From 849333c2832f6897d173ab75be9bb14de2196a79 Mon Sep 17 00:00:00 2001
From: Boris Yumankulov <boria138@altlinux.org>
Date: Mon, 1 Sep 2025 11:42:06 +0500
Subject: [PATCH] feat(dev-scripts): add import and function safety checks to
 theme pre-commit

Signed-off-by: Boris Yumankulov <boria138@altlinux.org>
---
 dev-scripts/check_qss_properties.py | 45 +++++++++++++++++++++++++++--
 1 file changed, 43 insertions(+), 2 deletions(-)

diff --git a/dev-scripts/check_qss_properties.py b/dev-scripts/check_qss_properties.py
index 3538b16..eb76bfb 100755
--- a/dev-scripts/check_qss_properties.py
+++ b/dev-scripts/check_qss_properties.py
@@ -3,8 +3,9 @@
 import sys
 from pathlib import Path
 import re
+import ast
 
-# Запрещенные свойства
+# Запрещенные QSS-свойства
 FORBIDDEN_PROPERTIES = {
     "box-shadow",
     "backdrop-filter",
@@ -12,15 +13,55 @@ FORBIDDEN_PROPERTIES = {
     "text-shadow",
 }
 
+# Запрещенные модули и функции
+FORBIDDEN_MODULES = {
+    "os",
+    "subprocess",
+    "shutil",
+    "sys",
+    "socket",
+    "ctypes",
+    "pathlib",
+    "glob",
+}
+FORBIDDEN_FUNCTIONS = {
+    "exec",
+    "eval",
+    "open",
+    "__import__",
+}
+
 def check_qss_files():
     has_errors = False
     for qss_file in Path("portprotonqt/themes").glob("**/*.py"):
         with open(qss_file, "r") as f:
             content = f.read()
+
+            # Проверка на запрещённые QSS-свойства
             for prop in FORBIDDEN_PROPERTIES:
                 if re.search(rf"{prop}\s*:", content, re.IGNORECASE):
-                    print(f"ERROR: Unknown qss property found '{prop}' on file {qss_file}")
+                    print(f"ERROR: Unknown QSS property found '{prop}' in file {qss_file}")
                     has_errors = True
+
+            # Проверка на опасные импорты и функции
+            try:
+                tree = ast.parse(content)
+                for node in ast.walk(tree):
+                    # Проверка импортов
+                    if isinstance(node, (ast.Import, ast.ImportFrom)):
+                        for name in node.names:
+                            if name.name in FORBIDDEN_MODULES:
+                                print(f"ERROR: Forbidden module '{name.name}' found in file {qss_file}")
+                                has_errors = True
+                    # Проверка вызовов функций
+                    if isinstance(node, ast.Call):
+                        if isinstance(node.func, ast.Name) and node.func.id in FORBIDDEN_FUNCTIONS:
+                            print(f"ERROR: Forbidden function '{node.func.id}' found in file {qss_file}")
+                            has_errors = True
+            except SyntaxError as e:
+                print(f"ERROR: Syntax error in file {qss_file}: {e}")
+                has_errors = True
+
     return has_errors
 
 if __name__ == "__main__":