SchildiChat-android/tools/check/forbidden_strings_in_code.txt
Benoit Marty 6ac88a9420 Add a check on suspicious string template.
Especially we want to ensure that the app does not log unexpected content.
2022-08-16 16:05:40 +02:00

190 lines
5.2 KiB
Text
Executable file

#
# Copyright 2018 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file list String which are not allowed in source code.
# Use Perl regex to write forbidden strings
# Note: line cannot start with a space. Use \s instead.
# It is possible to specify an authorized number of occurrence with === suffix. Default is 0
# Example:
# AuthorizedStringThreeTimes===3
# Extension:java
# Extension:kt
# Use new SecureLinearLayoutManager
# DISABLED
#new LinearLayoutManager
### No import static: use full class name
import static
### Rubbish from merge. Please delete those lines (sometimes in comment)
<<<<<<<
>>>>>>>
### carry return before "}". Please remove empty lines.
\n\s*\n\s*\}
### typo detected.
formated
abtract
Succes[^s]
succes[^s]
### Please insert line break. ex: .flatMap() not at new line
\}\)\.[\w]
### Use int instead of Integer
protected Integer
### Use the interface declaration. Example: use type "Map" instead of type "HashMap" to declare variable or parameter. For Kotlin, use mapOf, setOf, ...
(private|public|protected| ) (static )?(final )?(HashMap|HashSet|ArrayList)<
### Use int instead of short
Short\.parseShort
\(short\)
private short
final short
### Line length is limited to 160 chars. Please split long lines
#[^─]{161}
### "DO NOT COMMIT" has been committed
DO NOT COMMIT
### invalid formatting
\s{8}/\*\n \*
# Now checked by ktlint
# [^\w]if\(
# while\(
# for\(
# Add space after //
# DISABLED To re-enable when code will be formatted globally
#^\s*//[^\s]
# Not usable with unitary test. Use StringUtils
# DISABLED
#TextUtils\.isEmpty\(
### invalid formatting (too many space char)
^ /\*
# No ternary operator
# DISABLED
# \?
### unnecessary parenthesis around numbers, example: " (0)"
\(\d+\)
### Malformatted comment
^ \*
### import the package, do not use long class name with package
android\.os\.Build\.
### Tab char is forbidden. Use only spaces
\t
# Empty lines and trailing space
# DISABLED To re-enable when code will be formatted globally
#[ ]$
### Deprecated, use retrofit2.HttpException
import retrofit2\.adapter\.rxjava\.HttpException
### This is generally not necessary, no need to reset the padding if there is no drawable
setCompoundDrawablePadding\(0\)
# Change thread with Rx
# DISABLED
#runOnUiThread
### Bad formatting of chain (missing new line)
\w\.flatMap\(
### Bad formatting of Realm query chain. Insert new line
# DISABLED
# \)\.equalTo
# Use StandardCharsets.UTF_8.name()
# DISABLED (min API to low)
#\"UTF-
### Directly use getString() in a Fragment
getActivity\(\)\.getString\(
### In Kotlin, Void has to be null safe, i.e. use 'Void?' instead of 'Void'
\: Void\)
### Home menu click is managed in parent Activity, with one exception
android\.R\.id\.home===2
### Kotlin conversion tools introduce this, but is can be replace by trim()
trim \{ it \<\= \' \' \}
### Use MaterialAlertDialogBuilder
android\.app\.AlertDialog
androidx\.appcompat\.app\.AlertDialog===4
### Put the operator at the beginning of next line
==$
### Use JsonUtils.getBasicGson()
new Gson\(\)
### Use matrixOneTimeWorkRequestBuilder
import androidx.work.OneTimeWorkRequestBuilder===2
### Use TextUtils.formatFileSize
Formatter\.formatFileSize===1
### Use TextUtils.formatFileSize with short format param to true
Formatter\.formatShortFileSize===1
### Use kotlin stdlib to test or compare strings
# DISABLED
# android\.text\.TextUtils
### Do not import temporary legacy classes
import org.matrix.android.sdk.internal.legacy.riot===3
import org.matrix.androidsdk.crypto.data===2
### Use `Context#getSystemService` extension function provided by `core-ktx`
getSystemService\(Context
### Use DefaultSharedPreferences.getInstance() instead for better performance
PreferenceManager\.getDefaultSharedPreferences==2
### Use ViewBindings
# findViewById
### Do not use `template_` string. Please remove the prefix `template_` to use the generated resource instead.
R\.string\.template_
### Use the Clock interface, or use `measureTimeMillis`
System\.currentTimeMillis\(\)===2
### Remove extra space between the name and the description
\* @\w+ \w+ +
### Please use the MenuProvider interface now
onCreateOptionsMenu
onOptionsItemSelected
onPrepareOptionsMenu
### Suspicious String template. Please check that the string template will behave as expected, i.e. the class field and not the whole object will be used. For instance `Timber.d("$event.type")` is not correct, you should write `Timber.d("${event.type}")`. In the former the whole event content will be logged, since it's a data class. If this is expected (i.e. to fix false positive), please add explicit curly braces (`{` and `}`) around the variable, for instance `"elementLogs.${i}.txt"`
\$[a-zA-Z_]\w*\??\.[a-zA-Z_]