33
2
mirror of https://github.com/joomla-extensions/jedchecker.git synced 2024-11-18 11:05:13 +00:00
Commit Graph

254 Commits

Author SHA1 Message Date
Denis Ryabov
57374c3492 fix deprecated rules (behaviour.mootools is mostly loaded via JHtml::_, and assignRef is not static method) 2021-04-04 15:14:19 +03:00
Denis Ryabov
8cca981cff add debug_zval_dump to the error_log checks 2021-04-04 15:14:06 +03:00
Denis Ryabov
729d082bd2 fix Joomla codestyle 2021-04-04 15:12:02 +03:00
Denis Ryabov
0c9c53038c fix Joomla codestyle 2021-04-04 15:08:43 +03:00
Denis Ryabov
37e563b14b fix Joomla codestyle 2021-04-04 15:06:48 +03:00
Denis Ryabov
ce7058f121 Check both filename and file nodes 2021-04-04 15:03:55 +03:00
Denis Ryabov
fefbb2ca8e check namespace path directory exists 2021-04-04 15:03:40 +03:00
Denis Ryabov
a88050c37b check addfieldpath/addformpath/addrulepath directories exist 2021-04-04 15:03:25 +03:00
Denis Ryabov
75e93bad90 add "tgz" into a list of possible archive extensions 2021-04-04 15:03:11 +03:00
Denis Ryabov
715b061840 Check files in the fileset node of type="file" extensions 2021-04-04 15:02:32 +03:00
Denis Ryabov
3e03b981e8 check fonts in language package 2021-04-04 15:02:16 +03:00
Denis Ryabov
9e2c702b6b add a comment 2021-04-04 15:00:40 +03:00
Denis Ryabov
58e3bebf67 Auto-detect external library directories 2021-04-04 14:58:17 +03:00
Denis Ryabov
edf06dc135 Allow declare/namespace/use statements before the JEXEC guard 2021-04-04 14:57:46 +03:00
Denis Ryabov
1a201318c6 use a single regex match in the jexec rule 2021-04-04 14:57:31 +03:00
Denis Ryabov
0a09a14fb3 don't search for JEXEC guard in comments 2021-04-04 14:57:18 +03:00
Denis Ryabov
13a1237d6b Detect tabs in key names 2021-04-04 14:54:59 +03:00
Denis Ryabov
6e6b1224a0 Check file is correctly read 2021-04-04 14:54:45 +03:00
Denis Ryabov
0c51f8a60b Add descriptions for new checks 2021-04-04 14:54:06 +03:00
Denis Ryabov
cfe16c16d0 Check for spaces around the translation string (just a notice for en-GB language) 2021-04-04 14:49:04 +03:00
Denis Ryabov
adb548249d separate check for left and right quotes (for convenience) 2021-04-04 14:48:30 +03:00
Denis Ryabov
566ce26d11 Check for invalid UTF8 values 2021-04-04 14:44:20 +03:00
Denis Ryabov
9c6295231e Check for incorrect EOL 2021-04-04 14:44:07 +03:00
Denis Ryabov
778ece5631 Support J4-style language file names 2021-04-04 14:43:51 +03:00
Denis Ryabov
da42c8f0b6 remove notice on unused argnum syntax, but keep detection of incorrect argnum syntax 2021-04-04 14:43:16 +03:00
Denis Ryabov
c0f76f4da6 use warning for BOM followed by newline or comment 2021-04-04 14:34:49 +03:00
Denis Ryabov
1e0c1efec4 Allow packager and packagerurl in library extensions 2021-04-04 14:30:30 +03:00
Denis Ryabov
03f22df7d9 Mitigate error to a note for missed optional node 2021-04-04 14:29:53 +03:00
Denis Ryabov
f914e438c5 implement prefixed rules in DTD-json (to separate processing of files>file and sql>file nodes) 2021-04-04 14:26:57 +03:00
Denis Ryabov
4ed9b2c64d rule to found missed/incorrent client attribute 2021-04-04 14:26:31 +03:00
Denis Ryabov
a426ccfd0e rule to found missed method="upgrade" 2021-04-04 14:24:10 +03:00
Denis Ryabov
3961bbf319 Fix warning on types not supported by JED 2021-04-04 14:21:14 +03:00
Denis Ryabov
d023f84c3a fix issue with processing of fileset>files in type=file extensions 2021-04-04 14:21:00 +03:00
Denis Ryabov
5a4003c0da warning for template w/o positions 2021-04-04 14:20:43 +03:00
Denis Ryabov
f8320333aa support dlid attributes 2021-04-04 14:20:26 +03:00
Denis Ryabov
9b36852506 dtd-json files for file, library, and template manifests 2021-04-04 14:20:11 +03:00
Denis Ryabov
