Denis Ryabov
edf06dc135
Allow declare/namespace/use statements before the JEXEC guard
2021-04-04 14:57:46 +03:00
Denis Ryabov
1a201318c6
use a single regex match in the jexec rule
2021-04-04 14:57:31 +03:00
Denis Ryabov
0a09a14fb3
don't search for JEXEC guard in comments
2021-04-04 14:57:18 +03:00
Denis Ryabov
13a1237d6b
Detect tabs in key names
2021-04-04 14:54:59 +03:00
Denis Ryabov
6e6b1224a0
Check file is correctly read
2021-04-04 14:54:45 +03:00
Denis Ryabov
0c51f8a60b
Add descriptions for new checks
2021-04-04 14:54:06 +03:00
Denis Ryabov
cfe16c16d0
Check for spaces around the translation string (just a notice for en-GB language)
2021-04-04 14:49:04 +03:00
Denis Ryabov
adb548249d
separate check for left and right quotes (for convenience)
2021-04-04 14:48:30 +03:00
Denis Ryabov
566ce26d11
Check for invalid UTF8 values
2021-04-04 14:44:20 +03:00
Denis Ryabov
9c6295231e
Check for incorrect EOL
2021-04-04 14:44:07 +03:00
Denis Ryabov
778ece5631
Support J4-style language file names
2021-04-04 14:43:51 +03:00
Denis Ryabov
da42c8f0b6
remove notice on unused argnum syntax, but keep detection of incorrect argnum syntax
2021-04-04 14:43:16 +03:00
Denis Ryabov
c0f76f4da6
use warning for BOM followed by newline or comment
2021-04-04 14:34:49 +03:00
Denis Ryabov
1e0c1efec4
Allow packager and packagerurl in library extensions
2021-04-04 14:30:30 +03:00
Denis Ryabov
03f22df7d9
Mitigate error to a note for missed optional node
2021-04-04 14:29:53 +03:00
Denis Ryabov
f914e438c5
implement prefixed rules in DTD-json (to separate processing of files>file and sql>file nodes)
2021-04-04 14:26:57 +03:00
Denis Ryabov
4ed9b2c64d
rule to found missed/incorrent client attribute
2021-04-04 14:26:31 +03:00
Denis Ryabov
a426ccfd0e
rule to found missed method="upgrade"
2021-04-04 14:24:10 +03:00
Denis Ryabov
3961bbf319
Fix warning on types not supported by JED
2021-04-04 14:21:14 +03:00
Denis Ryabov
d023f84c3a
fix issue with processing of fileset>files in type=file extensions
2021-04-04 14:21:00 +03:00
Denis Ryabov
5a4003c0da
warning for template w/o positions
2021-04-04 14:20:43 +03:00
Denis Ryabov
f8320333aa
support dlid attributes
2021-04-04 14:20:26 +03:00
Denis Ryabov
9b36852506
dtd-json files for file, library, and template manifests
2021-04-04 14:20:11 +03:00
Denis Ryabov
ed7eb05279
support optional url tag in packages
2021-04-04 14:19:56 +03:00
Denis Ryabov
d228600cf7
don't warn on empty child with attributes (e.g. field nodes)
2021-04-04 14:19:42 +03:00
Denis Ryabov
4d658b082c
new inspection: empty element
2021-04-04 14:19:29 +03:00
Denis Ryabov
49b383514e
change unknown children and attribute to just an info-level message
2021-04-04 14:19:14 +03:00
Denis Ryabov
ef48e97221
validate domain name in both authorUrl and packagerurl
2021-04-04 14:13:19 +03:00
Denis Ryabov
ce6ca7a939
simplify word boundary check
2021-04-04 14:05:39 +03:00
Denis Ryabov
a2bb820771
Check errors in JFolder::folders/files results
2021-04-04 14:03:59 +03:00
Denis Ryabov
c47fba03c9
add comments
2021-04-04 14:03:34 +03:00
Denis Ryabov
a2565abe68
add direct search for leftover files and folders
2021-04-04 14:01:38 +03:00
Denis Ryabov
ded1cab905
add __MACOSX to the list of leftover folders
2021-04-04 14:01:21 +03:00
