Show the path for forbidden dir in child folder (#387)

* Show the path for forbidden dir in child folder

* Improve the error message for forbidden dir in the root of the archive

qgis-app/plugins/tests/test_validator.py

@@ -154,7 +154,10 @@ def test_zipfile_with_MACOSX(self, mock_namelist):
         mock_namelist.return_value = ["__MACOSX/"]
         with self.assertRaisesMessage(
             Exception,
-            ("For security reasons, zip file cannot contain " "'__MACOSX' directory"),
+            (
+                "For security reasons, zip file cannot contain <strong> '__MACOSX' </strong> directory. "
+                "However, there is one present at the root of the archive."
+             ),
         ):
             validator(self.package)
 
@@ -164,8 +167,20 @@ def test_zipfile_with_pycache(self, mock_namelist):
         with self.assertRaisesMessage(
             Exception,
             (
-                "For security reasons, zip file cannot contain "
-                "'__pycache__' directory"
+                "For security reasons, zip file cannot contain <strong> '__pycache__' </strong> directory. "
+                "However, there is one present at the root of the archive."
+            ),
+        ):
+            validator(self.package)
+
+    @mock.patch("zipfile.ZipFile.namelist")
+    def test_zipfile_with_pycache_in_children(self, mock_namelist):
+        mock_namelist.return_value = ["path/to/__pycache__/"]
+        with self.assertRaisesMessage(
+            Exception,
+            (
+                "For security reasons, zip file cannot contain <strong> '__pycache__' </strong> directory. "
+                "However, it has been found at <strong> 'path/to/__pycache__/' </strong>."
             ),
         ):
             validator(self.package)
@@ -175,7 +190,10 @@ def test_zipfile_with_git(self, mock_namelist):
         mock_namelist.return_value = [".git"]
         with self.assertRaisesMessage(
             Exception,
-            ("For security reasons, zip file cannot contain " "'.git' directory"),
+            (
+                "For security reasons, zip file cannot contain <strong> '.git' </strong> directory. "
+                "However, there is one present at the root of the archive."
+            ),
         ):
             validator(self.package)
 
@@ -188,7 +206,8 @@ def test_zipfile_with_gitignore(self, mock_namelist):
         exception = cm.exception
         self.assertNotEqual(
             exception.message,
-            "For security reasons, zip file cannot contain '.git' directory",
+            "For security reasons, zip file cannot contain <strong> '.git' </strong> directory. ",
+            "However, there is one present at the root of the archive."
         )
 
 

qgis-app/plugins/validator.py

@@ -192,11 +192,19 @@ def validator(package):
                 _("For security reasons, zip file cannot contain .pyc file")
             )
         for forbidden_dir in ["__MACOSX", ".git", "__pycache__"]:
-            if forbidden_dir in zname.split("/"):
+            dir_name_list = zname.split("/")
+            if forbidden_dir in dir_name_list:
+                if forbidden_dir == dir_name_list[0]:
+                    raise ValidationError(
+                        _(
+                            "For security reasons, zip file "
+                            "cannot contain <strong> '%s' </strong> directory. However, there is one present at the root of the archive." % (forbidden_dir,)
+                        )
+                    )
                 raise ValidationError(
                     _(
                         "For security reasons, zip file "
-                        "cannot contain '%s' directory" % (forbidden_dir,)
+                        "cannot contain <strong> '%s' </strong> directory. However, it has been found at <strong> '%s' </strong>." % (forbidden_dir, zname)
                     )
                 )
     bad_file = zip.testzip()