Skip to content

Commit

Permalink
Change: qod to check for value enclosed in double quotes
Browse files Browse the repository at this point in the history
  • Loading branch information
@NiklasHargarter @mbrinkhoff
NiklasHargarter authored and mbrinkhoff committed Sep 12, 2024
1 parent 79a0ba2 commit 6d2c8d4
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 37 deletions.
26 changes: 12 additions & 14 deletions tests/plugins/test_qod.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ class CheckQodTestCase(PluginTestCase):
nasl_file = Path("some/file.nasl")

def test_ok_qod_num(self):
content = ' script_tag(name:"qod", value:97);\n'
content = ' script_tag(name:"qod", value:"97");\n'
fake_context = self.create_file_plugin_context(
nasl_file=self.nasl_file, file_content=content
)
Expand Down Expand Up @@ -75,7 +75,7 @@ def test_missing_qod(self):
def test_too_many_qod(self):
content = (
' script_tag(name:"qod_type", value:"exploit");\n'
' script_tag(name:"qod", value:97);\n'
' script_tag(name:"qod", value:"97");\n'
)
fake_context = self.create_file_plugin_context(
nasl_file=self.nasl_file, file_content=content
Expand All @@ -87,7 +87,7 @@ def test_too_many_qod(self):
self.assertEqual(len(results), 1)
self.assertEqual("VT contains multiple QoD values", results[0].message)

def test_wrong_qod_num_str(self):
def test_wrong_qod_num(self):
content = ' script_tag(name:"qod", value:"foo");\n'
fake_context = self.create_file_plugin_context(
nasl_file=self.nasl_file, file_content=content
Expand All @@ -98,14 +98,14 @@ def test_wrong_qod_num_str(self):

self.assertEqual(len(results), 1)
self.assertEqual(
'script_tag(name:"qod", value:"foo");: \'foo\' is an invalid QoD'
" number value. Allowed are"
'Invalid QOD value \'foo\' in script_tag(name:"qod", value:"foo");.'
" Allowed are"
f" {', '.join(str(x) for x in VALID_QOD_NUM_VALUES)}",
results[0].message,
)

def test_wrong_qod_num_int(self):
content = ' script_tag(name:"qod", value:2);\n'
def test_wrong_qod_type(self):
content = ' script_tag(name:"qod_type", value:"foo");\n'
fake_context = self.create_file_plugin_context(
nasl_file=self.nasl_file, file_content=content
)
Expand All @@ -115,14 +115,13 @@ def test_wrong_qod_num_int(self):

self.assertEqual(len(results), 1)
self.assertEqual(
"script_tag(name:\"qod\", value:2);: '2' is an invalid QoD"
" number value. Allowed are"
f" {', '.join(str(x) for x in VALID_QOD_NUM_VALUES)}",
'script_tag(name:"qod_type", value:"foo");: \'foo\' is an invalid'
f" QoD type. Allowed are {', '.join(VALID_QOD_TYPES)}",
results[0].message,
)

def test_wrong_qod_type(self):
content = ' script_tag(name:"qod_type", value:"foo");\n'
def test_improper_quotes(self):
content = ' script_tag(name:"qod", value:97);\n'
fake_context = self.create_file_plugin_context(
nasl_file=self.nasl_file, file_content=content
)
Expand All @@ -132,7 +131,6 @@ def test_wrong_qod_type(self):

self.assertEqual(len(results), 1)
self.assertEqual(
'script_tag(name:"qod_type", value:"foo");: \'foo\' is an invalid'
f" QoD type. Allowed are {', '.join(VALID_QOD_TYPES)}",
'QOD value not properly enclosed in double quotes in script_tag(name:"qod", value:97);',
results[0].message,
)
56 changes: 33 additions & 23 deletions troubadix/plugins/qod.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,23 +15,24 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

import re
from typing import Iterator

from troubadix.helper.patterns import ScriptTag, get_script_tag_pattern
from troubadix.plugin import FilePlugin, LinterError, LinterResult

VALID_QOD_NUM_VALUES = [
1,
30,
50,
70,
75,
80,
95,
97,
98,
99,
100,
"1",
"30",
"50",
"70",
"75",
"80",
"95",
"97",
"98",
"99",
"100",
]

VALID_QOD_TYPES = [
Expand All @@ -51,6 +52,12 @@
"package_unreliable",
]

# needed due to script_tag_pattern value not including the quotes
QOD_WITH_QUOTES_PATTERN = re.compile(
r'script_tag\(\s*name\s*:\s*(?P<quote>[\'"])qod(?P=quote)\s*,'
r'\s*value\s*:\s*(?P<value_with_quotes>[\'"]?(?P<value>.+?)[\'"]?)\s*\)\s*;'
)


class CheckQod(FilePlugin):
name = "check_qod"
Expand All @@ -68,10 +75,9 @@ def run(self) -> Iterator[LinterResult]:
if "# troubadix: disable=template_nd_test_files_fps" in file_content:
return

qod_pattern = get_script_tag_pattern(ScriptTag.QOD)
qod_type_pattern = get_script_tag_pattern(ScriptTag.QOD_TYPE)

match_qod = list(qod_pattern.finditer(file_content))
match_qod = list(QOD_WITH_QUOTES_PATTERN.finditer(file_content))
match_qod_type = list(qod_type_pattern.finditer(file_content))

num_matches = len(match_qod) + len(match_qod_type)
Expand All @@ -89,21 +95,25 @@ def run(self) -> Iterator[LinterResult]:
)

for match in match_qod:
try:
qod = int(match.group("value"))
if qod not in VALID_QOD_NUM_VALUES:
full_match = match.group(0)
full_value = match.group("value_with_quotes")
value = match.group("value")

# Check if the value is enclosed in double quotes
if full_value.startswith('"') and full_value.endswith('"'):

# Compare against valid values
if value not in VALID_QOD_NUM_VALUES:
yield LinterError(
f"{match.group(0)}: '{qod}' is an invalid QoD number"
" value. Allowed are"
f" {', '.join(str(x) for x in VALID_QOD_NUM_VALUES)}",
f"Invalid QOD value '{value}' in {full_match}."
" Allowed are"
f" {', '.join(x for x in VALID_QOD_NUM_VALUES)}",
file=self.context.nasl_file,
plugin=self.name,
)
except ValueError:
else:
yield LinterError(
f"{match.group(0)}: '{match.group('value')}' is an invalid"
" QoD number value. Allowed are"
f" {', '.join(str(x) for x in VALID_QOD_NUM_VALUES)}",
f"QOD value not properly enclosed in double quotes in {full_match}",
file=self.context.nasl_file,
plugin=self.name,
)
Expand Down

0 comments on commit 6d2c8d4

Please sign in to comment.