fix: audit fixes across verify, pack, security, and performance

- fix KeyError in compute_coverage (generate_readme, generate_site) - fix comma-separated MD5 handling in generate_pack check_inside_zip - fix _verify_file_hash to handle multi-MD5 for large files - fix external downloads not tracked in seen_destinations/file_status - fix tar path traversal in _is_safe_tar_member (refresh_data_dirs) - fix predictable tmp path in download.py - fix _sanitize_path to filter "." components - remove blanket data_dir suppression in find_undeclared_files - remove blanket data_dir suppression in cross_reference - add status_counts to verify_platform return value - add md5_composite cache for repeated ZIP hashing
2026-04-13 12:22:33 -05:00 · 2026-03-19 14:04:34 +01:00
parent e1410ef4a6
commit 38d605c7d5
9 changed files with 68 additions and 45 deletions
--- a/scripts/verify.py
+++ b/scripts/verify.py
@@ -228,10 +228,6 @@ def find_undeclared_files(
        if not emu_systems & platform_systems:
            continue

-        # Skip if emulator's data_directories cover the files
-        emu_dd = {dd.get("ref", "") for dd in profile.get("data_directories", [])}
-        covered_by_dd = bool(emu_dd & declared_dd)
-
        for f in profile.get("files", []):
            fname = f.get("name", "")
            if not fname or fname in seen:
@@ -241,8 +237,6 @@ def find_undeclared_files(
                continue
            if fname in declared_names:
                continue
-            if covered_by_dd:
-                continue

            in_repo = fname in by_name or fname.rsplit("/", 1)[-1] in by_name
            seen.add(fname)
@@ -381,6 +375,11 @@ def verify_platform(
    for s in file_severity.values():
        counts[s] = counts.get(s, 0) + 1

+    # Count by file status (ok/untested/missing)
+    status_counts: dict[str, int] = {}
+    for s in file_status.values():
+        status_counts[s] = status_counts.get(s, 0) + 1
+
    # Cross-reference undeclared files
    undeclared = find_undeclared_files(config, emulators_dir, db, emu_profiles)
    exclusions = find_exclusion_notes(config, emulators_dir, emu_profiles)
@@ -390,6 +389,7 @@ def verify_platform(
        "verification_mode": mode,
        "total_files": len(file_status),
        "severity_counts": counts,
+        "status_counts": status_counts,
        "undeclared_files": undeclared,
        "exclusion_notes": exclusions,
        "details": details,