nvda icon indicating copy to clipboard operation
nvda copied to clipboard

Published 20 hours ago verified publisher icon nvaccess

add validation of update mirror urls

Open christopherpross opened this issue 4 months ago • 0 comments

Link to issue number:

#17205

Summary of the issue:

Users could configure an invalid update mirror URL, which would only be discovered when attempting to check for updates. This PR implements a validation mechanism that ensures the specified update mirror is valid before allowing it to be set in the settings.

Description of user facing changes

A new validation process has been added when setting an update mirror URL in NVDA's settings. Users will now receive feedback if the URL they provide is not a valid update mirror. The "Test" button in the settings will now ensure that the mirror responds with the expected format, preventing invalid configurations.

Description of development approach

  • Refactored parsing logic for update responses into a new function: parseUpdateCheckResponse.
  • Defined the minimum schema for an update mirror response based on the following required keys:
    • version
    • launcherUrl
    • apiVersion
  • Implemented a new function _isResponseUpdateMirrorValid in settingsDialogs.py, which calls parseUpdateCheckResponse to validate the mirror's response.
  • Added _isResponseUpdateMirrorValid as the responseValidator in the _SetURLDialog for update mirrors.

Testing strategy:

  • Ran NVDA from source.
  • Ensured the update mirror URL was set to "no Mirror".
  • Test 1: Set the URL to "https://www.nvaccess.org/nvdaUpdateCheck".
    • Pressed the "Test" button and verified that the URL was marked as valid.
  • Test 2: Set the URL to "https://google.de".
    • Pressed the "Test" button and verified that the URL was marked as invalid.
  • Test 3: Set the URL to "https://github.com".
    • Pressed the "Test" button and verified that the URL was marked as invalid.
  • Test 4: Set the URL to the Chinese NVDA Community Update Mirror (https://nvaccess.mirror.nvdadr.com/nvdaUpdateCheck).
    • Verified that this URL was marked as valid.
  • Additional tests with random strings to ensure that invalid URLs are correctly marked as invalid.

Known issues with pull request:

No known issues.

Code Review Checklist:

  • [x] Documentation:
    • Change log entry
    • User Documentation
    • Developer / Technical Documentation
    • Context sensitive help for GUI changes
  • [x] Testing:
    • Unit tests
    • System (end to end) tests
    • Manual testing
  • [x] UX of all users considered:
    • Speech
    • Braille
    • Low Vision
    • Different web browsers
    • Localization in other languages / culture than English
  • [ ] API is compatible with existing add-ons.
  • [x] Security precautions taken.

@coderabbitai summary

christopherpross avatar Oct 20 '24 11:10 christopherpross