diff -Nru check-all-the-things-2015.12.10ubuntu2/check-all-the-things check-all-the-things-2016.06.29.1~16.04.1/check-all-the-things --- check-all-the-things-2015.12.10ubuntu2/check-all-the-things 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/check-all-the-things 2016-06-29 11:17:12.000000000 +0200 @@ -1,7 +1,8 @@ #!/usr/bin/python3 +# PYTHON_ARGCOMPLETE_OK # Copyright 2014 Jakub Wilk -# Copyright 2015 Paul Wise +# Copyright 2015-2016 Paul Wise # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal @@ -33,6 +34,7 @@ import shlex import stat import time +import signal import subprocess as ipc import sys from textwrap import TextWrapper @@ -49,7 +51,7 @@ def get_columns(): try: - buf = ioctl(sys.stdout.fileno(), TIOCGWINSZ, ' '*4) + buf = ioctl(sys.stdout.fileno(), TIOCGWINSZ, ' ' * 4) return unpack('hh', buf)[1] except IOError: return 80 @@ -75,20 +77,35 @@ shlex.quote = pipes.quote try: + import argcomplete + ChoicesCompleter = argcomplete.completers.ChoicesCompleter +except ImportError: + argcomplete = None + + class ChoicesCompleter: + def __init__(self, *args, **kwargs): + pass + +try: import ptyprocess except ImportError: ptyprocess = None try: - import apt_pkg + import netifaces except ImportError: - apt_pkg = None + netifaces = None + +try: + import magic +except ImportError: + magic = None this = os.path.realpath(__file__) rootdir = os.path.dirname(this) -datadir = os.path.join(rootdir, 'data') +datadir = os.environ.get('CATS_DATA') if not datadir or not os.path.isdir(datadir): - datadir = os.environ.get('CATT_DATA') + datadir = os.path.join(rootdir, 'data') if not datadir or not os.path.isdir(datadir): datadir = os.path.join(os.path.dirname(rootdir), 'share', 'check-all-the-things', 'data') @@ -100,60 +117,171 @@ sys.stdout.flush() -def spawn_header_first(cmd, header): - if sys.stdout.isatty(): - width = get_columns() - line = '$ ' + cmd.replace('\n', '') - size = len(line) - if size > width: - line = line[:width] - print(line, end='') +def show_progress(cmd): + width = get_columns() + line = '$ ' + cmd.replace('\n', '') + size = len(line) + if size > width: + line = line[:width] + print(line, end='') + erase_to_eol_cr() + + +def show_header(header): + if header: + print(header) + sys.stdout.flush() + return True + else: + return False + + +def spawn_ptyprocess(cmd, hide, header, footer, limit): + lines = 0 + trimmed = False + + def output_header(): + nonlocal header erase_to_eol_cr() - if ptyprocess: - proc = ptyprocess.ptyprocess.PtyProcess.spawn(['sh', '-c', cmd]) - while True: - try: - line = proc.readline() - if line: - if header: - erase_to_eol_cr() - print(header) - sys.stdout.flush() - header = None - sys.stdout.buffer.write(line) + show_header(header) + header = None + + proc = ptyprocess.ptyprocess.PtyProcess.spawn(['sh', '-c', cmd]) + while True: + try: + line = proc.readline() + if line: + if limit > 0: + lines += 1 + if lines > limit: + trimmed = True + print(*footer, sep='\n') sys.stdout.flush() - except EOFError: - break - else: - pipe = None + proc.kill(signal.SIGTERM) + break + if header: + output_header() + sys.stdout.buffer.write(line) + sys.stdout.flush() + except EOFError: + break + if header and not hide: + output_header() + return not bool(header), trimmed - def read(fd): - nonlocal header - nonlocal pipe - if not pipe: - pipe = open(fd, closefd=False) - data = pipe.buffer.readline() - if data and header: - erase_to_eol_cr() - print(header.replace('\n', '\r\n'), end='\r\n') - sys.stdout.flush() - header = None - return data - pty.spawn(['sh', '-c', cmd], read) - pipe.close() - else: - with ipc.Popen(cmd, shell=True, stdout=ipc.PIPE, stderr=ipc.STDOUT) as proc: - line = proc.stdout.readline() - if line and header: - print(header) + +def spawn_pty(cmd, hide, header, footer, limit): + lines = 0 + trimmed = False + pipe = None + + def output_header(): + nonlocal header + erase_to_eol_cr() + print(header.replace('\n', '\r\n'), end='\r\n') + sys.stdout.flush() + header = None + + def read(fd): + nonlocal limit + nonlocal lines + nonlocal trimmed + nonlocal header + nonlocal pipe + if not pipe: + pipe = open(fd, closefd=False) + data = pipe.buffer.readline() + if limit > 0: + lines += 1 + if lines > limit: + trimmed = True + print(*footer, sep='\r\n', end='\r\n') + sys.stdout.flush() + raise OSError + if data and header: + output_header() + return data + + pty.spawn(['sh', '-c', cmd], read) + pipe.close() + if header and not hide: + output_header() + return not bool(header), trimmed + + +def spawn_pipe(cmd, hide, header, footer, limit): + lines = 0 + trimmed = False + + def output_header(): + nonlocal header + show_header(header) + header = None + + def check_lines(): + nonlocal proc + nonlocal limit + nonlocal lines + nonlocal trimmed + nonlocal footer + if limit > 0: + lines += 1 + if lines > limit: + trimmed = True + print(*footer, sep='\n') sys.stdout.flush() - header = None - sys.stdout.buffer.write(line) - sys.stdout.flush() + proc.terminate() + return True + + with ipc.Popen(cmd, shell=True, stdout=ipc.PIPE, stderr=ipc.STDOUT) as proc: + line = proc.stdout.readline() + if line and header: + output_header() + sys.stdout.buffer.write(line) + sys.stdout.flush() + if not check_lines(): for line in proc.stdout: + if check_lines(): + break sys.stdout.buffer.write(line) sys.stdout.flush() - return not bool(header) + if header and not hide: + output_header() + return not bool(header), trimmed + + +def spawn_none(cmd, header): + show_header(header) + ipc.call(cmd, shell=True, stderr=ipc.STDOUT) + return True, False + + +def spawn(method, cmd, hide, header, footer, limit): + if method == 'pipe': + return spawn_pipe(cmd, hide, header, footer, limit) + elif method == 'ptyprocess': + show_progress(cmd) + return spawn_ptyprocess(cmd, hide, header, footer, limit) + elif method == 'pty': + show_progress(cmd) + return spawn_pty(cmd, hide, header, footer, limit) + elif method == 'none': + return spawn_none(cmd, header) + else: + raise RuntimeError + + +def spawn_choice(supervise, terminal): + if supervise: + if terminal: + if ptyprocess: + return 'ptyprocess' + else: + return 'pty' + else: + return 'pipe' + else: + return 'none' class UnmetPrereq(Exception): @@ -163,59 +291,85 @@ class Check(object): def __init__(self): self.apt = None - self.match = None - self._match_fn = id - self.not_match = None - self._not_match_fn = None - self.prune = None - self._prune_fn = None + types = set() + types.update('files not_files not_dirs'.split()) + for type in set(types): + types.update((type + '_path', type + '_parent')) + types.update('types not_types'.split()) + for type in types: + self.__dict__[type] = None + self.__dict__['_' + type + '_fn'] = None self.comment = None self.cmd = None self.cmd_nargs = None self.flags = set() - self.groups = set() self.prereq = None self.disabled = set() def set_apt(self, value): - if apt_pkg: - self.apt = apt_pkg.parse_depends(value) + self.apt = value - def set_match(self, value): - self.match = value.split() + def _set_re_fn(self, this, type, affix=True): regexp = '|'.join( fnmatch.translate(s) - for s in self.match + for s in this[type] ) - regexp = r'\A(?:{re})\Z'.format(re=regexp) + if affix: + regexp = r'\A(?:{re})\Z'.format(re=regexp) + else: + regexp = r'(?:{re})'.format(re=regexp) + this['_' + type + '_re'] = regexp regexp = re.compile(regexp, flags=re.IGNORECASE) - self._match_fn = regexp.match + this['_' + type + '_fn'] = regexp.match - def set_not_match(self, value): - self.not_match = value.split() - regexp = '|'.join( - fnmatch.translate(s) - for s in self.not_match - ) - regexp = r'\A(?:{re})\Z'.format(re=regexp) - regexp = re.compile(regexp, flags=re.IGNORECASE) - self._not_match_fn = regexp.match + def _set_match_fn(self, type, values): + type_path = type + '_path' + type_parent = type + '_parent' + this = self.__dict__ + this[type] = [] + this[type_path] = [] + this[type_parent] = [] + for value in values.split(): + if value.startswith('/'): + this[type_path].append('*' + value) + elif value.startswith('./'): + this[type_path].append(value) + elif value.startswith('../'): + this[type_parent].append(value) + elif value.find('/') != -1: + this[type_path].append('*/' + value) + elif value: + this[type].append(value) + for subtype in (type, type_path, type_parent): + if this[subtype]: + self._set_re_fn(this, subtype) + + def set_files(self, value): + self._set_match_fn('files', value) + + def set_not_files(self, value): + self._set_match_fn('not_files', value) + + def set_not_dirs(self, value): + self._set_match_fn('not_dirs', value) + + def _set_type_match_fn(self, type, values): + this = self.__dict__ + this[type] = values.split() + if this[type]: + self._set_re_fn(this, type, False) - def set_prune(self, value): - self.prune = value.split() - regexp = '|'.join( - fnmatch.translate(s) - for s in self.prune - ) - regexp = r'\A(?:{re})\Z'.format(re=regexp) - regexp = re.compile(regexp, flags=re.IGNORECASE) - self._prune_fn = regexp.match + def set_types(self, value): + self._set_type_match_fn('types', value) + + def set_not_types(self, value): + self._set_type_match_fn('not_types', value) def set_comment(self, value): self.comment = value.strip() def set_command(self, value): - self.cmd = cmd = value + self.cmd = cmd = value.strip() d = collections.defaultdict(str) cmd.format(**d) nargs = 1 * ('file' in d) + 2 * ('files' in d) @@ -226,60 +380,77 @@ def set_flags(self, value): self.flags = set(value.split()) - def set_groups(self, value): - self.groups.update(value.split()) - def set_prereq(self, value): self.prereq = value - def get_sh_cmd(self, njobs=1): + def _set_fcmd_(self, fcmd, type, test): + this = self.