mozilla
/
addons-linter
зеркало из https://github.com/mozilla/addons-linter.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Run markdown-spellcheck against README and docs

This commit is contained in:
Peter deHaan 2018-10-16 15:36:09 -07:00
Родитель a021f7a7b7
Коммит c5ff023aeb
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 23BB6335A894F873
4 изменённых файлов: 104 добавлений и 62 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

42
.spelling Normal file
Просмотреть файл

@ -0,0 +1,42 @@
_or_
1.x
addon-linter
addons-linter
addons.mozilla.org
amo-validator
AngularJS
content_security_policy
default_locale
eg
env
ESLint
FLUENT_INVALID
fluent.js
jQuery
js
json
langpack
Linter
linter
manifest_json
manifest_version
manifest.json
messages.json
Node.js
npm
nvm
openDialog
opensearch
pino
semver
Sinon
standalone
strict_max_version
TravisCI
truthy
unadvised
unsafe-eval
unsanitized
update_url
v8
WebExtensions

24
README.md
Просмотреть файл

@ -12,7 +12,7 @@ You can find more information about the linter and it's implemented rules in our
### Command Line
You need node.js to use the add-ons linter.
You need Node.js to use the add-ons linter.
To validate your add-on locally, install the linter from [npm](http://nodejs.org/):
@ -99,11 +99,11 @@ linter.run()
## Development
If you'd like to help us develop the addons-linter, that's great! It's pretty easy to get started, you just need node.js installed on your machine.
If you'd like to help us develop the addons-linter, that's great! It's pretty easy to get started, you just need Node.js installed on your machine.
### Quick Start
If you have node.js installed, here's the quick start to getting your development dependencies installed and running the tests
If you have Node.js installed, here's the quick start to getting your development dependencies installed and running the tests
```sh
git clone https://github.com/mozilla/addons-linter.git
@ -123,11 +123,11 @@ npm run build
bin/addons-linter my-addon.zip
```
### Required node version
### Required Node version
addons-linter requires node.js v8 or greater. Have a look at our `.travis.yml` file which node.js versions we officially test.
addons-linter requires Node.js v8 or greater. Have a look at our `.travis.yml` file which Node.js versions we officially test.
Using nvm is probably the easiest way to manage multiple node versions side by side. See [nvm on github](https://github.com/creationix/nvm) for more details.
Using nvm is probably the easiest way to manage multiple Node versions side by side. See [nvm on GitHub](https://github.com/creationix/nvm) for more details.
### Install dependencies
@ -147,11 +147,11 @@ Dependencies are automatically kept up-to-date using [greenkeeper](http://greenk
| npm [run] build | Builds the lib (used by Travis) |
| npm run test-coverage | Runs the tests with coverage (watches for changes) |
| npm run test-once | Runs the tests once |
| npm run lint | Runs eslint |
| npm run lint | Runs ESLint |
| npm run test-coverage-once | Runs the tests once with coverage |
| npm run test-integration-linter | Runs our integration test-suite |
| npm run prettier | Automatically format the whole code-base with Prettier |
| npm run prettier-dev | Automatically compare and format modified source files against the master branch |
| npm run prettier-dev | Automatically compare and format modified source files against the master branch |
### Building
@ -169,7 +169,7 @@ We're looking to maintain coverage at 100%. Use the coverage data in the test ou
#### Assertions and testing APIs
We are using using sinon for assertions, mocks, stubs and more [see the Sinon docs for the API available](http://sinonjs.org/).
We are using using Sinon for assertions, mocks, stubs and more [see the Sinon docs for the API available](http://sinonjs.org/).
[Jest](https://facebook.github.io/jest/) is being used as a test-runner but also provides helpful tools. Please make sure you read their documentation for more details.
@ -179,7 +179,7 @@ We use [pino](https://github.com/pinojs/pino) for logging:
- By default logging is off (level is set to 'fatal') .
- Logging in tests can be enabled using an env var e.g: `LOG_LEVEL=debug jest test`
- Logging on the cli can be enabled with `--log-level [level]`.
- Logging on the CLI can be enabled with `--log-level [level]`.
### Prettier
@ -189,11 +189,11 @@ We use [Prettier](https://prettier.io/) to automatically format our JavaScript c
In a nutshell the way the linter works is to take an add-on package, extract the metadata from the xpi (zip) format and then process the files it finds through various content scanners.
We are heavily relying on [Eslint](https://eslint.org/) for JavaScript linting, [cheerio](https://github.com/cheeriojs/cheerio) for HTML parsing as well as [fluent.js](https://github.com/projectfluent/fluent.js) for parsing language packs.
We are heavily relying on [ESLint](https://eslint.org/) for JavaScript linting, [cheerio](https://github.com/cheeriojs/cheerio) for HTML parsing as well as [fluent.js](https://github.com/projectfluent/fluent.js) for parsing language packs.
### Scanners
Each file-type has a scanner. For example: CSS files use `CSSScanner`; Javascript files use `JavaScriptScanner`. Each scanner looks at relevant files and passes each file through a parser which then hands off to a set of rules that look for specific things.
Each file-type has a scanner. For example: CSS files use `CSSScanner`; JavaScript files use `JavaScriptScanner`. Each scanner looks at relevant files and passes each file through a parser which then hands off to a set of rules that look for specific things.
### Rules

