forked from wertarbyte/https-everywhere
/
trivial-validate
executable file
·146 lines (130 loc) · 2.83 KB
/
trivial-validate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#!/bin/sh
# This is a shell script that looks for common problems and typos in rules.
[ -n "$1" ] && cd "$1"
if ! cat *.xml >/dev/null 2>/dev/null
then
echo There are no readable XML files in the current or specified directory.
echo Run this script inside a directory containing XML rule files or else
echo specify such a directory on the command line. E.g.,
echo
echo "$0" src/chrome/content/rules
exit 2
fi
fail=false
echo "-- Rules not anchored to beginning of a line:"
if grep from= *.xml | cut -d\" -f2 | grep '^[^^]'
then
fail=true
else
echo "(None.)"
fi
echo
echo "-- Rules with unescaped dots outside of brackets and left of a slash:"
if grep from= *.xml | cut -d\" -f2 | sed 's/\[[^]]*\]//g' | egrep 'http.?.?://[^/]*[^\]\.[^*]'
then
fail=true
else
echo "(None.)"
fi
echo
echo "-- Rules not containing trailing slash in from pattern:"
if grep from= *.xml | cut -d\" -f2 | grep -v '//.*/'
then
fail=true
else
echo "(None.)"
fi
echo
echo "-- Rules not containing trailing slash in to pattern:"
if grep 'to="' *xml | sed 's/^.*to="//' | sed 's/\".*$//' | grep -v '//.*/'
then
fail=true
else
echo "(None.)"
fi
echo
echo "-- Rules with missing closing slash in rule XML tag:"
if grep to= *xml | grep '[^/]>'
then
fail=true
else
echo "(None.)"
fi
echo
echo "-- Rules with multiple wildcards in a single target rule:"
if grep 'target host="' *xml | grep '\*.*\*'
then
fail=true
else
echo "(None.)"
fi
echo
echo "-- Rules with targets containing URLs/paths instead of hostnames:"
if grep 'target host="' *xml | egrep '="[^"]*/'
then
fail=true
else
echo "(None.)"
fi
echo
echo "-- Rules redirecting to http in to pattern:"
if grep 'to="' *xml | sed 's/^.*to="//' | sed 's/\".*$//' | grep '^http:'
then
fail=true
else
echo "(None.)"
fi
echo
if [ $(which xmllint) ]
then
echo "-- Rules with syntatically invalid XML:"
none=true
for rule in *.xml
do
xmllint "$rule" >/dev/null 2>&1 || { echo $rule; none=false; fail=true; }
done
$none && echo "(None.)"
else
echo "-- Could not check XML validity because xmllint not found."
fi
echo
echo "-- Rules containing non-ASCII characters (possible homoglyph attacks):"
none=true
for i in *.xml
do
if egrep '(from|to)=' "$i" | tr -d '[:print:][:space:]' | grep . >/dev/null
then
echo "$i contains non-ASCII character(s)."
none=false
#fail=true
echo "(not exiting)"
fi
done
$none && echo "(None.)"
echo
echo "--- Rules that lack at least one valid <target> tag:"
none=true
for i in *.xml
do
if ! egrep '<target .*host=".*/>' "$i" >/dev/null
then
echo $i
none=false
fail=true
fi
done
$none && echo "(None.)"
echo
echo "--- Duplicated ruleset names:"
if cat *.xml | grep 'ruleset name' | cut -d\" -f2 | sort | uniq -d | grep .
then
fail=true
else
echo "(None.)"
fi
if $fail
then
exit 1
else
exit 0
fi