__dict__ + if not this[type]: + return + elif len(this[type]) == 1: + [wildcard] = this[type] + fcmd += [test, shlex.quote(wildcard)] + else: + end = len(fcmd) + for wildcard in this[type]: + fcmd += ['-o', test, shlex.quote(wildcard)] + fcmd[end] = '\\(' + fcmd += ['\\)'] + + def _set_fcmd(self, fcmd, type): + self._set_fcmd_(fcmd, type, '-iname') + self._set_fcmd_(fcmd, type + '_path', '-iwholename') + + def get_sh_cmd(self, njobs=1, types=False): kwargs = { 'files': '{} +', 'file': '{} \\;', 'njobs': njobs, } + null_kwargs = { + 'files': '', + 'file': '', + 'njobs': njobs, + } if not self.cmd: return cmd = self.cmd.format(**kwargs) + # FIXME: remove this once Debian bug #588017 is no longer relevant + if self.is_flag_set('perl-bug-588017'): + cmd = 'env PERL5OPT=-m-lib=. ' + cmd if self.cmd_nargs > 0: fcmd = ['find'] - if self.prune is not None: + any = self.not_files or self.not_files_path or self.files or self.files_path + if self.files_parent: + fcmd += ['..', '-maxdepth', '1', '-type', 'f'] + self._set_fcmd_(fcmd, 'files_parent', '-iwholename') + fcmd += ['-exec', cmd] + if any: + fcmd += [';', 'find'] + if self.not_dirs or self.not_dirs_path: fcmd += ['-type', 'd'] - if len(self.prune) == 1: - [wildcard] = self.prune - fcmd += ['-iname', shlex.quote(wildcard)] - else: - end = len(fcmd) - for wildcard in self.prune: - fcmd += ['-o', '-iname', shlex.quote(wildcard)] - fcmd[end] = '\\(' - fcmd += ['\\)'] + self._set_fcmd(fcmd, 'not_dirs') fcmd += ['-prune', '-o'] - fcmd += ['-type', 'f'] - if self.match is not None: - if len(self.match) == 1: - [wildcard] = self.match - fcmd += ['-iname', shlex.quote(wildcard)] - else: - end = len(fcmd) - for wildcard in self.match: - fcmd += ['-o', '-iname', shlex.quote(wildcard)] - fcmd[end] = '\\(' - fcmd += ['\\)'] - if self.not_match is not None: - if self.match: + if any: + fcmd += ['-type', 'f'] + self._set_fcmd(fcmd, 'files') + if self.not_files or self.not_files_path: + if self.files or self.files_path: fcmd += ['-a'] fcmd += ['!'] - if len(self.not_match) == 1: - [wildcard] = self.not_match - fcmd += ['-iname', shlex.quote(wildcard)] - else: - end = len(fcmd) - for wildcard in self.not_match: - fcmd += ['-o', '-iname', shlex.quote(wildcard)] - fcmd[end] = '\\(' - fcmd += ['\\)'] - fcmd += ['-exec', cmd] + self._set_fcmd(fcmd, 'not_files') + if self.types and types: + tfcmd = '' + if any: + tfcmd += '''-print0 -o ''' + tfcmd += '''-exec sh -c 'file --mime-type -r0 "$1" | cut -d "" -f 2 | grep -qP "^: ''' + tfcmd += self._types_re + tfcmd += '''$" && printf "%s\\0" "$1"' sh {} \; | xargs -0''' + if self.cmd_nargs == 1: + tfcmd += 'n1' + fcmd += [tfcmd, self.cmd.format(**null_kwargs)] + elif not self.files_parent or any: + fcmd += ['-exec', cmd] cmd = ' '.join(fcmd) return cmd @@ -287,8 +458,11 @@ if self.prereq is None: if not self.cmd: return - cmd = shlex.split(self.cmd)[0] - if not which(cmd): + cmdline = shlex.split(self.cmd) + cmd = cmdline[0] + if cmd == 'cat': + cmd = cmdline[cmdline.index('|') + 1] + if not which(cmd) and not self.is_flag_set('todo'): raise UnmetPrereq('command not found: ' + cmd) else: try: @@ -301,51 +475,157 @@ except ipc.CalledProcessError: raise UnmetPrereq('command failed: ' + self.prereq) - def is_file_matching(self, path): - if self._not_match_fn and self._not_match_fn(path): + def is_file_matching(self, path, file): + if self._not_files_path_fn and self._not_files_path_fn(path): return False - return self._match_fn(path) + if self._not_files_fn and self._not_files_fn(file): + return False + if self._files_path_fn and self._files_path_fn(path): + return True + if self._files_fn and self._files_fn(file): + return True + if not (self.files or self.files_path or self.files_parent): + return True + return False + + def is_parent_file_matching(self, path): + if self._not_files_parent_fn and self._not_files_parent_fn(path): + return False + if self._files_parent_fn and self._files_parent_fn(path): + return True + return False + + def is_dir_matching(self, path): + dir = os.path.split(path)[-1] + if self._not_dirs_fn and self._not_dirs_fn(dir): + return True + if self._not_dirs_path_fn and self._not_dirs_path_fn(path): + return True + return False - def is_dir_pruned(self, path): - return self._prune_fn(path) if self._prune_fn else False + def is_type_matching(self, type): + if self._not_types_fn and self._not_types_fn(type): + return False + if self._types_fn and self._types_fn(type): + return True + return False + + def is_always_matching(self): + if not (self.files or self.files_path or self.files_parent or self.types): + return True def is_flag_set(self, value): return value in self.flags + def do(self, name, jobs, types, run, hide, limit, method, terminal, remarks): + cmd = self.get_sh_cmd(njobs=jobs, types=types) + comment = self.comment + manual = self.is_flag_set('manual') + style = self.is_flag_set('style') + complexity = self.is_flag_set('complexity') + fixme = self.is_flag_set('fixme') + todo = self.is_flag_set('todo') + embed = self.is_flag_set('embed') + run = cmd and run and not manual and not todo + hide = hide and run + trim = limit > 0 + supervise = hide or trim + if method == 'auto': + method = spawn_choice(supervise, terminal) + header = '' + footer = ('...',) + if manual and not todo: + header += '# This command needs a human to read about and run it\n' + if style and not todo: + header += '# This command checks style. While a consistent style\n' + header += '# is a good idea, people who have different style\n' + header += '# preferences will want to ignore some of the output.\n' + if complexity and not todo: + header += '# This command checks code complexity. While simple\n' + header += '# code is a good idea, complex code can be needed.\n' + if (style or complexity) and not todo: + header += '# Do not bother adding non-upstreamable patches for this.\n' + if fixme or todo: + header += '# This command needs someone to help out with it.\n' + remark(remarks, name, 'help needed') + if comment: + header += ''.join('# ' + line + '\n' for line in comment.split('\n')) + if embed and not todo: + header += '# Please remove any embedded copies from the upstream VCS and tarballs.\n' + header += '# https://wiki.debian.org/EmbeddedCodeCopies\n' + if cmd: + prompt = '# $ ' if manual or todo else '$ ' + header += prompt + cmd + if run: + output, trimmed = spawn(method, cmd, hide, header, footer, limit) + if not output and hide: + remark(remarks, name, 'no output') + if trim and trimmed: + remark(remarks, name, 'trimmed') + else: + output = show_header(header) + return output + class Formatter(argparse.ArgumentDefaultsHelpFormatter, argparse.MetavarTypeHelpFormatter): pass +def process_args(self, action, args): + if args: + for arg in args: + if arg not in self.all: + raise argparse.ArgumentError(self, self.unknown_msg.format(arg)) + action(args) + else: + raise argparse.ArgumentError(self, self.missing_msg) + + def process(self, choices): - action = self.change + action = None args = set() - for choice in choices: + if not choices: + raise argparse.ArgumentError(self, self.missing_msg) + end = len(choices)-1 + for i, choice in enumerate(choices): arg = None if choice.startswith('='): - action = self.change + new_action = self.change elif choice.startswith('+'): - action = self.enable + new_action = self.enable elif choice.startswith('-'): - action = self.disable + new_action = self.disable else: + new_action = None arg = choice if arg is None: - args = set() arg = choice[1:] if arg: arg = set([arg]) else: arg = set() - args.update(arg) - action(args) + if i == 0: + action = new_action if new_action else self.change + args.update(arg) + if i > 0 and i < end: + if new_action: + process_args(self, action, args) + action = new_action + args = set() + args.update(arg) + if i == end: + args.update(arg) + process_args(self, action, args) class CheckSelectionAction(argparse.Action): msg = 'cmdline disabled check' + unknown_msg = 'unknown check: {}' + missing_msg = 'missing check name' - def __init__(self, option_strings, dest, checks={}, prepend_values=[], *args, **kwargs): + def __init__(self, option_strings, dest, checks={}, all=set(), prepend_values=[], *args, **kwargs): self.checks = checks + self.all = all self.prepend_values = prepend_values super().__init__(option_strings=option_strings, dest=dest, *args, **kwargs) @@ -369,13 +649,16 @@ self.checks[name].disabled.add(self.msg) -class GroupSelectionAction(argparse.Action): +class FlagSelectionAction(argparse.Action): + msg = 'cmdline disabled flag' + unknown_msg = 'unknown flag: {}' + missing_msg = 'missing flag name' - def __init__(self, option_strings, dest, msg=None, name=None, checks={}, groups=set(), prepend_values=[], *args, **kwargs): - self.msg = msg - self.name = name + def __init__(self, option_strings, dest, checks={}, flags=set(), all=set(), disable={}, prepend_values=[], *args, **kwargs): self.checks = checks - self.groups = groups + self.flags = flags + self.all = all + self.disabled = disable self.prepend_values = prepend_values super().__init__(option_strings=option_strings, dest=dest, *args, **kwargs) @@ -383,69 +666,230 @@ for value in self.prepend_values + values: process(self, value.split()) - def change(self, groups): - self.groups.