This PR introduces a new `MANIFEST_THEME_LWT_ALIAS` rule, which is meant to warn the static themes authors of the incoming deprecation of the LWT alias properties.
In this PR this rule is currently considered a warning, which should be turned into an error once we want to prevent new theme submission from using this LWT aliases.
Fixes#1493
This is a first attempt at integrating the browser-compat-data from the MDN compatibility tables with the linter.
It currently checks for manifest keys, permissions and APIs to be supported by the given `strict_min_version` in the manifest for both Firefox and Firefox for Android. All produced messages are warnings. However, no warning is shown if Firefox or Firefox for Android do not implement an API and that is documented in the compat data. This is to avoid a lot of Firefox for Android spam, plus the totally unsupported APIs should be caught by the schemas.
I'm not quite happy with the amount of duplication of logic, even though it's subtly different for all cases, so improvement suggestions welcome! Further I'll happily add more tests, these are just the ones I could come up with.
* add browser_specific_settings as alias for applications in manifest
* .browser_specific_settings takes preference over .applications
* have browser_specific_settings override only if .gecko exists
* Manifest's applications key overridden with browser_specific_settings after schema validation
_getSourceType was not walking the whole AST, so it would only detect
import/export statements if they were the first in the file. This fixes
the recursion to walk the whole AST.
* Add support for es6 modules.
Fixes#1775
This parses JavaScript files and tries to figure out their sourceType
from how the AST is structured.
We default to `module` but if there are syntax errors fall back to
`script`. We do not read the `<script type="module"` part of HTML files
anymore.
* Fix guid
This patch adds a new integration test suite, which runs on both travis and appveyor in an
npm "production"-like environment (to be able to catch the kind of issues/regressions that
a regular user may experience by installing the npm package globally.
* Switch on tests for node 10, drop node 6 support. Version 1.0.0
* Updates package-lock.json
* Updates yarn.lock
* Update appveyor to run on node 10 too
* Fix sinon deprecation warning
* Fix fs.exists call without callback
Fixes#1257
* Fix absent content script detection.
Fixes#1902
This essentially always tries to resolve the `file` based on `dirname`
but properly normalizes absolute paths.
I hope this fixes most of the edge-cases we've seen.
* Don't validate relative files, add and update tests
* Spelling
* Simplify the code a bit
* Fix eslint, remove unused dirname
* Move existing file name normalizing to create
* Simplify tests a bit
* Improve docs a bit
* Fix eslint
* Remove explicit property linting from messages.json parsing.
Fixes#1918
* Detect i18nPlaceholder and i18nMessage again but don't validate
* Add test for empty message
* More tests, allow empty message name
* Remove unused if branch
* Refactor ftl parsing to use fluent-syntax.
This now got rebased to fluent-syntax 0.6.5 which re-adds node 6 LTS
compatibility.
Fixes#1789
* Use upstream lineOffset and columnOffset
* Implement static theme support.
* Adds initial support to lint and detect static themes
* Adds additional property validation on top of regular schema validation
Fixes#1587
* Simplify selection of correct validator
* Fix eslint issues
* Fix nits, add comment, move isStaticTheme to the constructor
* Add some more valid color variations
* refactors scanners test files until test.filename.js
* refactors rest of the files in test scanners folder
* converts expect.toBeTruthy into sinon assertions
* fixes additional test
* moves spyes back to the beginning of the tests
* fixes wrong test
Fixes#1666
This adds a parser for messages.json files. The parser is called from the JSON scanner. It has a JSON schema for the messages.json files, which is currently just in the schema's directory, since it is neither imported nor a patch of an existing schema. I'm pretty sure that's not where it should be, though.
It also warns about missing placeholders and when using reserved message names (which are potentially inaccessible).
I think the naming regexp as it is documented is not enforced like this by Firefox, so it may be demoted to a warning, since the extension will still work, even with characters other than [A-Za-Z0-9_@] in message names. I don't know about placeholders, not something I have violated myself.
The errors are kind of annoying currently, since you have no position or reference to which message they happen at. I haven't really found precedent for how to handle that though.
And lastly, the documentation links should probably be shortened, so they're actually clickable.
* Rules for messages.json
* Add lowercase handling and add locale perfix for messages.json
* Add test for getLowercasePlaceholders when there are no placeholders
* refactors manifestjson.js
* changes arg names in validateIcon function
* renames args and groups tests for validateIcon function
* adds log.debug to validateIcon and changes icon32 to icon33 in the size mismatch test
* changes debug message
* Initial attempt to warn about coin miners.
This does not attempt to detect all of them but primarily focuses on
detecting CoinHive for now.
There's a whole bunch to explore and block when looking at NoCoin but
I'd rather see how many false positives we get in the real world with
this code first.
Fixes#1643 but might need a few follow up issues to add more miners.
* Fix eslint for coinminer fixtures
* Remove urls from blocklist
* Fix tests
* Fix typo in fixture filename
* Add docs
* Fix filename blocklist, update tests to add more coverage.
* refactors test.directory.js in tests/io folder
* moves function readStringFromStream outside of the test function
* changes try/catch block to rejects.toThrow
* adds readStringFromStream to helpers.js
* adds resolves.toBe method
This patch fix some incompatibilities of the test suite with recent Jest versions.
In particular:
- Jest doesn't accept a directory parameter anymore (a regex that match a group of test or a single test file is accepted instead)
- Some of the unit tests are implicitly using getConfig (exported by the cli.js module), which is parsing the process.argv array with yargs, unfortunately process.argv is controlled by jest when the tests are running and so some of the tests are failing (exiting with 1 as exit value and no message printed in the console) when running alone, and get stuck when running with a group of other tests.