90
docs/rules.md
Просмотреть файл

@ -1,6 +1,6 @@
# Linter Rules
This document is automatically published on [github pages](http://mozilla.github.io/addons-linter/). To update it edit `docs/rules.md` in the [github repo](https://github.com/mozilla/addons-linter).
This document is automatically published on [GitHub pages](http://mozilla.github.io/addons-linter/). To update it edit `docs/rules.md` in the [GitHub repo](https://github.com/mozilla/addons-linter).
Rules are sorted by severity.
@ -9,75 +9,75 @@ Rules are sorted by severity.
| Message code | Severity | Description |
| ------------------------- | -------- | ---------------------------------------------------------------- |
| `KNOWN_LIBRARY` | notice | This is version of a JS library is known and generally accepted. |
| `OPENDIALOG_NONLIT_URI` | notice | openDialog called with non-literal parameter |
| `EVENT_LISTENER_FOURTH` | notice | `addEventListener` called with truthy fourth argument |
| `UNEXPECTED_GLOGAL_ARG` | warning | Unexpected global passed as an argument |
| `NO_IMPLIED_EVAL` | warning | disallow the use of `eval()`-like methods |
| `OPENDIALOG_REMOTE_URI` | warning | openDialog called with non-local URI |
| `OPENDIALOG_NONLIT_URI` | notice | openDialog called with non-literal parameter. |
| `EVENT_LISTENER_FOURTH` | notice | `addEventListener` called with truthy fourth argument. |
| `UNEXPECTED_GLOGAL_ARG` | warning | Unexpected global passed as an argument. |
| `NO_IMPLIED_EVAL` | warning | disallow the use of `eval()`-like methods. |
| `OPENDIALOG_REMOTE_URI` | warning | openDialog called with non-local URI. |
| `NO_DOCUMENT_WRITE` | warning | Use of `document.write` strongly discouraged. |
| `JS_SYNTAX_ERROR` | warning | JavaScript compile-time error |
| `JS_SYNTAX_ERROR` | warning | JavaScript compile-time error. |
| `UNADVISED_LIBRARY` | warning | This version of a JS library is not recommended. |
| `TABS_GETSELECTED` | warning | Deprecated API tabs.getSelected |
| `TABS_SENDREQUEST` | warning | Deprecated API tabs.sendRequest |
| `TABS_GETALLINWINDOW` | warning | Deprecated API tabs.getAllInWindow |
| `TABS_ONSELECTIONCHANGED` | warning | Deprecated API tabs.onSelectionChanged |
| `TABS_ONACTIVECHANGED` | warning | Deprecated API tabs.onActiveChanged |
| `EXT_SENDREQUEST` | warning | Deprecated API extension.sendRequest |
| `EXT_ONREQUESTEXTERNAL` | warning | Deprecated API extension.onRequestExternal |
| `EXT_ONREQUEST` | warning | Deprecated API extension.onRequest |
| `APP_GETDETAILS` | warning | Deprecated API app.getDetails |
| `STORAGE_LOCAL` | warning | Temporary IDs can cause issues with storage.local |
| `STORAGE_SYNC` | warning | Temporary IDs can cause issues with storage.sync |
| `IDENTITY_GETREDIRECTURL` | warning | Temporary IDs can cause issues with identity.getRedirectURL |
| `TABS_GETSELECTED` | warning | Deprecated API `tabs.getSelected`. |
| `TABS_SENDREQUEST` | warning | Deprecated API `tabs.sendRequest`. |
| `TABS_GETALLINWINDOW` | warning | Deprecated API `tabs.getAllInWindow`. |
| `TABS_ONSELECTIONCHANGED` | warning | Deprecated API `tabs.onSelectionChanged`. |
| `TABS_ONACTIVECHANGED` | warning | Deprecated API `tabs.onActiveChanged`. |
| `EXT_SENDREQUEST` | warning | Deprecated API `extension.sendRequest`. |
| `EXT_ONREQUESTEXTERNAL` | warning | Deprecated API `extension.onRequestExternal`. |
| `EXT_ONREQUEST` | warning | Deprecated API `extension.onRequest`. |
| `APP_GETDETAILS` | warning | Deprecated API `app.getDetails`. |
| `STORAGE_LOCAL` | warning | Temporary IDs can cause issues with `storage.local`. |
| `STORAGE_SYNC` | warning | Temporary IDs can cause issues with `storage.sync`. |
| `IDENTITY_GETREDIRECTURL` | warning | Temporary IDs can cause issues with `identity.getRedirectURL`. |
| `BANNED_LIBRARY` | error | This version of a JS library is banned for security reasons. |
## Markup
### CSS
| Message code | Severity | Description |
| -------------------------- | -------- | ---------------------------------- |
| `CSS_SYNTAX_ERROR` | error | A CSS syntax error was detected |
| `INVALID_SELECTOR_NESTING` | error | CSS selectors should not be nested |
| Message code | Severity | Description |
| -------------------------- | -------- | ----------------------------------- |
| `CSS_SYNTAX_ERROR` | error | A CSS syntax error was detected. |
| `INVALID_SELECTOR_NESTING` | error | CSS selectors should not be nested. |
### HTML
| Message code | Severity | Description |
| --------------- | -------- | ----------------------------------------------------- |
| `INLINE_SCRIPT` | warning | Inline script is disallowed by CSP |
| `REMOTE_SCRIPT` | warning | Remote scripts are not allowed as per Add-on Policies |
| Message code | Severity | Description |
| --------------- | -------- | ------------------------------------------------------ |
| `INLINE_SCRIPT` | warning | Inline script is disallowed by CSP. |
| `REMOTE_SCRIPT` | warning | Remote scripts are not allowed as per Add-on Policies. |
## Content
| Message code | Severity | Description |
| -------------- | -------- | ---------------------- |
| `HIDDEN_FILE` | warning | Hidden file flagged |
| `FLAGGED_FILE` | warning | Flagged filename found |
| `HIDDEN_FILE` | warning | Hidden file flagged. |
| `FLAGGED_FILE` | warning | Flagged filename found. |
## Package layout
| Message code | Severity | Description |
| -------------------------- | -------- | -------------------------------------------------- |
| `MOZILLA_COND_OF_USE` | notice | Mozilla conditions of use violation |
| `FLAGGED_FILE_TYPE` | notice | (Binary) Flagged file type found |
| `FLAGGED_FILE_EXTENSION` | warning | Flagged file extensions found |
| `DUPLICATE_XPI_ENTRY` | warning | Package contains duplicate entries |
| `ALREADY_SIGNED` | warning | Already signed |
| `COINMINER_USAGE_DETECTED` | warning | Firefox add-ons are not allowed to run coin miners |
| `BAD_ZIPFILE` | error | Bad zip file |
| `FILE_TOO_LARGE` | error | File is too large to parse |
| Message code | Severity | Description |
| -------------------------- | -------- | --------------------------------------------------- |
| `MOZILLA_COND_OF_USE` | notice | Mozilla conditions of use violation. |
| `FLAGGED_FILE_TYPE` | notice | (Binary) Flagged file type found. |
| `FLAGGED_FILE_EXTENSION` | warning | Flagged file extensions found |
| `DUPLICATE_XPI_ENTRY` | warning | Package contains duplicate entries |
| `ALREADY_SIGNED` | warning | Already signed |
| `COINMINER_USAGE_DETECTED` | warning | Firefox add-ons are not allowed to run coin miners. |
| `BAD_ZIPFILE` | error | Bad zip file |
| `FILE_TOO_LARGE` | error | File is too large to parse |
## Type detection
| Message code | Severity | Description |
| ----------------------- | -------- | ----------------------------------------------- |
| `TYPE_NO_MANIFEST_JSON` | notice | Add-on missing manifest_json for type detection |
| Message code | Severity | Description |
| ----------------------- | -------- | ------------------------------------------------ |
| `TYPE_NO_MANIFEST_JSON` | notice | Add-on missing manifest_json for type detection. |
## Language packs
| Message code | Severity | Description |
| -------------- | -------- | ---------------------------- |
| FLUENT_INVALID | warning | Invalid fluent template file |
| Message code | Severity | Description |
| -------------- | -------- | --------------------------- |
| FLUENT_INVALID | warning | Invalid fluent template file. |
## Web Extensions / manifest.json