__init__(groups) - for name, check in self.checks.items(): - if check.__getattribute__(self.name).isdisjoint(groups): - self.checks[name].disabled.add(self.msg) + def change(self, flags): + self.flags.__init__(flags) + bad = set(self.disabled.keys()) + want_all = flags + want_bad = flags & bad + want_good = flags - bad + for name, check in sorted(self.checks.items()): + checkf = check.flags + check_enable = check_disable = False + if want_good & checkf: + if bad & checkf & want_bad: + check_enable = True + elif not(checkf & bad): + check_enable = True + else: + check_disable = True + elif want_all <= bad and want_all & checkf: + check_enable = True else: + check_disable = True + if check_enable: self.checks[name].disabled.clear() + elif check_disable: + self.checks[name].disabled.add(self.msg) - def enable(self, groups): - self.groups.update(groups) - for name, check in self.checks.items(): - if not check.__getattribute__(self.name).isdisjoint(groups): + def enable(self, flags): + self.flags.update(flags) + bad = set(self.disabled.keys()) + want_all = flags + want_bad = flags & bad + want_good = flags - bad + for name, check in sorted(self.checks.items()): + checkf = check.flags + check_enable = False + if want_good & checkf: + if bad & checkf & want_bad: + check_enable = True + elif not(checkf & bad): + check_enable = True + elif want_all <= bad and want_all & checkf: + check_enable = True + if check_enable: self.checks[name].disabled.clear() - def disable(self, groups): - self.groups.difference_update(groups) - for name, check in self.checks.items(): - if not check.__getattribute__(self.name).isdisjoint(groups): + def disable(self, flags): + self.flags.difference_update(flags) + bad = set(self.disabled.keys()) + want_all = flags + want_bad = flags & bad + want_good = flags - bad + for name, check in sorted(self.checks.items()): + checkf = check.flags + check_disable = False + if want_good & checkf: + check_disable = True + if check_disable: self.checks[name].disabled.add(self.msg) -def parse_section(section): - check = Check() +class RangeCompleter(object): + def __init__(self, start, end): + self.choices = range(start, end + 1) + + def __call__(self, prefix, **kwargs): + return (str(c) for c in self.choices if str(c).startswith(prefix)) + + +def parse_section(section, check=None): + if not check: + check = Check() for key, value in section.items(): key = key.replace('-', '_') getattr(check, 'set_' + key)(value) return check -def parse_conf(): - checks = {} - flags = set() - groups = set() - for path in glob.glob(os.path.join(datadir, '*')): +def parse_conf(checks={}, flags=set(), distro=None, release=None): + if distro and release: + for path in glob.glob(os.path.join(datadir, 'overlay', distro, release, '*')): + parse_file(checks, flags, path, True) + else: + for path in glob.glob(os.path.join(datadir, '*')): + parse_file(checks, flags, path) + return (checks, flags) + + +def parse_file(checks, flags, path, overlay=False): cp = configparser.ConfigParser(interpolation=None) cp.read(path, encoding='UTF-8') for name in cp.sections(): - if name in checks: - raise RuntimeError('duplicate check name: ' + name) section = cp[name] - checks[name] = parse_section(section) - checks[name].groups.update({os.path.basename(path)}) + if name in checks: + if overlay: + parse_section(section, checks[name]) + else: + raise RuntimeError('duplicate check name: ' + name) + else: + checks[name] = parse_section(section) + checks[name].flags.update({os.path.basename(path)}) flags.update(checks[name].flags) - groups.update(checks[name].groups) - return (checks, flags, groups) -def skip(skipped, name, reason): - if reason not in skipped: - skipped[reason] = set() - skipped[reason].add(name) +def remark(remarks, name, reason): + if reason not in remarks: + remarks[reason] = set() + remarks[reason].add(name) return True +def set_debian_substvars(checks): + try: + import apt_pkg + except ImportError: + print('ERROR: Python apt module not installed', file=sys.stderr) + sys.exit(1) + recommends = [] + suggests = [] + for name, check in checks.items(): + try: + if check.apt: + apt_pkg.parse_depends(check.apt) + else: + continue + except ValueError: + print('ERROR: Could not parse deps for {}: {}'.format(name, check.apt), file=sys.stderr) + sys.exit(1) + if not check.is_flag_set('todo'): + recommends.append(check.apt) + else: + suggests.append(check.apt) + recommends = ', '.join(recommends) + suggests = ', '.join(suggests) + with open('debian/check-all-the-things.substvars', 'a') as substvars: + print('cats:Recommends={}'.format(recommends), file=substvars) + print('cats:Suggests={}'.format(suggests), file=substvars) + + +def walk(typedb, checks, remarks, matching_checks, parent, top): + ignore_checks = {} + ignore_checks[top] = set() + ignore_dirs = set('.git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer'.split()) + for root, dirs, files in os.walk(top): + root_set = set(root.split(os.path.sep)) + if parent: + del dirs[:] + else: + if root not in ignore_checks: + up = os.path.split(root)[0] + ignore_checks[root] = set(ignore_checks[up]) + for name, check in checks.items(): + if name in ignore_checks[root]: + continue + if check.is_dir_matching(root): + ignore_checks[root].add(name) + for file in files: + type = None + path = os.path.join(root, file) + st = os.lstat(path) + if not stat.S_ISREG(st.st_mode): + continue + base, ext = os.path.splitext(file) + if not ext: + not_checked = base + else: + not_checked = '*' + ext + matching_checks_this_file = False + for name, check in checks.items(): + if check.disabled: + continue + if name in ignore_checks[root]: + continue + if name in matching_checks: + continue + if parent: + if check.is_parent_file_matching(path): + matching_checks.add(name) + else: + if check.is_file_matching(path, file): + matching_checks.add(name) + if not check.is_always_matching() and not check.is_flag_set('todo'): + matching_checks_this_file = True + elif typedb: + if not type: + type = typedb.file(path) + if type != 'application/octet-stream': + if check.is_type_matching(type): + matching_checks.add(name) + if not check.is_always_matching() and not check.is_flag_set('todo'): + matching_checks_this_file = True + if not (parent or matching_checks_this_file or root_set.intersection(ignore_dirs)): + remark(remarks, not_checked, 'no specific checks') + + +def network(): + if netifaces: + gws = netifaces.gateways() + gw = gws.get('default') + if gw: + if netifaces.AF_INET in gw: + return True + if netifaces.AF_INET6 in gw: + return True + else: + return False + else: + return True + + def main(): - (checks, flags, groups) = parse_conf() - skipped = {} + (checks, flags) = parse_conf() + all_checks = set(checks.keys()) + all_flags = set(flags) + remarks = {} disable_flags = { 'dangerous': 'dangerous check', + 'modify': 'modifies files', 'todo': 'help needed', } + if not network(): + disable_flags['network'] = 'no network' + + all_flags.update(disable_flags.keys()) flags.difference_update(disable_flags.keys()) for name, check in checks.items(): for flag, reason in disable_flags.items(): @@ -455,36 +899,36 @@ ap = argparse.ArgumentParser( formatter_class=Formatter, description='This program is aimed at checking things related to ' - 'packaging and software development. It automates statical ' - 'analysis of code, QA checks, syntax checking, for a very large ' - 'set of files.', + 'packaging and software development. It automates static ' + 'analysis of code, QA, syntax and style checks and more, ' + 'for a large set of file types.', epilog="WARNING: since it checks so many things the output can be " "very verbose so don't use it if you don't have time to go " "through the output to find problems." ) ap.add_argument('--jobs', '-j', metavar='N', type=int, nargs='?', help="passed to tools that can parallelize their checks", - default=1) + default=1).completer = RangeCompleter(1, multiprocessing.cpu_count()) ap.add_argument('--checks', '-c', metavar='selectors', nargs=1, help="alter the set of checks to be run based on check names" " (example: = cppcheck + lintian duck - duck)", type=str, default=argparse.SUPPRESS, dest=argparse.SUPPRESS, - action=CheckSelectionAction, checks=checks) + action=CheckSelectionAction, checks=checks, all=all_checks, + ).completer = ChoicesCompleter(sorted(all_checks)) ap.add_argument('--flags', '-f', metavar='selectors', nargs=1, help="alter the set of checks to be run based on flag names" + " (example: = audio c - mp3 + sh)" " (example: = dangerous + network - todo)", type=str, default=argparse.SUPPRESS, dest=argparse.SUPPRESS, - action=GroupSelectionAction, msg='cmdline disabled flag', name='flags', checks=checks, groups=flags) - ap.add_argument('--groups', '-g', metavar='selectors', nargs=1, - help="alter the set of checks to be run based on group names" - " (example: = audio c - mp3 + sh)", - type=str, default=argparse.SUPPRESS, dest=argparse.SUPPRESS, - action=GroupSelectionAction, msg='cmdline disabled group', name='groups', checks=checks, groups=groups) + action=FlagSelectionAction, checks=checks, flags=flags, all=all_flags, disable=disable_flags, + ).completer = ChoicesCompleter(sorted(all_flags)) ap.add_argument('--all', '-a', nargs=0, - help="perform checks with possibly dangerous side effects." - " (equivalent: --flags +dangerous)", + help="perform checks with possible side effects," + " including executing code or modifying files" + " from the current directory." + " (equivalent: --flags +dangerous --flags +modify)", type=str, default=argparse.SUPPRESS, dest=argparse.SUPPRESS, - action=GroupSelectionAction, name='flags', checks=checks, groups=flags, prepend_values=['+dangerous']) + action=FlagSelectionAction, checks=checks, flags=flags, prepend_values=['+dangerous modify']) ap.add_argument('--interrupt', '-i', type=str, help="when interrupted, quit or skip the current check", default='skip', choices=['quit', 'exit', 'skip']) @@ -497,102 +941,120 @@ ap.add_argument('--suppressed-checks-lines', metavar='N', help="output lines to use for checks per suppression reason." " (<= -1: all, 0: only reasons, >= 1: N lines of checks)", - type=int, default=1) + type=int, default=1).completer = RangeCompleter(-1, 20) ap.add_argument('--commands', type=str, help="what to do with the commands for the chosen set of hooks", default='run', choices=['run', 'show']) + ap.add_argument("--set-debian-substvars", help=argparse.SUPPRESS, action="store_true") + ap.add_argument('--spawn-method', type=str, help=argparse.SUPPRESS, + default='auto', choices=['auto', 'none', 'pipe', 'pty', 'ptyprocess']) + ap.add_argument('--checks-output-lines', metavar='N', + help="output lines to allow for checks." + " checks using more lines are terminated," + " their output is truncated to fit," + " a footer is appended as an indicator" + " and their names are printed at the end." + " (<= 0: all, > 0: N lines of output)", + type=int, default=10).completer = RangeCompleter(0, 20) + ap.add_argument('--distro', '-d', type=str, + help="enable check overlay for distribution", + default=None, choices=['debian']) + ap.add_argument('--release', '-r', type=str, + help="enable check overlay for distribution release", + default=None, choices=['jessie']) + mime_help = (" matching files based on MIME type." + " MIME checking is slow and" + " makes more complicated commands.") + ap.add_argument('--mime', dest='mime', action='store_true', help='Enable '+mime_help) + ap.add_argument('--no-mime', dest='mime', action='store_false', help='Disable '+mime_help) + ap.set_defaults(mime=False) + if argcomplete: + argcomplete.autocomplete(ap) + elif '_ARGCOMPLETE' in os.environ: + print('ERROR: Argument completion requested but Python argcomplete module not installed', file=sys.stderr) + sys.exit(1) + options = ap.parse_args() + if options.distro and options.release: + parse_conf(checks, flags, options.distro, options.release) + if options.set_debian_substvars: + set_debian_substvars(checks) + sys.exit() if options.jobs is None: options.jobs = multiprocessing.cpu_count() + jobs = options.jobs + run = options.commands == 'run' + hide = options.silent_checks == 'hide' + limit = options.checks_output_lines + mime = options.mime + method = options.spawn_method + terminal = sys.stdout.isatty() last_interrupt = 0 matching_checks = set() - for root, dirs, files in os.walk('.'): - for file in files: - path = os.path.join(root, file) - st = os.lstat(path) - if not stat.S_ISREG(st.st_mode): - continue - for name, check in checks.items(): - if name in matching_checks: - continue - if check.is_file_matching(path): - matching_checks.add(name) - i = 0 - for dir in dirs: - for name, check in checks.items(): - if check.is_dir_pruned(path): - del dirs[i] - i += 1 + if magic and mime: + typedb = magic.open(magic.MAGIC_MIME_TYPE) + typedb.load() + else: + typedb = None + walk(typedb, checks, remarks, matching_checks, True, '..') + walk(typedb, checks, remarks, matching_checks, False, '.') + if typedb: + typedb.close() + types = bool(typedb) for name, check in sorted(checks.items()): next = False if name not in matching_checks: - next |= skip(skipped, name, 'no matching files') + next |= remark(remarks, name, 'no matching files') for reason in checks[name].disabled: - next |= skip(skipped, name, reason) + next |= remark(remarks, name, reason) if next: continue try: check.meet_prereq() except UnmetPrereq as exc: - skip(skipped, name, str(exc)) + remark(remarks, name, str(exc)) exc = None else: - show_check = options.silent_checks == 'show' or options.commands == 'show' - if (time.time()-last_interrupt) < options.interrupt_period: + if (time.time() - last_interrupt) < options.interrupt_period: try: time.sleep(options.interrupt_period) except KeyboardInterrupt: print() sys.exit() - cmd = check.get_sh_cmd(njobs=options.jobs) - comment = check.comment - header = '' - if comment: - header += ''.join('# ' + line + '\n' for line in comment.split('\n')) - if cmd: - header += '$ ' + cmd - if show_check or (check.comment and not cmd): - print(header) - sys.stdout.flush() try: - if cmd and options.commands == 'run': - if show_check: - ipc.call(cmd, shell=True, stderr=ipc.STDOUT) - else: - show_check |= spawn_header_first(cmd, header) - if not show_check: - skip(skipped, name, 'no output') + output = None + output = check.do(name, jobs, types, run, hide, limit, method, terminal, remarks) except KeyboardInterrupt: - if options.interrupt in {'exit', 'quit'} or (time.time()-last_interrupt) < options.interrupt_period: - if show_check: + if options.interrupt in {'exit', 'quit'} or (time.time() - last_interrupt) < options.interrupt_period: + if output: print() sys.exit() elif options.interrupt == 'skip': - skip(skipped, name, 'user interrupted') - if show_check: + remark(remarks, name, 'user interrupted') + if output: print() last_interrupt = time.time() - if cmd and show_check: + if output: print() - if options.commands == 'run' and options.silent_checks == 'hide' and sys.stdout.isatty(): + if run and hide and terminal: erase_to_eol_cr() - if skipped: - header = 'Skipped and hidden checks:' + if remarks: + header = 'Remarks:' out = TextWrapper() out.width = get_columns() out.break_long_words = False out.break_on_hyphens = False if options.suppressed_checks_lines == 0: - print(header + ' ' + out.fill(', '.join(sorted(skipped)))) + print(header + ' ' + out.fill(', '.join(sorted(remarks)))) else: print(header) if options.suppressed_checks_lines >= 1: out.placeholder = ' ...' out.max_lines = options.suppressed_checks_lines - for reason in sorted(skipped): + for reason in sorted(remarks): out.initial_indent = '- {reason}: '.format(reason=reason) out.subsequent_indent = ' ' * len(out.initial_indent) - print(out.fill(' '.join(sorted(skipped[reason])))) + print(out.fill(' '.join(sorted(remarks[reason])))) if __name__ == '__main__': main() diff -Nru check-all-the-things-2015.12.10ubuntu2/check-font-embedding-restrictions check-all-the-things-2016.06.29.1~16.04.1/check-font-embedding-restrictions --- check-all-the-things-2015.12.10ubuntu2/check-font-embedding-restrictions 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/check-font-embedding-restrictions 2016-06-29 11:17:07.000000000 +0200 @@ -0,0 +1,46 @@ +#!/usr/bin/python2 + +import fontforge +import deb822 +import sys +import os + +# The fontforge module prints warnings to stderr +# but that isn't useful for checking OS/2 fsType +old = os.dup(2) +os.close(2) +os.open(os.devnull, os.O_WRONLY) + +try: + with open('debian/control') as f: + for para in deb822.Deb822.iter_paragraphs(f): + if 'Section' in para and para['Section'].startswith('non-free/'): + exit() +except IOError: + exit() + +embedding_restricted = set() + +for file in set(sys.argv[1:]): + try: + font = fontforge.open(file) + if font: + if 0 != font.os2_fstype: + info = '{}: {:#06x}'.format(file, font.os2_fstype) + embedding_restricted.add(info) + font.close() + except EnvironmentError: + pass + +# Restore stderr +os.close(2) +os.dup(old) +os.close(old) + +if embedding_restricted: + print 'These fonts in Debian main/contrib have embedding' + print 'restrictions, which are not DFSG compatible:' + print + print '\n'.join(sorted(embedding_restricted)) + print + print 'https://www.microsoft.com/typography/otspec/os2.htm#fst' diff -Nru check-all-the-things-2015.12.10ubuntu2/data/android check-all-the-things-2016.06.29.1~16.04.1/data/android --- check-all-the-things-2015.12.10ubuntu2/data/android 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/android 2016-06-29 11:17:07.000000000 +0200 @@ -0,0 +1,7 @@ +[android-lint] +flags = todo +comment = can't run it from the command-line? +command = lint ... +apt = android-platform-tools-base + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/ansible check-all-the-things-2016.06.29.1~16.04.1/data/ansible --- check-all-the-things-2015.12.10ubuntu2/data/ansible 2015-11-07 15:21:33.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/ansible 2016-06-29 11:17:07.000000000 +0200 @@ -1,4 +1,5 @@ [ansible-lint] -groups = cfg-mgmt -flags = todo +flags = todo cfg-mgmt comment = ansible-lint ITP #799144 + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/appstream check-all-the-things-2016.06.29.1~16.04.1/data/appstream --- check-all-the-things-2015.12.10ubuntu2/data/appstream 2015-09-30 15:31:26.