Denis Ryabov
ae251b5d5b
Joomla! code style fixes
2021-04-04 13:59:50 +03:00
Denis Ryabov
e2d61929f9
Joomla! code style fixes
2021-04-04 13:50:33 +03:00
Denis Ryabov
a34f3bd138
Joomla! code style fixes
2021-04-04 13:44:33 +03:00
Denis Ryabov
b0a0a3a0ad
rename vars
2021-04-04 13:40:51 +03:00
Denis Ryabov
b78df71597
Joomla Code Style
2021-04-04 13:40:43 +03:00
Denis Ryabov
eb6ea3c7ec
codestyle
2021-04-04 13:38:13 +03:00
Denis Ryabov
7dd70628e0
Typos / Joomla! code style fixes
2021-04-04 13:36:35 +03:00
Denis Ryabov
40135deac7
Joomla! code style fixes
2021-04-04 13:31:35 +03:00
Denis Ryabov
2c2ea7da46
unify displayed code lines
2021-04-04 13:00:28 +03:00
Denis Ryabov
fb16f918d3
clean PHP code (by removing comments, html, and strings) in the framework rules to avoid false-positives
2021-04-04 12:52:53 +03:00
Denis Ryabov
0e7d8b33a0
few more checks for translation values validation
2021-04-04 12:24:22 +03:00
Denis Ryabov
2866d24e59
few more checks for translation keys validation
2021-04-04 12:20:00 +03:00
Denis Ryabov
dcf4801eec
change message type: compat for _QQ_, and info for empty values
2021-04-04 12:19:45 +03:00
Denis Ryabov
a7aa53ac31
check for duplicated translation keys
2021-04-04 12:19:31 +03:00
Denis Ryabov
134e4c0588
parse multiline values
2021-04-04 12:19:03 +03:00
Denis Ryabov
2e54c9fc7e
parse multiline values
2021-04-04 12:12:58 +03:00
Denis Ryabov
ab4acc2bba
unify code lines displaying
2021-04-04 12:07:11 +03:00
Denis Ryabov
bda87074f0
Add support of Bootstrap5 tooltips for JAMSS reports
2021-04-04 11:55:46 +03:00
Denis Ryabov
c241ede692
badge-style for info tip in jamss
2021-04-04 11:55:10 +03:00
Denis Ryabov
071d50ce65
clean PHP code (by removing comments only) in the jamss rules to avoid false-positives
2021-04-04 11:42:02 +03:00
Denis Ryabov
7b8532f372
unify code lines displaying
2021-04-04 11:41:33 +03:00
Denis Ryabov
f42ed7c300
fix missed "|" separators in regex
2021-04-04 11:30:23 +03:00
Denis Ryabov
8f1bb04d8d
correct variable name
2021-04-04 11:28:55 +03:00
Denis Ryabov
606fb5225c
fix comment
2021-04-04 11:28:30 +03:00
Denis Ryabov
14138dd097
show line number and code in the errorreporting rule
2021-04-04 11:25:30 +03:00
Denis Ryabov
f9a073beab
simplify code
2021-04-04 11:24:02 +03:00
Denis Ryabov
ad64bd21b7
add zlib's encode/decode
2021-04-04 11:23:31 +03:00
Denis Ryabov
c55e5e928f
check for full function names (to avoid false-positive with base64-encoded URI)
2021-04-04 11:23:05 +03:00
Denis Ryabov
54060ee451
show line number and code in the encoding rule
2021-04-04 11:22:50 +03:00
21faa210dc
Merge PR #86 into develop
2021-03-27 05:32:24 +02:00
Denis Ryabov
0d2310f75d
simplify regex
2021-03-24 15:22:09 +03:00
Denis Ryabov
ab96c035ad
a "greedy" match (by @Llewellynvdm)
2021-03-24 15:13:28 +03:00
Denis Ryabov
0869a0cecb
fix comment text
2021-03-24 15:11:59 +03:00
Denis Ryabov
118846b53b
fix copyright
2021-03-11 16:00:58 +03:00
Denis Ryabov
0545fddb87
fix copyright
2021-03-11 15:59:54 +03:00
Denis Ryabov
01c5c5e550
fix copyright
2021-03-11 15:56:27 +03:00
Denis Ryabov
ba75eb5967
remove @author
tag
2021-03-11 13:41:07 +03:00
Denis Ryabov
8d7531a047
remove @author
tag
2021-03-11 13:40:09 +03:00
Denis Ryabov
321221a495
remove @author
tag