This patch introduces the set of changes needed to fix the second issue, which prepare the test suite to be able to complete successfully on the updated Jest releases.
* adds babel support for async/await with transpilation to ES2015 generators for backward compatibility with node 6 + working example of function converted to async/await syntax in linter.js
* rewrites run, scan, scanFile, getAddonMetadata and extractMetadata functions
* refactors the rest of the promises in linter.js
* fixes comments from second of review
* reverts unnecessary chahges from third round of review
* adds content script files existance validator, when files requested as a static string from js code
* fixes tests
* adds tests for new eslint rule
* fixes linter errors
* updates validation rule to match only static strings in file property of options object in executeScript call
* updates content_scripts_file_absent validator according to the comments in PR, adds some tests
* removes yarn.lock
* updates if conditions in content_scripts_file_absent validator, refactors test suites
* reduces nesting in the validator code, removes eslint exceptions and merges similar tests into one
* adds additional validation if browser.tabs.executeScript actually a call and test for it, plus minor comments to tests
Fixes#1640
* Block specific content script match patterns.
Fixes#1650
* shorten code a bit
* even shorter code :-/
* Add docs to rules
* Fix build, update yarn
* update message and description
* ...
* Fix test
* fixes#1590 for scripts/css files declared in manifest.json
* reverts background script related changes and adds more specific error description for missing content scripts files
Fixes#6806
* icon size and format functions did not open the correct file
directly from the XPI
* tests didn't use the actual test-fixtures
and thus validated the wrong thing
* file path was not correctly fowarded to warning
This was a regression from #1581 and #1558
Fixes#1526
* Adds `.properties` and `.doctype` parsers for potential completeness tests or at least very basic validation if those files look fine
* Once all language packs moved to FTL we can drop them
* Adds a new `validateLangPack` validator, rewrites a few schemas to now explicitly grab the correct validator type (webext/langpack)
* Adds a new command line option that explicitly switches the mode to langpack and verifies against `#/types/WebExtensionLangpackManifest` instead of `WebExtensionManifest`
* Added support for FTL files, they are the first ones to throw proper warnings, yeay!
it's not 100% complete, it adds basic validation against the schema but doesn't do anything with the actual l10n files yet. That'll come in another iteration
* Added Sharp as a dependency
* Added an error message to manifestjson.js
* Added getImageMetadata function
* Added check to throw warning for corrupted images
* Added rule to rules.md
* Fixes Tests and Linting errors
* Modified tests, Added default svg and png files
* Fixed tests
* Shifted to metadata function for detecting corrupt files
* Fixed tests
* Added Test
* Added comma
* Added tests to validate width and height of image
* Fixed Tests
* Added Tests
* Added test to check if image size is correct
* Added path parameter to test
* Fixed typos
* Added default corrupted file
* Fixed linting errors
* Shifted validateIcon image to a promise
* Fixed tests and linting errors
* Fixed test
* Added icons to webextension.zip
Fixes#1328
* Added check to make sure icon has a valid extension
* Added rule in rules.md
* Added new extensions
* Changed comparision logic to lowercase
* Added test
* Removed extra padding
* Shifted from sprintf
* Added new icon in tests with correct extension
* Changed content of message
* Removed legacyCode parameter
* Changed content of test message
* First version of detecting minified code.
Fixes#1323
* Update comment
* Add source map detection
* Rename property, add test for no-nl code, add docs
* Fix typo
* Fix tests to always read a string instead of a buffer to match what getFileAsString does.
* Fix huge line detection, add minified but > 20% indented test.
This reverts commit 7dc81ce726, reversing
changes made to 92cdd8c6ec.
This adds the same fix to invalidate '0.1.12dev-cb31c51' and '4.1.1dev-abcdef1' though.
Might need another follow-up to (partially) fix mentioned issues from #1439 or #1172.
* Don't check badwords on binary files such as PNGs.
Fixes#1504
* Split up tests and add test that makes sure that js libs are also not matched.
* Use jquery 3.2.1
* Sync lockfile
* Add and setup amo eslint config
* Use Array.prototype.some instead of loop
* Make test command compare with addons-frontend
* Update README to refer to yarn over npm
* Flag Mozilla conditions of use violation.
Fixes#1285
* Performance optimization: initialize regex only once.
This also forwards _console and silents test output.
* Don't match on empty strings
* Fix comment
* Refactor badwords matching to be more performant and simpler.
* Remove trim
* First take on #1298 , parse and validate CSP rules more properly.
This needs much more test-values, best from real-life add-ons.
* Add a few more tests
* Fix parseCspPolicy tests
* Update message a bit
* Make sure other rules like style-src are unaffected
* Move url validation inside try/catch block
* Generally avoid loading anything from a host
* Refactor parsing logic a bit to be more explicit with host matches.
* Add two more invalid values
* Add one more invalid example
* Be a bit less strict, there are a few scenarios that we might not be able to match properly...
* More bugfixes, don't match plain host names for now
* Refactor matching again to properly match all crappy things...
* Small cleanups
* More tests, lint worker-src too, forbid unsafe-eval.
* Forbid unsafe-inline too
* Fix tests
* Update message
* re-add unsafe-eval and unsafe-inline based on @wagnerand request.
Fixes#1298
Christopher Grebs
Luca Greco
Mathieu Pillard
Andreas Wagner
Martin Giger
greenkeeper[bot]
Peter Simonyi
Mathieu Pillard
Linus Unnebäck
Natalia Milovanova
Mark Striemer
Hiroyuki Ikezoe
pardeep
Ravneet
Milovanova Natalia
Mark Striemer
asamuzaK (Kazz)
asamuzaK (Kazz)
pardeepshokeen
Andy McKay
Hemanth Kumar Veeranki
Stuart Colville