10
docs/types.md
Просмотреть файл

@ -1,6 +1,6 @@
# Add-on Type Support [DRAFT]
Going forward the amo-validator will continue to be the linter for legacy addo-ns. This document lists what types of addons the addon-linter will support and provides somde details as to the scope of the features needed.
Going forward the amo-validator will continue to be the linter for legacy add-ons. This document lists what types of add-ons the addon-linter will support and provides some details as to the scope of the features needed.
- Web Extensions
- Dictionaries
@ -11,10 +11,10 @@ Going forward the amo-validator will continue to be the linter for legacy addo-n
Required features for linting:
- Validation of the `manifest.json`. Swtich to JSON scheme for this.
- Validation of the `manifest.json`. Switch to JSON scheme for this.
- Look into rules for to guard against inadvertent privilege escalation holes. This type of issue would come from a site exploiting an extension.
- js validation of content scripts (Rules need TBD)
- Flag un-approved libs based on file name that match libs
- Flag unapproved libs based on file name that match libs
- Skip JS linting on libs that match the approved list.
- Rules for specific APIs.
@ -39,10 +39,10 @@ Docs: https://developer.mozilla.org/docs/Creating_a_spell_check_dictionary_add-o
Docs appear to be a bit thin on the ground for these. They need looking into further and we should look at the existing rules.
## Search Addons
## Search Add-ons
What's needed?
- Validation of the opensearch xml
- Validation of the opensearch XML
Old code is here https://github.com/mozilla/amo-validator/blob/master/validator/opensearch.py