2021-03-11 13:39:11 +03:00
Denis Ryabov
65fe32b164
replace check against a preinstalled domains list by the link to the Joomla! Trademark Approval Registry page
2021-03-11 10:40:52 +03:00
Denis Ryabov
d102979258
add some comments
2021-03-11 01:56:04 +03:00
Denis Ryabov
c81699b61c
Add a description for each check in the code
2021-03-11 01:35:15 +03:00
Denis Ryabov
1432595581
temporaty remove argnum check
2021-03-11 01:34:51 +03:00
Denis Ryabov
b5fe0e91b4
check for BOM in language files
2021-03-11 01:20:57 +03:00
Denis Ryabov
08864234a9
correct authors list for new rule
2021-03-11 01:20:37 +03:00
Denis Ryabov
75d8daa931
apply code style (spaces to tabs)
2021-03-11 01:19:48 +03:00
Denis Ryabov
d583e82bd7
fix path for sql files
2021-03-11 01:17:37 +03:00
Denis Ryabov
4775ddd43b
correct authors list for new rule
2021-03-11 01:17:00 +03:00
Denis Ryabov
d353c8b2f8
commenting the code
2021-03-11 01:15:13 +03:00
Denis Ryabov
825208b28c
add DTD json for language packages
2021-03-11 01:13:56 +03:00
Denis Ryabov
a73780e524
don't require menu and languages sections in components
2021-03-11 01:11:09 +03:00
Denis Ryabov
b74a082198
support both file and filename names for files children in package manifest
2021-03-11 01:10:53 +03:00
Denis Ryabov
ffd0995830
fix dtd for config section in modules and plugins
2021-03-11 01:10:35 +03:00
Denis Ryabov
ab751af635
remove error for missed license and updateservers tags (as they are processed by other rules)
2021-03-11 01:10:16 +03:00
Denis Ryabov
79caa44fca
add support of any children (by using '*' as key)
2021-03-11 01:09:51 +03:00
Denis Ryabov
f7353bf312
add support of any attribute (by using '*' as value)
2021-03-11 01:09:32 +03:00
Denis Ryabov
62a887092c
move dtd files to a separate directory
2021-03-11 01:09:09 +03:00
Denis Ryabov
77ffde4f6c
correct authors list for new rule
2021-03-11 01:08:23 +03:00
Denis Ryabov
6091c866c0
commenting the code
2021-03-11 01:01:14 +03:00
Denis Ryabov
2cae2d0deb
show node content in errors/warnings messages
2021-03-11 00:57:19 +03:00
Denis Ryabov
c11c23c15a
check domain name against the list of approved domains
2021-03-11 00:56:35 +03:00
Denis Ryabov
5771fb0203
add list of alternative plugin group names
2021-03-11 00:56:13 +03:00
Denis Ryabov
75b6aa0f47
fix loading of language file
2021-03-11 00:55:35 +03:00
Denis Ryabov
5fafb747f0
fix loop through children nodes
2021-03-11 00:54:39 +03:00
Denis Ryabov
2c28bafe47
add extra names (BSD v2 and BSD v3) into licenses list
2021-03-11 00:52:28 +03:00
Denis Ryabov
7741b2b0ce
move licenses list to gpl directory
2021-03-11 00:52:06 +03:00
Denis Ryabov
53c5903fa0
remove leading '*' character to deal with multi-line license names
2021-03-11 00:51:37 +03:00
7e1346a2ca
Merge pull request #87 into joomla/develop
2021-03-07 02:58:08 +02:00
3d51728978
Added more comments to the calculate_line_number method and fixed the variable naming.
2021-03-07 02:13:09 +02:00
ebb388a5c7
Merge pull request #76 into joomla/develop
2021-03-07 02:08:19 +02:00
Denis Ryabov
216e482009
display plugin name in the message (for packages with multiple plugins)
2021-02-18 15:25:03 +03:00
Denis Ryabov
f536d77cc3
fix matching of plugin group in title (remove spaces for "Action Log", "Quick Icons", etc.)
