-
-
Notifications
You must be signed in to change notification settings - Fork 646
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add validation of update mirror urls #17310
base: master
Are you sure you want to change the base?
Conversation
…unction (nvaccess#17205) Moved the logic for parsing update check responses into a new function `parseUpdateCheckResponse`.
Co-authored-by: Sean Budd <seanbudd123@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @christopherpross. A couple of minor adjustments, plus I think you may have forgotten to push the schema validation.
if not response.ok: | ||
return False | ||
|
||
responseContent = response.text |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
response
is necessarily OK, as testing fails before running the validator for any status other than 200.
if not response.ok: | |
return False | |
responseContent = response.text | |
responseContent = response.text |
@@ -5595,3 +5596,18 @@ def _isResponseAddonStoreCacheHash(response: requests.Response) -> bool: | |||
# While the NV Access Add-on Store cache hash is a git commit hash as a string, other implementations may use a different format. | |||
# Therefore, we only check if the data is a non-empty string. | |||
return isinstance(data, str) and bool(data) | |||
|
|||
|
|||
def _isResponseUpdateMirrorValid(response: requests.Response) -> bool: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In your PR description, you say:
- Defined the minimum schema for an update mirror response based on the following required keys:
version
launcherUrl
apiVersion
However it doesn't seem that you have implemented this in _isResponseUpdateMirrorValid
or anywhere else. Am I missing something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@SaschaCowley Hey, sorry I see. While merging, there is a change not applied. So this is lost. In the next few days, I will fix that. Sorry for the inconvinience.
data = res.text | ||
info = parseUpdateCheckResponse(data) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
data = res.text | |
info = parseUpdateCheckResponse(data) | |
info = parseUpdateCheckResponse(res.text) |
Co-authored-by: Sascha Cowley <16543535+SaschaCowley@users.noreply.github.com>
Hi @christopherpross - just confirming you've seen Sascha's review and intend to still work on this? |
Link to issue number:
#17205
Summary of the issue:
Users could configure an invalid update mirror URL, which would only be discovered when attempting to check for updates. This PR implements a validation mechanism that ensures the specified update mirror is valid before allowing it to be set in the settings.
Description of user facing changes
A new validation process has been added when setting an update mirror URL in NVDA's settings. Users will now receive feedback if the URL they provide is not a valid update mirror. The "Test" button in the settings will now ensure that the mirror responds with the expected format, preventing invalid configurations.
Description of development approach
parseUpdateCheckResponse
.version
launcherUrl
apiVersion
_isResponseUpdateMirrorValid
insettingsDialogs.py
, which callsparseUpdateCheckResponse
to validate the mirror's response._isResponseUpdateMirrorValid
as theresponseValidator
in the_SetURLDialog
for update mirrors.Testing strategy:
Known issues with pull request:
No known issues.
Code Review Checklist:
@coderabbitai summary