ed7eb05279 support optional url tag in packages 2021-04-04 14:19:56 +03:00
Denis Ryabov
d228600cf7 don't warn on empty child with attributes (e.g. field nodes) 2021-04-04 14:19:42 +03:00
Denis Ryabov
4d658b082c new inspection: empty element 2021-04-04 14:19:29 +03:00
Denis Ryabov
49b383514e change unknown children and attribute to just an info-level message 2021-04-04 14:19:14 +03:00
Denis Ryabov
ef48e97221 validate domain name in both authorUrl and packagerurl 2021-04-04 14:13:19 +03:00
Denis Ryabov
ce6ca7a939 simplify word boundary check 2021-04-04 14:05:39 +03:00
Denis Ryabov
a2bb820771 Check errors in JFolder::folders/files results 2021-04-04 14:03:59 +03:00
Denis Ryabov
c47fba03c9 add comments 2021-04-04 14:03:34 +03:00
Denis Ryabov
a2565abe68 add direct search for leftover files and folders 2021-04-04 14:01:38 +03:00
Denis Ryabov
ded1cab905 add __MACOSX to the list of leftover folders 2021-04-04 14:01:21 +03:00
Denis Ryabov
ae251b5d5b Joomla! code style fixes 2021-04-04 13:59:50 +03:00
Denis Ryabov
e2d61929f9 Joomla! code style fixes 2021-04-04 13:50:33 +03:00
Denis Ryabov
a34f3bd138 Joomla! code style fixes 2021-04-04 13:44:33 +03:00
Denis Ryabov
b0a0a3a0ad rename vars 2021-04-04 13:40:51 +03:00
Denis Ryabov
b78df71597 Joomla Code Style 2021-04-04 13:40:43 +03:00
Denis Ryabov
eb6ea3c7ec codestyle 2021-04-04 13:38:13 +03:00
Denis Ryabov
7dd70628e0 Typos / Joomla! code style fixes 2021-04-04 13:36:35 +03:00
Denis Ryabov
40135deac7 Joomla! code style fixes 2021-04-04 13:31:35 +03:00
Denis Ryabov
2c2ea7da46 unify displayed code lines 2021-04-04 13:00:28 +03:00
Denis Ryabov
fb16f918d3 clean PHP code (by removing comments, html, and strings) in the framework rules to avoid false-positives 2021-04-04 12:52:53 +03:00
Denis Ryabov
0e7d8b33a0 few more checks for translation values validation 2021-04-04 12:24:22 +03:00
Denis Ryabov
2866d24e59 few more checks for translation keys validation 2021-04-04 12:20:00 +03:00
Denis Ryabov
dcf4801eec change message type: compat for _QQ_, and info for empty values 2021-04-04 12:19:45 +03:00
Denis Ryabov
a7aa53ac31 check for duplicated translation keys 2021-04-04 12:19:31 +03:00
Denis Ryabov
134e4c0588 parse multiline values 2021-04-04 12:19:03 +03:00
Denis Ryabov
2e54c9fc7e parse multiline values 2021-04-04 12:12:58 +03:00
Denis Ryabov
ab4acc2bba unify code lines displaying 2021-04-04 12:07:11 +03:00
Denis Ryabov
bda87074f0 Add support of Bootstrap5 tooltips for JAMSS reports 2021-04-04 11:55:46 +03:00
Denis Ryabov
c241ede692 badge-style for info tip in jamss 2021-04-04 11:55:10 +03:00
Denis Ryabov
071d50ce65 clean PHP code (by removing comments only) in the jamss rules to avoid false-positives 2021-04-04 11:42:02 +03:00
Denis Ryabov
7b8532f372 unify code lines displaying 2021-04-04 11:41:33 +03:00
Denis Ryabov
f42ed7c300 fix missed "|" separators in regex 2021-04-04 11:30:23 +03:00
Denis Ryabov
8f1bb04d8d correct variable name 2021-04-04 11:28:55 +03:00
Denis Ryabov
606fb5225c fix comment 2021-04-04 11:28:30 +03:00
Denis Ryabov
14138dd097 show line number and code in the errorreporting rule 2021-04-04 11:25:30 +03:00
Denis Ryabov
f9a073beab simplify code 2021-04-04 11:24:02 +03:00
Denis Ryabov
ad64bd21b7 add zlib's encode/decode 2021-04-04 11:23:31 +03:00
Denis Ryabov
c55e5e928f check for full function names (to avoid false-positive with base64-encoded URI) 2021-04-04 11:23:05 +03:00
Denis Ryabov
54060ee451 show line number and code in the encoding rule 2021-04-04 11:22:50 +03:00
21faa210dc
Merge PR #86 into develop 2021-03-27 05:32:24 +02:00
Denis Ryabov
0d2310f75d simplify regex 2021-03-24 15:22:09 +03:00
Denis Ryabov
ab96c035ad a "greedy" match (by @Llewellynvdm) 2021-03-24 15:13:28 +03:00
Denis Ryabov
0869a0cecb fix comment text 2021-03-24 15:11:59 +03:00
Denis Ryabov
118846b53b fix copyright 2021-03-11 16:00:58 +03:00
Denis Ryabov
0545fddb87 fix copyright 2021-03-11 15:59:54 +03:00
Denis Ryabov
01c5c5e550 fix copyright 2021-03-11 15:56:27 +03:00
Denis Ryabov
ba75eb5967 remove @author tag 2021-03-11 13:41:07 +03:00
Denis Ryabov
8d7531a047 remove @author tag 2021-03-11 13:40:09 +03:00
Denis Ryabov
321221a495 remove @author tag 2021-03-11 13:39:11 +03:00
Denis Ryabov
65fe32b164 replace check against a preinstalled domains list by the link to the Joomla! Trademark Approval Registry page 2021-03-11 10:40:52 +03:00
Denis Ryabov
d102979258 add some comments 2021-03-11 01:56:04 +03:00
Denis Ryabov
c81699b61c Add a description for each check in the code 2021-03-11 01:35:15 +03:00
Denis Ryabov
1432595581 temporaty remove argnum check 2021-03-11 01:34:51 +03:00
Denis Ryabov
b5fe0e91b4 check for BOM in language files 2021-03-11 01:20:57 +03:00
Denis Ryabov
08864234a9 correct authors list for new rule 2021-03-11 01:20:37 +03:00
Denis Ryabov
75d8daa931 apply code style (spaces to tabs) 2021-03-11 01:19:48 +03:00
Denis Ryabov
d583e82bd7 fix path for sql files 2021-03-11 01:17:37 +03:00
Denis Ryabov
4775ddd43b correct authors list for new rule 2021-03-11 01:17:00 +03:00
Denis Ryabov
d353c8b2f8 commenting the code 2021-03-11 01:15:13 +03:00
Denis Ryabov
825208b28c add DTD json for language packages 2021-03-11 01:13:56 +03:00
Denis Ryabov
a73780e524 don't require menu and languages sections in components 2021-03-11 01:11:09 +03:00
Denis Ryabov
b74a082198 support both file and filename names for files children in package manifest 2021-03-11 01:10:53 +03:00
Denis Ryabov
ffd0995830 fix dtd for config section in modules and plugins 2021-03-11 01:10:35 +03:00
Denis Ryabov
ab751af635 remove error for missed license and updateservers tags (as they are processed by other rules) 2021-03-11 01:10:16 +03:00
Denis Ryabov
79caa44fca add support of any children (by using '*' as key) 2021-03-11 01:09:51 +03:00
Denis Ryabov
f7353bf312 add support of any attribute (by using '*' as value) 2021-03-11 01:09:32 +03:00
Denis Ryabov
62a887092c move dtd files to a separate directory 2021-03-11 01:09:09 +03:00
Denis Ryabov
77ffde4f6c correct authors list for new rule 2021-03-11 01:08:23 +03:00
Denis Ryabov
6091c866c0 commenting the code 2021-03-11 01:01:14 +03:00
Denis Ryabov
2cae2d0deb show node content in errors/warnings messages 2021-03-11 00:57:19 +03:00
Denis Ryabov
c11c23c15a check domain name against the list of approved domains 2021-03-11 00:56:35 +03:00
Denis Ryabov
5771fb0203 add list of alternative plugin group names 2021-03-11 00:56:13 +03:00
Denis Ryabov
75b6aa0f47 fix loading of language file 2021-03-11 00:55:35 +03:00
Denis Ryabov
5fafb747f0 fix loop through children nodes 2021-03-11 00:54:39 +03:00
Denis Ryabov
2c28bafe47 add extra names (BSD v2 and BSD v3) into licenses list 2021-03-11 00:52:28 +03:00
Denis Ryabov
7741b2b0ce move licenses list to gpl directory 2021-03-11 00:52:06 +03:00
Denis Ryabov
53c5903fa0 remove leading '*' character to deal with multi-line license names 2021-03-11 00:51:37 +03:00
7e1346a2ca
Merge pull request #87 into joomla/develop 2021-03-07 02:58:08 +02:00
3d51728978
Added more comments to the calculate_line_number method and fixed the variable naming. 2021-03-07 02:13:09 +02:00
ebb388a5c7
Merge pull request #76 into joomla/develop 2021-03-07 02:08:19 +02:00
Denis Ryabov
216e482009 display plugin name in the message (for packages with multiple plugins) 2021-02-18 15:25:03 +03:00
Denis Ryabov