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/appstream 2016-06-29 11:17:07.000000000 +0200 @@ -1,9 +1,13 @@ [appstreamcli-validate] -flags = todo apt = appstream -comment = appstreamcli validate ... +files = *.metainfo.xml *.appdata.xml +command = appstreamcli --pedantic validate {files} [appstream-util-validate] -flags = todo -apt = appstream-glib -comment = appstream-util validate ... +flags = network +apt = appstream-util +files = *.metainfo.xml *.appdata.xml +# TODO: clarify if we want validate-strict +command = appstream-util validate {files} | grep -v ': OK$' + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/build-logs check-all-the-things-2016.06.29.1~16.04.1/data/build-logs --- check-all-the-things-2015.12.10ubuntu2/data/build-logs 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/build-logs 2016-06-29 11:17:07.000000000 +0200 @@ -1,18 +1,34 @@ [blhc] apt = blhc -match = ../*.build +files = ../*.build command = blhc --all {files} [build-log-warnings] -match = ../*.build -command = grep -H -i warn {files} ; grep -H -w W {files} +files = ../*.build +command = grep -H -i warn {files} + +[build-log-w] +files = ../*.build +command = grep -H -w W {files} [build-log-errors] -match = ../*.build -command = grep -H -i error {files} ; grep -H -w E {files} +files = ../*.build +command = grep -H -i error {files} + +[build-log-e] +files = ../*.build +command = grep -H -w E {files} + +[bls-standalone] +apt = bls-standalone +files = ../*.build +command = bls-standalone check --blhc=NO {files} -[build-log-scanner] -flags = todo -comment = Waiting on bls to be split and packaged: http://qa.debian.org/bls/ +[build-log-static-library] +files = ../*.build +command = grep '\.a\>' {files} +comment = + Please avoid the use of static libraries where possible + https://wiki.debian.org/StaticLinking # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/c check-all-the-things-2016.06.29.1~16.04.1/data/c --- check-all-the-things-2015.12.10ubuntu2/data/c 2016-02-16 18:37:09.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/c 2016-06-29 11:17:07.000000000 +0200 @@ -1,55 +1,86 @@ [cppcheck] apt = cppcheck -command = cppcheck -j{njobs} --quiet -f . | grep -vF 'cppcheck: error: could not find or open any of the paths given.' -# TODO: drop the filter when #769757 gets fixed +# see Path::acceptFile etc in lib/path.cpp in cppcheck +# TODO: update it before releases: +# curl -s https://sources.debian.net/data/main/c/cppcheck/latest/lib/path.cpp | +# grep 'ext.* == "' | +# sed 's/.*"\([^"]*\)".*/\1/;s/^/ */' +files = + *.c *.cc *.cxx *.cpp *.c++ + *.h *.hpp *.tpp *.txx +types = text/x-c text/x-c++ +command = cppcheck -j{njobs} --quiet -f . [deheader] +flags = manual apt = deheader -match = *.c *.cc *.cxx *.cpp -comment = Check if your C/C++ code contains any unnecessary headers. -command = echo deheader +files = *.c *.cc *.cxx *.cpp +types = text/x-c text/x-c++ +comment = + Check if your C/C++ code contains any unnecessary headers. + Dangerous because it executes Makefiles +command = deheader [include-what-you-use] apt = iwyu -match = +files = *.c *.cc *.cxx *.cpp *.h *.hh *.hxx *.hpp +types = text/x-c text/x-c++ command = include-what-you-use {file} [flawfinder] apt = flawfinder +# see maybe_process_file and c_extensions in the flawfinder script in flawfinder +# TODO: update it before releases: +# sed -n '/^c_extensions/,/ *}$/p' /usr/bin/flawfinder | sed "s/ *: *1 *,*/ /g;s/#.*//;s/'//g;s/\./*./g;s/ \+/ /g;s/.*[{}]//;s/\(.*\)/\L\1/;s/ *$//" +files = + *.c *.h + *.ec *.ecp + *.pgc + *.cpp *.cxx *.cc + *.cc *.c++ + *.pcc + *.hpp command = flawfinder -Q -c . [pmccabe] +flags = complexity apt = pmccabe -match = +files = *.c *.cc *.cxx *.cpp *.h *.hh *.hxx *.hpp +types = text/x-c text/x-c++ command = pmccabe {files} | sort -nr [clang-check] -flags = todo +flags = manual apt = clang -match = +files = *.c *.cc *.cxx *.cpp *.h *.hh *.hxx *.hpp +types = text/x-c text/x-c++ comment = + because it can't be automatically run from `find -exec` due to the requirement for -- Please consider checking your code with clang-check: - http://clang.llvm.org/extra/clang-tidy.html -command = echo clang-check {files} -- + http://clang.llvm.org/docs/ClangCheck.html +command = clang-check -- [clang-tidy] -flags = todo +flags = manual apt = clang-tidy -match = +files = *.c *.cc *.cxx *.cpp *.h *.hh *.hxx *.hpp -command = echo clang-tidy {files} -- +types = text/x-c text/x-c++ +command = clang-tidy -- +comment = because it can't be automatically run from `find -exec` due to the requirement for -- [m64-m32] -match = +files = *.c *.cc *.cxx *.cpp *.h *.hh *.hxx *.hpp +types = text/x-c text/x-c++ comment = You should almost never use -m64 and -m32 when compiling. command = grep -rE -- '-m64|-m32' . @@ -70,15 +101,32 @@ flags = todo comment = https://github.com/myint/cppclean/ +[complexity] +flags = complexity +apt = complexity +files = *.c +types = text/x-c +command = complexity {files} + +[kwstyle] +flags = manual +apt = kwstyle +files = + *.c *.cc *.cxx *.cpp + *.h *.hh *.hxx *.hpp +comment = + Please consider checking your code with KWStyle: + https://kitware.github.io/KWStyle/resources/documentation.html +command = KWStyle -R -d . + # TODO: pscan # TODO: adlint # TODO: sparse +# TODO: http://repo.or.cz/w/smatch.git # TODO: splint -# TODO: kwstyle # TODO: frama-c # TODO: scan-build # TODO: abi-compliance-checker -# TODO: complexity #781946 # TODO: http://oclint.org/ # TODO: http://saturn.stanford.edu/ # TODO: https://scan.coverity.com/ @@ -89,6 +137,7 @@ # TODO: https://code.google.com/p/checkheaders/ https://github.com/cristeab/checkheaders # TODO: https://github.com/danmar/ublinter # TODO: https://quickgit.kde.org/?p=clazy.git +# TODO: http://trust-in-soft.com/tis-interpreter/ # TODO: shell metacharacter injection: g_spawn_command_line* system popen # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/chef check-all-the-things-2016.06.29.1~16.04.1/data/chef --- check-all-the-things-2015.12.10ubuntu2/data/chef 2015-09-02 14:19:16.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/chef 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,8 @@ -# TODO: foodcritic +[foodcritic] +flags = todo cfg-mgmt +comment = lots of false positives due to *.rb being Chef files and also Ruby files +apt = foodcritic +files = *.rb +command = foodcritic . + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/cil check-all-the-things-2016.06.29.1~16.04.1/data/cil --- check-all-the-things-2015.12.10ubuntu2/data/cil 2015-11-05 07:55:51.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/cil 2016-06-29 11:17:07.000000000 +0200 @@ -2,3 +2,5 @@ flags = todo apt = gendarme comment = gendarme ... + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/cmake check-all-the-things-2016.06.29.1~16.04.1/data/cmake --- check-all-the-things-2015.12.10ubuntu2/data/cmake 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/cmake 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: any checks? + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/collada check-all-the-things-2016.06.29.1~16.04.1/data/collada --- check-all-the-things-2015.12.10ubuntu2/data/collada 2014-08-30 01:40:17.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/collada 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,8 @@ -# TODO: opencollada-tools #694932 OpenCOLLADAValidator +[opencolladavalidator] +flags = fixme +apt = opencollada-tools +files = *.dae +comment = Remove the grep when #808796 is fixed +command = opencolladavalidator {file} | grep -v '" is valid against the COLLADA [0-9.]\+ schema\.$' + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/compression check-all-the-things-2016.06.29.1~16.04.1/data/compression --- check-all-the-things-2015.12.10ubuntu2/data/compression 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/compression 2016-06-29 11:17:07.000000000 +0200 @@ -1,60 +1,115 @@ [gzip-test] -match = *.gz *.tgz +files = *.gz *.tgz +types = application/gzip command = gzip --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer [bzip2-test] apt = bzip2 -match = *.bz2 *.tbz +files = *.bz2 *.tbz +types = application/x-bzip2 command = bzip2 --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer [xz-test] apt = xz-utils -match = *.xz *.txz +files = *.xz *.txz +types = application/x-xz command = xz --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer [lzma-test] apt = xz-utils -match = *.lzma +files = *.lzma +types = application/x-lzma command = lzma --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer [lzo-test] apt = lzop -match = *.lzo +files = *.lzo command = lzop --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer [lzip-test] apt = lzip -match = *.lzip +files = *.lzip +types = application/x-lzip command = lzip --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer [unzip-test] apt = unzip # Extension list from the File Formats wiki: # http://fileformats.archiveteam.org/wiki/Category:ZIP_based_file_formats -match = - *.zip - *.jar *.apk *.xpi *.ipa *.sb2 *.pk3 *.wz *.love - *.docx *.xlsx *.pptx *.xlsb +# TODO: update it before releases: +# echo ' *.xpi *.sb2 *.pk3 *.wz *.love' +# curl -s http://fileformats.archiveteam.org/wiki/Category:ZIP_based_file_formats | +# sed -n '/ bodycontent/,/\/bodycontent/p' | +# sed -n 's_.*\(/wiki/[^"]*\).*_\1_p' | +# xargs -n1 -i_ curl -s 'http://fileformats.archiveteam.org_?action=raw' | +# grep extensions= | +# sed 's_| *extensions *= *_ _;s_{{ext|\([^}]*\)}} *,* *_*.