2021-02-18 15:24:28 +03:00
Denis Ryabov
5bab76e834
don't warn on missed unzipped files (in packages)
2021-02-18 15:20:00 +03:00
Denis Ryabov
d508bbad6b
add addfieldpath attribute to all form fields
2021-02-18 15:17:13 +03:00
Denis Ryabov
8b0898713d
fix json
2021-02-18 15:16:51 +03:00
Denis Ryabov
e833785494
fix paths for language dirs
2021-02-18 15:13:51 +03:00
Denis Ryabov
75d1f5f871
add more field attributes and fieldset params
2021-02-14 01:19:04 +03:00
Denis Ryabov
4850ef0d43
remove check of config section from component manifest
2021-02-14 01:18:25 +03:00
Denis Ryabov
e063c3fe22
Add direct MySQLi access to the errors list
2021-02-14 00:13:03 +03:00
Denis Ryabov
a1197006e5
check packages
2021-02-14 00:02:08 +03:00
Denis Ryabov
0bf71c0950
fix regex
2021-02-13 23:56:59 +03:00
Denis Ryabov
a206aa91ba
Joomla!4 compatibility
2021-02-13 23:56:51 +03:00
Denis Ryabov
4f899fb39b
fix regex
2021-02-13 23:53:36 +03:00
Denis Ryabov
331a9e162f
support for "package" type
2021-02-13 23:53:26 +03:00
Denis Ryabov
329df98562
Joomla!4 compatibility
2021-02-13 23:53:09 +03:00
Denis Ryabov
aaa100fbbb
fix regular expressions ("." character should be escaped)
2021-02-13 23:12:08 +03:00
Denis Ryabov
80abc68994
support of Joomla!4
2021-02-13 23:01:07 +03:00
Denis Ryabov
4d67fe0602
Add validation of language files
2021-02-03 01:14:16 +03:00
Denis Ryabov
46ec8bd40a
update @since tag
2021-02-02 19:10:59 +03:00
Denis Ryabov
8e0d738131
Add check for incorrect file/folder references in the XML manifest
2021-02-02 19:09:20 +03:00
Denis Ryabov
74288b93d2
Add XML manifest validator
2021-02-02 18:58:29 +03:00
Denis Ryabov
070b22caae
one more directory to lookup for language file
2021-02-02 15:36:52 +03:00
Denis Ryabov
372ea55ad7
- fixed loading of language file
...
- check manifest file do exist
- check naming rules
- drop Joomla!1.5 support ("install" root element)
2021-02-02 14:56:56 +03:00
Denis Ryabov
02ccd6fa65
move lists of GPL and compatible licenses to separate files
2021-01-31 11:52:32 +03:00
f22a82d6cf
Merge pull request #77 from dryabov/patch-11
2021-01-27 15:15:04 +02:00
Denis Ryabov
fa5eb52dd6
Don't warn on str_replace and preg_replace
...
Both `str_replace` and `preg_replace` (deprecated /e modifier is checked in another rule) are widely used and shouldn't be considered as a marker of malicious code
2021-01-24 20:37:57 +03:00
Denis Ryabov
36159b616c
A simpler way to get line number
2021-01-24 20:32:07 +03:00
Denis Ryabov
92ff3e2bec
Update gpl.ini
...
Add most popular GPL-compatible licenses from https://www.gnu.org/licenses/license-list.en.html
2021-01-24 20:11:17 +03:00
SharkyKZ
b7c1d87817
Support exit in entry point check
2020-09-03 11:41:52 +03:00
Anibal Sanchez
510e0b168c
Merge pull request #51 from dryabov/patch-1
...
Fix false-positive for JAMSS rule#23
2019-05-17 11:25:17 +02:00
Anibal Sanchez
03c7294a4c
Merge pull request #54 from dryabov/patch-4
...
Add `print_r` to "errorlog" list
2019-05-17 11:24:50 +02:00
Denis Ryabov
373603166d
Add print_r
to "errorlog" list
...
Display a notice for `print_r` function (along with `error_log`, `var_export`, `var_dump`)
2019-05-15 17:25:32 +03:00
Denis Ryabov
e379627132
remove zero-width-space characters
...
Replace `mysql_​escape_​string` by `mysql_escape_string`
2019-05-15 17:23:19 +03:00
Denis Ryabov
2f7943f6ac
Fix false-positive for JAMSS rule#23
...
JAMSS rule#23 gives false-positive warning for files that starts with `defined('_JEXEC')` (because of partial `exec` match) and use `$_GET` or `$_POST`. This patch requires `exec` (and other function names in) to be checked explicitly using word boundaries (`\b`) in the regex.
2019-05-15 16:48:40 +03:00
anibalsanchez
0f241adba7
More Copryright fixes
2019-03-10 17:09:42 +01:00
anibalsanchez
5119fc102a
2.1.1 - Copyright updated to Joomla
2019-03-10 09:49:52 +01:00
anibalsanchez
b34cb440a4
2.1.0
2019-03-09 20:44:14 +01:00