f536d77cc3 fix matching of plugin group in title (remove spaces for "Action Log", "Quick Icons", etc.) 2021-02-18 15:24:28 +03:00
Denis Ryabov
5bab76e834 don't warn on missed unzipped files (in packages) 2021-02-18 15:20:00 +03:00
Denis Ryabov
d508bbad6b add addfieldpath attribute to all form fields 2021-02-18 15:17:13 +03:00
Denis Ryabov
8b0898713d fix json 2021-02-18 15:16:51 +03:00
Denis Ryabov
e833785494 fix paths for language dirs 2021-02-18 15:13:51 +03:00
Denis Ryabov
75d1f5f871 add more field attributes and fieldset params 2021-02-14 01:19:04 +03:00
Denis Ryabov
4850ef0d43 remove check of config section from component manifest 2021-02-14 01:18:25 +03:00
Denis Ryabov
e063c3fe22
Add direct MySQLi access to the errors list 2021-02-14 00:13:03 +03:00
Denis Ryabov
a1197006e5 check packages 2021-02-14 00:02:08 +03:00
Denis Ryabov
0bf71c0950 fix regex 2021-02-13 23:56:59 +03:00
Denis Ryabov
a206aa91ba Joomla!4 compatibility 2021-02-13 23:56:51 +03:00
Denis Ryabov
4f899fb39b fix regex 2021-02-13 23:53:36 +03:00
Denis Ryabov
331a9e162f support for "package" type 2021-02-13 23:53:26 +03:00
Denis Ryabov
329df98562 Joomla!4 compatibility 2021-02-13 23:53:09 +03:00
Denis Ryabov
aaa100fbbb fix regular expressions ("." character should be escaped) 2021-02-13 23:12:08 +03:00
Denis Ryabov
80abc68994 support of Joomla!4 2021-02-13 23:01:07 +03:00
Denis Ryabov
4d67fe0602 Add validation of language files 2021-02-03 01:14:16 +03:00
Denis Ryabov
46ec8bd40a update @since tag 2021-02-02 19:10:59 +03:00
Denis Ryabov
8e0d738131 Add check for incorrect file/folder references in the XML manifest 2021-02-02 19:09:20 +03:00
Denis Ryabov
74288b93d2 Add XML manifest validator 2021-02-02 18:58:29 +03:00
Denis Ryabov
070b22caae one more directory to lookup for language file 2021-02-02 15:36:52 +03:00
Denis Ryabov
372ea55ad7 - fixed loading of language file
- check manifest file do exist
- check naming rules
- drop Joomla!1.5 support ("install" root element)
2021-02-02 14:56:56 +03:00
Denis Ryabov
02ccd6fa65 move lists of GPL and compatible licenses to separate files 2021-01-31 11:52:32 +03:00
f22a82d6cf
Merge pull request #77 from dryabov/patch-11 2021-01-27 15:15:04 +02:00
Denis Ryabov
fa5eb52dd6
Don't warn on str_replace and preg_replace
Both `str_replace` and `preg_replace` (deprecated /e modifier is checked in another rule) are widely used and shouldn't be considered as a marker of malicious code
2021-01-24 20:37:57 +03:00
Denis Ryabov
36159b616c
A simpler way to get line number 2021-01-24 20:32:07 +03:00
Denis Ryabov
92ff3e2bec
Update gpl.ini
Add most popular GPL-compatible licenses from https://www.gnu.org/licenses/license-list.en.html
2021-01-24 20:11:17 +03:00
SharkyKZ
b7c1d87817
Support exit in entry point check 2020-09-03 11:41:52 +03:00
Anibal Sanchez
510e0b168c
Merge pull request #51 from dryabov/patch-1
Fix false-positive for JAMSS rule#23
2019-05-17 11:25:17 +02:00
Anibal Sanchez
03c7294a4c
Merge pull request #54 from dryabov/patch-4
Add `print_r` to "errorlog" list
2019-05-17 11:24:50 +02:00
Denis Ryabov
373603166d
Add print_r to "errorlog" list
Display a notice for `print_r` function (along with `error_log`, `var_export`, `var_dump`)
2019-05-15 17:25:32 +03:00
Denis Ryabov
e379627132
remove zero-width-space characters
Replace `mysql_​​escape_​​string` by `mysql_​escape_string`
2019-05-15 17:23:19 +03:00
Denis Ryabov
2f7943f6ac
Fix false-positive for JAMSS rule#23
JAMSS rule#23 gives false-positive warning for files that starts with `defined('_JEXEC')` (because of partial `exec` match) and use `$_GET` or `$_POST`. This patch requires `exec` (and other function names in) to be checked explicitly using word boundaries (`\b`) in the regex.
2019-05-15 16:48:40 +03:00