\1 _g;s_others__;s/ *$//' +files = + *.xpi *.sb2 *.pk3 *.wz *.love + *.apk + *.cbz *.cbr *.cbt *.cba *.cb7 + *.epub + *.docx + *.epub + *.folio + *.ggb + *.it *.itbz *.itgz *.itr *.itz + *.ipa + *.jar *.j + *.cel *.kcf + *.kra + *.maff + *.docx *.xlsx *.pptx + *.ofip *.odm *.odt *.ods *.odg *.odp *.odc *.odi *.odf *.odb *.ott *.ots *.otg *.otp *.otc *.oti *.otf *.oth *.fodt *.fods *.fodg *.fodp - *.ggb *.maff *.cbz *.ora - *.epub *.oxps *.xps + *.odg *.fodg *.otg + *.odp *.fodp *.otp + *.ods *.fods *.ots + *.odt *.fodt *.ott + *.ora + *.oxps *.xps *.otx *.pkpass - *.itz + *.epub + *.exe others *.svx + *.sxd *.std + *.sxi *.sti + *.sxw + *.xlsb + *.xlsx + *.zip +types = application/zip command = unzip -q -t {file} | grep -v '^No errors detected in compressed data of ' -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer [7z-test] apt = p7zip -match = *.7z +files = *.7z +types = application/x-7z-compressed command = 7zr t {file} | grep --perl-regexp --null-data --only-matching '(?s)Processing archive: .*\n\nError[^\n]*' | tr -s '\n' -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer + +[rzip-test] +flags = todo +comment = the --test argument is not supported and runzip -o /dev/null gives an error +apt = rzip +files = *.rz +command = rzip --test {files} +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer + +[lrzip-test] +flags = todo +comment = All the tests I did killed my computer +apt = lrzip +files = *.lrz +command = lrzip --test {files} +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/cruft check-all-the-things-2016.06.29.1~16.04.1/data/cruft --- check-all-the-things-2015.12.10ubuntu2/data/cruft 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/cruft 2016-06-29 11:17:03.000000000 +0200 @@ -1,9 +1,9 @@ [paypal-logo] -match = *paypal*.png *paypal*.gif +files = *paypal*.png *paypal*.gif command = ls {files} [flattr-logo] -match = *flattr*.png *flattr*.gif +files = *flattr*.png *flattr*.gif command = ls {files} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/css check-all-the-things-2016.06.29.1~16.04.1/data/css --- check-all-the-things-2015.12.10ubuntu2/data/css 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/css 2016-06-29 11:17:07.000000000 +0200 @@ -1,4 +1,11 @@ -# TODO: csslint +[csslint-libcroco] +apt = libcroco-tools +files = *.css +command = csslint-0.6 {file} > /dev/null + +# TODO: https://github.com/CSSLint/csslint # TODO: https://github.com/sasstools/sass-lint # TODO: https://github.com/brigade/scss-lint/ # TODO: https://github.com/rtfpessoa/lesslinter + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/dart check-all-the-things-2016.06.29.1~16.04.1/data/dart --- check-all-the-things-2015.12.10ubuntu2/data/dart 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/dart 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: shell metacharacter injection: Process runInShell parameter + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/debian check-all-the-things-2016.06.29.1~16.04.1/data/debian --- check-all-the-things-2015.12.10ubuntu2/data/debian 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/debian 2016-06-29 13:08:40.000000000 +0200 @@ -1,42 +1,58 @@ [cme-check-dpkg] +flags = perl-bug-588017 apt = cme | libconfig-model-perl (<< 2.063), libconfig-model-dpkg-perl -match = ./debian/control ./debian/copyright +files = ./debian/control ./debian/copyright command = cme check dpkg +[scan-copyrights] +flags = todo perl-bug-588017 +comment = needs testing +apt = libconfig-model-dpkg-perl +command = scan-copyrights + [uscan] -apt = devscripts -match = ./debian/watch +apt = devscripts, libwww-perl +files = ./debian/watch command = uscan --report-status --no-verbose -flags = network +flags = network perl-bug-588017 [chk-origtargz] flags = todo network -apt = devscripts -match = ./debian/watch +apt = devscripts, libwww-perl +files = ./debian/watch comment = not yet implemented but checkorig would be like this: tmp=$(mktemp -d) - uscan --download-current-version --destdir $tmp + env PERL5OPT=-m-lib=. uscan --download-current-version --destdir $tmp diffoscope/tardiff/cmp ../*.orig.* $tmp/* rm -rf $tmp [duck] apt = duck -match = ./debian/control ./debian/upstream ./debian/upstream-metadata.yaml ./debian/upstream/metadata ./debian/copyright +files = ./debian/control ./debian/upstream ./debian/upstream-metadata.yaml ./debian/upstream/metadata ./debian/copyright command = duck -flags = network +flags = network perl-bug-588017 [lintian] +flags = package perl-bug-588017 apt = lintian -match = ../*.changes ../*.deb ../*.dsc +files = ./debian/changelog +command = lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto + +[lintian-curdir] +flags = package perl-bug-588017 +apt = lintian +files = *.changes *.deb *.dsc +types = application/vnd.debian.binary-package command = lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto {files} -# TODO: re-enable if the package is ever revived -# TODO: see #768988 and #778796 -#[lintian4python] -#apt = lintian4python -#match = ../*.changes ../*.deb ../*.dsc -#command = lintian4py {files} +[lintian4python] +flags = todo package python perl-bug-588017 +comment = re-enable if the package is ever revived, see #768988 and #778796 +apt = lintian4python +files = ../*.changes ../*.deb ../*.dsc *.changes *.deb *.dsc +types = application/vnd.debian.binary-package +command = lintian4py {files} [upstream-metadata] command = @@ -45,8 +61,55 @@ ! test -e debian/upstream/metadata && echo 'Please add some upstream metadata: https://wiki.debian.org/UpstreamMetadata' +[wrap-and-sort] +flags = modify +apt = devscripts +# Only need to match debian/control as it is always present +# alongside any of the files supported by wrap-and-sort +files = ./debian/control +command = wrap-and-sort --short-indent --wrap-always --sort-binary-packages --trailing-comma --verbose +comment = + wrap-and-sort always modifies files in the source tree (#808574) + wrap-and-sort makes VCS diffs of package info easier to read + +[license-reconcile] +flags = copyright perl-bug-588017 +apt = license-reconcile +files = ./debian/copyright +command = license-reconcile + +[debmake-k] +flags = copyright +apt = debmake +files = ./debian/copyright +command = debmake -k + +[licensecheck2dep5] +flags = copyright todo perl-bug-588017 +comment = Doesn't yet work from within cats +apt = cdbs +files = ./debian/copyright +command = diff -u <(licensecheck --copyright --recursive --check=. | /usr/lib/cdbs/licensecheck2dep5) debian/copyright + +[autodep8] +flags = test +apt = autodep8 +files = ./debian/control +command = autodep8 +comment = + To automatically test the installed packages, + place this in debian/tests/control: + +[debian-tracker] +flags = todo +comment = + First the tracker.d.o API needs to be added (#824912) + Then the pts-actions script needs adding to devscripts +apt = devscripts +files = ./debian/control +command = pts-actions + # TODO: dep11-tools -# TODO: spellintian # TODO: i18n # TODO: vcswatch # TODO: screenshot @@ -84,8 +147,6 @@ # TODO: grep-excuses -w # TODO: autopkgtest/sadt # TODO: pkg-perl-tools lintian -# TODO: license-reconcile -# TODO: scan-copyright # TODO: apt Apt::Get::AllowUnauthenticated=true and --force-yes # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/desktop check-all-the-things-2016.06.29.1~16.04.1/data/desktop --- check-all-the-things-2015.12.10ubuntu2/data/desktop 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/desktop 2016-06-29 11:17:03.000000000 +0200 @@ -1,6 +1,6 @@ [desktop-file-validate] apt = desktop-file-utils -match = *.desktop +files = *.desktop command = desktop-file-validate {file} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/django check-all-the-things-2016.06.29.1~16.04.1/data/django --- check-all-the-things-2015.12.10ubuntu2/data/django 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/django 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: https://chris-lamb.co.uk/projects/django-template-tests + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/docker check-all-the-things-2016.06.29.1~16.04.1/data/docker --- check-all-the-things-2015.12.10ubuntu2/data/docker 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/docker 2016-06-29 11:17:07.000000000 +0200 @@ -0,0 +1,3 @@ +# TODO: https://github.com/lukasmartinelli/hadolint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/elf check-all-the-things-2016.06.29.1~16.04.1/data/elf --- check-all-the-things-2015.12.10ubuntu2/data/elf 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/elf 2016-06-29 11:17:07.000000000 +0200 @@ -1,11 +1,50 @@ [bfbtester] comment = Dangerous because it executes binaries apt = bfbtester -match = ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* -command = bfbtester -x{njobs} -a {files} +files = ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* +types = application/x-executable +command = bfbtester -x{njobs} -a -t {files} flags = dangerous -# TODO: lockdep +[lockdep] +flags = dangerous manual +apt = lockdep +files = ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* +types = application/x-executable +comment = + Please test any installed pthread-using programs using lockdep + Dangerous because it executes binaries +command = lockdep {files} + +[zzuf] +flags = dangerous manual fuzz +apt = zzuf +files = + *./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* + *.c *.cc *.cxx *.cpp +comment = + Please fuzz test any installed programs using zzuf + Dangerous because it executes binaries +command = zzuf command args + +[afl] +flags = dangerous manual fuzz +apt = afl +files = + *./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* + *.c *.cc *.cxx *.cpp +comment = + Please fuzz test any installed programs using American fuzzy lop + Dangerous because it executes binaries +command = CC=afl-gcc CXX=afl-g++ ./configure ; make clean all ; afl-fuzz -i testcases -o findings command -arg @@ + +[hardening-check] +apt = hardening-includes +files = ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* + ./debian/*/lib/lib*.so* ./debian/*/lib/*/lib*.so* ./debian/*/usr/lib/lib*.so* ./debian/*/usr/lib/*/lib*.so* +flags = perl-bug-588017 +command = hardening-check --quiet {files} + # TODO: abigail-tools # TODO: icheck # TODO: abicheck @@ -16,3 +55,5 @@ # TODO: https://www.gnu.org/software/libc/manual/html_node/Heap-Consistency-Checking.html # TODO: http://udrepper.livejournal.com/11429.html # TODO: MALLOC_CHECK_=2 MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/encoding check-all-the-things-2016.06.29.1~16.04.1/data/encoding --- check-all-the-things-2015.12.10ubuntu2/data/encoding 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/encoding 2016-06-29 11:17:07.000000000 +0200 @@ -1,4 +1,6 @@ [uu-test] apt = sharutils -match = *.uue *.uu *.enc +files = *.uue *.uu *.enc command = uudecode -o /dev/null + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/english check-all-the-things-2016.06.29.1~16.04.1/data/english --- check-all-the-things-2015.12.10ubuntu2/data/english 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/english 2016-06-29 11:17:07.000000000 +0200 @@ -0,0 +1,36 @@ +[codespell] +flags = spelling fixme +apt = codespell +command = codespell --quiet-level=3 +comment = + Additional codespell dictionaries need packaging: + https://github.com/orbitcowboy/codespell_dictionary + +[sourcecode-spellchecker] +flags = todo spelling +comment = CPAN Sourcecode::Spellchecker + +[spellintian] +flags = spelling perl-bug-588017 +apt = lintian +not-dirs = + .bzr .git .hg .svn CVS RCS SCCS _MTN _darcs .pc + .cabal-sandbox .cdv .metadata CMakeFiles _build + _sgbak autom4te.cache blib cover_db node_modules + ~.dep ~.dot ~.nib ~.plst +not-files = + *.bak *.swp #.* #*# core.* *~ + *.gif *.jpg *.jpeg *.png + *.min.js *.js.map *.js.min + *.min.css *.css.map *.css.min +types = text/plain +command = spellintian --picky {files} + +# TODO: diction +# TODO: python3-proselint +# TODO: https://jwilk.net/software/mwic +# TODO: https://www.cs.umd.edu/~nspring/software/style-check-readme.html +# TODO: https://github.com/btford/write-good +# TODO: https://www.languagetool.org/ #403619 + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/epub check-all-the-things-2016.06.29.1~16.04.1/data/epub --- check-all-the-things-2015.12.10ubuntu2/data/epub 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/epub 2016-06-29 11:17:07.000000000 +0200 @@ -1,8 +1,13 @@ [epubcheck] apt = epubcheck -match = *.epub +files = *.epub +types = application/epub+zip command = epubcheck --quiet {file} | egrep -v '^(Check finished with warnings or errors| *)$' -# TODO: flightcrew +[flightcrew] +apt = flightcrew +files = *.epub +types = application/epub+zip +command = flightcrew-cli {files} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/erlang check-all-the-things-2016.06.29.1~16.04.1/data/erlang --- check-all-the-things-2015.12.10ubuntu2/data/erlang 2015-11-08 16:13:49.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/erlang 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,16 @@ -# TODO: shell metacharacter injection: os:cmd erlang:open_port +[erlang-shell-inject] +files = *.erl +comment = These calls are potentially vulnerable to shell metacharacter injection +command = grep -EC2 'cmd|open_port' {files} + +[erl-tidy] +apt = erlang-syntax-tools, erlang-base +files = *.erl +command = erl -noshell -eval 'erl_tidy:dir(".", [{test, true}, {verbose, false}]).' -s init stop + +[erlang-elvis] +flags = todo +files = *.erl +comment = https://github.com/inaka/elvis + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/fits check-all-the-things-2016.06.29.1~16.04.1/data/fits --- check-all-the-things-2015.12.10ubuntu2/data/fits 2014-06-10 04:08:25.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/fits 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: pyfits-utils + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/fonts check-all-the-things-2016.06.29.1~16.04.1/data/fonts --- check-all-the-things-2015.12.10ubuntu2/data/fonts 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/fonts 2016-06-29 11:17:07.000000000 +0200 @@ -1,27 +1,32 @@ [fontlint] -apt = fontforge-nox -match = *.ttf *.otf *.sfd *.pfa *.pfb *.bdf *.pk *.ttc *.pcf +apt = fontforge-nox | fontforge +files = *.ttf *.otf *.woff *.sfd *.pfa *.pfb *.bdf *.pk *.ttc *.pcf +types = application/x-font-ttf application/vnd.ms-opentype command = fontlint {file} [ftvalid] apt = freetype2-demos -match = *.ttf *.otf +files = *.ttf *.otf +types = application/x-font-ttf application/vnd.ms-opentype command = ftvalid {file} [ftlint] apt = freetype2-demos -match = *.ttf *.otf +files = *.ttf *.otf +types = application/x-font-ttf application/vnd.ms-opentype command = ftlint 16 {files} | grep -v ': OK\.$' -[embedding-restrictions] -flags = todo -apt = python-fontforge -comment = - Fonts in main should not have embedding restriction bits: - python -c '0 != fontforge.open(f).os2_fstype' +[font-embedding-restrictions] +apt = python, python-fontforge, python-debian +files = *.ttf *.otf *.sfd *.pfa *.pfb *.bdf *.pk *.ttc *.pcf +command = check-font-embedding-restrictions {files} [font-validator] flags = todo comment = https://github.com/Microsoft/Font-Validator +[opentype-sanitiser] +flags = todo +comment = opentype-sanitiser RFP #817031 https://github.com/khaledhosny/ots + # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/gettext check-all-the-things-2016.06.29.1~16.04.1/data/gettext --- check-all-the-things-2015.12.10ubuntu2/data/gettext 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/gettext 2016-06-29 11:17:07.000000000 +0200 @@ -1,22 +1,27 @@ [msgfmt-check] apt = gettext -match = *.po *.pot +files = *.po *.pot +types = text/x-po command = msgfmt --check --check-compatibility --check-accelerators --output-file=/dev/null {file} [gettext-lint-checker] apt = gettext-lint -match = *.po *.pot +files = *.po *.pot +types = text/x-po command = POFileChecker {files} [gettext-lint-spell] +flags = spelling apt = gettext-lint -match = *.po *.pot +files = *.po *.pot +types = text/x-po command = POFileSpell {files} [i18nspector] apt = i18nspector -match = *.po *.pot *.mo *.gmo -command = i18nspector {files} +files = *.po *.pot *.mo *.gmo +types = text/x-po +command = i18nspector --jobs {njobs} {files} [acheck] flags = todo diff -Nru check-all-the-things-2015.12.10ubuntu2/data/go check-all-the-things-2016.06.29.1~16.04.1/data/go --- check-all-the-things-2015.12.10ubuntu2/data/go 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/go 2016-06-29 11:17:07.000000000 +0200 @@ -1,14 +1,16 @@ [gofmt] apt = golang-go -match = *.go +files = *.go command = gofmt -l {files} [go-generate] comment = Please ensure that the files generated by go generate are rebuilt at build time. -match = *.go +files = *.go command = grep go:generate {files} # TODO: govet # TODO: golint #799169 # TODO: https://github.com/dvyukov/go-fuzz#go-fuzz-randomized-testing-for-go # TODO: http://0xdabbad00.com/2015/04/12/looking_for_security_trouble_spots_in_go_code/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/haskell check-all-the-things-2016.06.29.1~16.04.1/data/haskell --- check-all-the-things-2015.12.10ubuntu2/data/haskell 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/haskell 2016-06-29 11:17:07.000000000 +0200 @@ -1,19 +1,28 @@ [hlint] apt = hlint +files = *.hs command = hlint . [cabal] apt = cabal-install -match = *.cabal +files = *.cabal command = cabal check [ghc-mod-lint] apt = ghc-mod -match = *.hs -not-match = HLint.hs Setup.hs +files = *.hs +not-files = HLint.hs Setup.hs command = ghc-mod lint {file} +[stylish-haskell] +flags = modify fixme style +apt = stylish-haskell +files = *.hs +command = stylish-haskell --inplace {files} +comment = + A dry-run option is needed to not modify files: + https://github.com/jaspervdj/stylish-haskell/issues/107 + # TODO: shell metacharacter injection: createProcess shell system runCommand runInteractiveCommand from System.Process/System.Cmd -# TODO: https://hackage.haskell.org/package/stylish-haskell # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/html check-all-the-things-2016.06.29.1~16.04.1/data/html --- check-all-the-things-2015.12.10ubuntu2/data/html 2014-06-10 04:08:25.