Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add validation of update mirror urls #17310

Draft
wants to merge 7 commits into
base: master
Choose a base branch
from

Conversation

christopherpross
Copy link

@christopherpross christopherpross commented Oct 20, 2024

Link to issue number:

#17205

Summary of the issue:

Users could configure an invalid update mirror URL, which would only be discovered when attempting to check for updates. This PR implements a validation mechanism that ensures the specified update mirror is valid before allowing it to be set in the settings.

Description of user facing changes

A new validation process has been added when setting an update mirror URL in NVDA's settings. Users will now receive feedback if the URL they provide is not a valid update mirror. The "Test" button in the settings will now ensure that the mirror responds with the expected format, preventing invalid configurations.

Description of development approach

  • Refactored parsing logic for update responses into a new function: parseUpdateCheckResponse.
  • Defined the minimum schema for an update mirror response based on the following required keys:
    • version
    • launcherUrl
    • apiVersion
  • Implemented a new function _isResponseUpdateMirrorValid in settingsDialogs.py, which calls parseUpdateCheckResponse to validate the mirror's response.
  • Added _isResponseUpdateMirrorValid as the responseValidator in the _SetURLDialog for update mirrors.

Testing strategy:

  • Ran NVDA from source.
  • Ensured the update mirror URL was set to "no Mirror".
  • Test 1: Set the URL to "https://www.nvaccess.org/nvdaUpdateCheck".
    • Pressed the "Test" button and verified that the URL was marked as valid.
  • Test 2: Set the URL to "https://google.de".
    • Pressed the "Test" button and verified that the URL was marked as invalid.
  • Test 3: Set the URL to "https://github.com".
    • Pressed the "Test" button and verified that the URL was marked as invalid.
  • Test 4: Set the URL to the Chinese NVDA Community Update Mirror (https://nvaccess.mirror.nvdadr.com/nvdaUpdateCheck).
    • Verified that this URL was marked as valid.
  • Additional tests with random strings to ensure that invalid URLs are correctly marked as invalid.

Known issues with pull request:

No known issues.

Code Review Checklist:

  • Documentation:
    • Change log entry
    • User Documentation
    • Developer / Technical Documentation
    • Context sensitive help for GUI changes
  • Testing:
    • Unit tests
    • System (end to end) tests
    • Manual testing
  • UX of all users considered:
    • Speech
    • Braille
    • Low Vision
    • Different web browsers
    • Localization in other languages / culture than English
  • API is compatible with existing add-ons.
  • Security precautions taken.

@coderabbitai summary

@christopherpross christopherpross marked this pull request as ready for review October 20, 2024 11:34
@christopherpross christopherpross requested a review from a team as a code owner October 20, 2024 11:34
source/updateCheck.py Outdated Show resolved Hide resolved
Co-authored-by: Sean Budd <seanbudd123@gmail.com>
@seanbudd seanbudd added the conceptApproved Similar 'triaged' for issues, PR accepted in theory, implementation needs review. label Oct 21, 2024
Copy link
Member

@SaschaCowley SaschaCowley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @christopherpross. A couple of minor adjustments, plus I think you may have forgotten to push the schema validation.

user_docs/en/changes.md Outdated Show resolved Hide resolved
Comment on lines +5602 to +5605
if not response.ok:
return False

responseContent = response.text
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

response is necessarily OK, as testing fails before running the validator for any status other than 200.

Suggested change
if not response.ok:
return False
responseContent = response.text
responseContent = response.text

@@ -5595,3 +5596,18 @@ def _isResponseAddonStoreCacheHash(response: requests.Response) -> bool:
# While the NV Access Add-on Store cache hash is a git commit hash as a string, other implementations may use a different format.
# Therefore, we only check if the data is a non-empty string.
return isinstance(data, str) and bool(data)


def _isResponseUpdateMirrorValid(response: requests.Response) -> bool:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In your PR description, you say:

  • Defined the minimum schema for an update mirror response based on the following required keys:
    • version
    • launcherUrl
    • apiVersion

However it doesn't seem that you have implemented this in _isResponseUpdateMirrorValid or anywhere else. Am I missing something?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SaschaCowley Hey, sorry I see. While merging, there is a change not applied. So this is lost. In the next few days, I will fix that. Sorry for the inconvinience.

Comment on lines +212 to +213
data = res.text
info = parseUpdateCheckResponse(data)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
data = res.text
info = parseUpdateCheckResponse(data)
info = parseUpdateCheckResponse(res.text)

Co-authored-by: Sascha Cowley <16543535+SaschaCowley@users.noreply.github.com>
@seanbudd seanbudd marked this pull request as draft November 4, 2024 01:05
@seanbudd
Copy link
Member

seanbudd commented Dec 2, 2024

Hi @christopherpross - just confirming you've seen Sascha's review and intend to still work on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
conceptApproved Similar 'triaged' for issues, PR accepted in theory, implementation needs review.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants