-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Static Themes] Unsupported image formats are not detected by the linter at static theme submission #2051
Comments
From #2243 (comment)
|
@rpl hi - would you have the bandwidth to help out with this? |
@rpl Hi, I guess this can be tested when a new linter version will be released. Do you know when this is going to happen? |
@AlexandraMoga I just created a new release 1.4.0 and the new version should be available on npm pretty soon, I briefly chatted about this with @eviljeff over IRC and you should be able to test the new linting rules once the new addons-linter release is going to be part of the next deploy. |
addons-linter has been updated on addons-server, so it's available on -dev. |
I have tried various static theme submissions, both valid and invalid and the linter was triggering the expected validation results: [1] error thrown for missing background images, wrong or missing extensions Should we worry about unnecessary files - i.e. a Here is an example: |
Because of the add-on type, Firefox won't run any JS files, so any attack should be fruitless. However, if people are trying to upload malicious themes, it's best that we know or don't allow it. So, I agree that they should be detected. |
I have filed #2282 as a follow up and I will mark this issue as verified fixed on AMo -dev with FF63, Win10x64 |
STR:
'images'
in your manifest - i.e. a.tif
fileActual result:
There are no errors generated when a static theme package contains an unsupported image format
Expected result:
The linter should detect when an image format doesn't match the static theme requirements specified in the guideline - ST guideline
Notes:
Rev Tools
https://reviewers.addons-dev.allizom.org/en-US/reviewers/review/st-theme-zip-a
Listing page
https://addons-dev.allizom.org/en-US/firefox/addon/st-theme-zip-a/
The text was updated successfully, but these errors were encountered: