feat(dev-scripts): add import and function safety checks to theme pre-commit
Signed-off-by: Boris Yumankulov <boria138@altlinux.org>
This commit is contained in:
@@ -3,8 +3,9 @@
|
|||||||
import sys
|
import sys
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
import re
|
import re
|
||||||
|
import ast
|
||||||
|
|
||||||
# Запрещенные свойства
|
# Запрещенные QSS-свойства
|
||||||
FORBIDDEN_PROPERTIES = {
|
FORBIDDEN_PROPERTIES = {
|
||||||
"box-shadow",
|
"box-shadow",
|
||||||
"backdrop-filter",
|
"backdrop-filter",
|
||||||
@@ -12,15 +13,55 @@ FORBIDDEN_PROPERTIES = {
|
|||||||
"text-shadow",
|
"text-shadow",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Запрещенные модули и функции
|
||||||
|
FORBIDDEN_MODULES = {
|
||||||
|
"os",
|
||||||
|
"subprocess",
|
||||||
|
"shutil",
|
||||||
|
"sys",
|
||||||
|
"socket",
|
||||||
|
"ctypes",
|
||||||
|
"pathlib",
|
||||||
|
"glob",
|
||||||
|
}
|
||||||
|
FORBIDDEN_FUNCTIONS = {
|
||||||
|
"exec",
|
||||||
|
"eval",
|
||||||
|
"open",
|
||||||
|
"__import__",
|
||||||
|
}
|
||||||
|
|
||||||
def check_qss_files():
|
def check_qss_files():
|
||||||
has_errors = False
|
has_errors = False
|
||||||
for qss_file in Path("portprotonqt/themes").glob("**/*.py"):
|
for qss_file in Path("portprotonqt/themes").glob("**/*.py"):
|
||||||
with open(qss_file, "r") as f:
|
with open(qss_file, "r") as f:
|
||||||
content = f.read()
|
content = f.read()
|
||||||
|
|
||||||
|
# Проверка на запрещённые QSS-свойства
|
||||||
for prop in FORBIDDEN_PROPERTIES:
|
for prop in FORBIDDEN_PROPERTIES:
|
||||||
if re.search(rf"{prop}\s*:", content, re.IGNORECASE):
|
if re.search(rf"{prop}\s*:", content, re.IGNORECASE):
|
||||||
print(f"ERROR: Unknown qss property found '{prop}' on file {qss_file}")
|
print(f"ERROR: Unknown QSS property found '{prop}' in file {qss_file}")
|
||||||
has_errors = True
|
has_errors = True
|
||||||
|
|
||||||
|
# Проверка на опасные импорты и функции
|
||||||
|
try:
|
||||||
|
tree = ast.parse(content)
|
||||||
|
for node in ast.walk(tree):
|
||||||
|
# Проверка импортов
|
||||||
|
if isinstance(node, (ast.Import, ast.ImportFrom)):
|
||||||
|
for name in node.names:
|
||||||
|
if name.name in FORBIDDEN_MODULES:
|
||||||
|
print(f"ERROR: Forbidden module '{name.name}' found in file {qss_file}")
|
||||||
|
has_errors = True
|
||||||
|
# Проверка вызовов функций
|
||||||
|
if isinstance(node, ast.Call):
|
||||||
|
if isinstance(node.func, ast.Name) and node.func.id in FORBIDDEN_FUNCTIONS:
|
||||||
|
print(f"ERROR: Forbidden function '{node.func.id}' found in file {qss_file}")
|
||||||
|
has_errors = True
|
||||||
|
except SyntaxError as e:
|
||||||
|
print(f"ERROR: Syntax error in file {qss_file}: {e}")
|
||||||
|
has_errors = True
|
||||||
|
|
||||||
return has_errors
|
return has_errors
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|||||||
Reference in New Issue
Block a user