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/html 2016-06-29 11:17:07.000000000 +0200 @@ -5,3 +5,5 @@ # TODO: w3c-linkchecker # TODO: wdg-html-validator # TODO: tidy + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/java check-all-the-things-2016.06.29.1~16.04.1/data/java --- check-all-the-things-2015.12.10ubuntu2/data/java 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/java 2016-06-29 11:17:07.000000000 +0200 @@ -1,4 +1,6 @@ [jlint] +flags = todo +comment = re-enable if it enters Debian again (#811366) apt = jlint command = jlint.sh 2>&1 | fgrep -v 'Verification completed: 0 reported messages.' @@ -8,6 +10,8 @@ # TODO: https://sable.github.io/soot/ # TODO: https://code.google.com/p/error-prone/ # TODO: japi-compliance-checker +# TODO: http://www.opal-project.de/tools/bugpicker/ +# TODO: http://javalib.gforge.inria.fr/Nit.html # TODO: shell metacharacter injection: Runtime.getRuntime().exec() # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/javascript check-all-the-things-2016.06.29.1~16.04.1/data/javascript --- check-all-the-things-2015.12.10ubuntu2/data/javascript 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/javascript 2016-06-29 11:17:07.000000000 +0200 @@ -1,13 +1,20 @@ [js-standard] -flags = todo -match = *.js +flags = todo style +files = *.js comment = https://github.com/feross/standard [js-modern-standard] -flags = todo -match = *.js +flags = todo style +files = *.js comment = https://github.com/modern-standard/modern-standard +[librejs-cli] +flags = todo copyright +comment = librejs-cli is not yet packaged (#820166) +apt = librejs-cli +files = *.js +command = librejs-cli {files} + # TODO: coffeelint # TODO: pylama #779449 # TODO: https://github.com/jscs-dev/node-jscs @@ -24,3 +31,5 @@ # TODO: closure-linter # TODO: shell metacharacter injection: child_process.exec() # TODO: https://github.com/MozillaSecurity/funfuzz/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/jpeg check-all-the-things-2016.06.29.1~16.04.1/data/jpeg --- check-all-the-things-2015.12.10ubuntu2/data/jpeg 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/jpeg 2016-06-29 11:17:07.000000000 +0200 @@ -1,9 +1,11 @@ [jpeginfo] -groups = images +flags = images apt = jpeginfo -match = *.jpg *.jpeg +files = *.jpg *.jpeg +types = image/jpeg command = jpeginfo --check --quiet {files} | fgrep -v '[OK]' # TODO: identify -verbose {file} | grep -i copyright && echo {file} +# TODO: jpegoptim # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/jpeg2000 check-all-the-things-2016.06.29.1~16.04.1/data/jpeg2000 --- check-all-the-things-2015.12.10ubuntu2/data/jpeg2000 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/jpeg2000 2016-06-29 11:17:07.000000000 +0200 @@ -1,7 +1,8 @@ [jpylyzer] -groups = images +flags = images apt = python-jpylyzer, libxml2-utils -match = *.jp2 *.j2k *.jpf *.jpx *.jpm *.mj2 +files = *.jp2 *.j2k *.jpf *.jpx *.jpm *.mj2 +types = image/jp2 command = jpylyzer --wrapper {files} | xmllint --format - | egrep 'fileName|isValid' | tr -d \\n | sed 's__&\n_g;s_ *__g;s_ *__g;s__ _g;s_False_is an invalid JPEG2000 file_g' | sed '/True *$/d' # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/json check-all-the-things-2016.06.29.1~16.04.1/data/json --- check-all-the-things-2015.12.10ubuntu2/data/json 2015-08-11 11:38:52.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/json 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,11 @@ -# TODO: jsonlint/python-demjson +[jsonlint-py3] +apt = python3-demjson +files = *.json +command = jsonlint-py3 {files} | grep -v ': ok$' + +[jsonlint-php] +apt = jsonlint +files = *.json +command = jsonlint-php {file} | grep -v '^Valid JSON$' + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/lisp check-all-the-things-2016.06.29.1~16.04.1/data/lisp --- check-all-the-things-2015.12.10ubuntu2/data/lisp 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/lisp 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,5 @@ -# TODO: any checks? +[lisp-critic] +flags = todo +comment = https://github.com/g000001/lisp-critic + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/lua check-all-the-things-2016.06.29.1~16.04.1/data/lua --- check-all-the-things-2015.12.10ubuntu2/data/lua 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/lua 2016-06-29 11:17:07.000000000 +0200 @@ -1,6 +1,10 @@ [luacheck] apt = lua-check -match = *.lua +files = *.lua +flags = fixme command = luacheck -q . +comment = Needs to not print anything when no files/issues were found # TODO: http://lua-users.org/wiki/ProgramAnalysis + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/malware check-all-the-things-2016.06.29.1~16.04.1/data/malware --- check-all-the-things-2015.12.10ubuntu2/data/malware 2014-06-10 04:08:25.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/malware 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: clamav clamscan + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/markdown check-all-the-things-2016.06.29.1~16.04.1/data/markdown --- check-all-the-things-2015.12.10ubuntu2/data/markdown 2014-06-10 04:08:25.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/markdown 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: https://github.com/shurcooL/markdownfmt + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/misc check-all-the-things-2016.06.29.1~16.04.1/data/misc --- check-all-the-things-2015.12.10ubuntu2/data/misc 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/misc 2016-06-29 11:17:11.000000000 +0200 @@ -1,5 +1,6 @@ [licensecheck] -apt = devscripts +flags = copyright +apt = licensecheck | devscripts (<< 2.16.6~) command = licensecheck --check=. --recursive --copyright . # TODO: is --check=. reasonable? @@ -8,35 +9,29 @@ command = suspicious-source [licensecheck-generated-files] -apt = devscripts -command = licensecheck --check=. --recursive --copyright . | grep -F 'GENERATED FILE' +apt = licensecheck | devscripts (<< 2.16.6~) +command = licensecheck --check=. --recursive --copyright . | grep --text -F 'GENERATED FILE' [licensecheck-incorrect-fsf-address] -apt = devscripts -command = licensecheck --check=. --recursive --copyright . | grep -F 'with incorrect FSF address' - -[codespell] -apt = codespell -command = codespell --quiet-level=3 - -[sourcecode-spellchecker] -flags = todo -comment = CPAN Sourcecode::Spellchecker +apt = licensecheck | devscripts (<< 2.16.6~) +command = licensecheck --check=. --recursive --copyright . | grep --text -F 'with incorrect FSF address' [fdupes] apt = fdupes command = fdupes -q -r . | grep -vE '/(\.(git|svn|bzr|hg|sgdrawer)|_(darcs|FOSSIL_)|CVS)(/|$)' | cat -s [bitmap-multilayer] -groups = images +flags = images comment = Check with upstream where the GIMP XCF source files are. -match = *.png *.gif *.jpg *.jpeg +files = *.png *.gif *.jpg *.jpeg +types = image/* command = grep -iF gimp {files} [bitmap-vector] -groups = images +flags = images comment = Check with upstream where the Inkscape SVG source files are. -match = *.png *.gif *.jpg *.jpeg +files = *.png *.gif *.jpg *.jpeg +types = image/* command = grep -iF inkscape {files} [cpuinfo] @@ -45,59 +40,95 @@ [readme-install] comment = Users of binary packages do not need install instructions. -match = *README* -not-match = README.md README.install +files = *README* +not-files = README.md README.rst README.install command = grep --ignore-case --fixed-strings --with-filename install {files} -# TODO: not yet possible (#776559) -#[autoupdate] -#apt = autoconf, diffutils, diffstat -#match = configure.ac configure.in -#command = autoupdate --check +[autoupdate] +flags = modify +apt = autoconf +files = configure.ac configure.in +command = autoupdate +comment = Overwrites configure.ac (#776559) + +[autoscan] +flags = modify +apt = autoconf +files = configure.ac configure.in +command = autoscan +comment = Overwrites autom4te.cache/ autoscan.log configure.scan (#818572) [empty] command = find \( -name .git -o -name .svn -o -name .bzr -o -name CVS -o -name .hg -o -name _darcs -o -name _FOSSIL_ -o -name .sgdrawer \) -prune -o -empty -print [todo] -command = grep -riE 'fixme|todo|hack|xxx' . +command = grep -riE 'fixme|todo|hack|xxx+|broken' . [isutf8] apt = moreutils -# TODO: replace prune with --ignore option -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer -# TODO: replace not-match with recursive option (#780197) -not-match = +# TODO: replace not-dirs with --ignore option +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +flags = fixme +comment = A recursive option needs to be implemented (#780197) +not-files = *.blend - *.icns *.bmp *.ico *.png *.gif *.jpg *.jpeg *.tga *.xcf + *.icns *.bmp *.ico *.png *.gif *.jpg *.jpeg *.tga *.xcf *.tif *.tiff *.mo *.gmo *.gz *.bz2 *.xz *.lz *.zip *.tar *.deb *.pdf *.odt *.docx *.doc + *.chm *.torrent *.pyc *.pyo *.o *.so *.so.* *.debug - *.wav *.ogg *.oga *.ogv *.mid + *.wav *.ogg *.oga *.ogv *.mid *.mp3 *.flac *.ttf *.otf *.fon *.pgp *.gpg + *.dat +types = text/* command = isutf8 {files} [disabled-tests] command = grep -riEC1 '((check|test) *\|\| *true|-dh_auto_test)' . +[timeless] +comment = Prevents reproducible builds: https://reproducible-builds.org/ +command = grep -rE ' __DATE__|__TIME__|__TIMESTAMP__' . + +[project-flint] +flags = todo +comment = #809042 https://github.com/pengwynn/flint + +[http] +comment = check if these can be switched to https:// +command = grep -rF http: . + +[embed-readme] +flags = embed +files = *README* +comment = Please check if these README files belong to embedded code/data copies. +command = find -mindepth 2 -iname '*README*' + +[embed-dirs] +flags = embed +comment = Please check if these directories contain embedded code/data copies. +command = find -type d -name 'vendor*' -o -iname '*rd*party' -o -name contrib -o -name imports -o -name node_modules -o -iname external + +[mailto] +comment = As per RFC 6068, there should be no slashes after "mailto:". +command = grep -rF mailto:/ . + # TODO: EC2_SECRET_KEY # TODO: curl -k --insecure # TODO: wget --no-check-certificate # TODO: svn --trust-server-cert # TODO: bogomips -# TODO: diction # TODO: ripper #796920 # TODO: similarity-tester sim_text -# TODO: http://jwilk.net/software/mwic -# TODO: https://bitbucket.org/jwilk/spellintian -# TODO: https://www.cs.umd.edu/~nspring/software/style-check-readme.html # TODO: https://github.com/coala-analyzer/coala # TODO: https://github.com/nexB/scancode-toolkit/ # TODO: https://github.com/jeremylong/DependencyCheck/ # TODO: http://www.coding-guidelines.com/numbers/ # TODO: ebnflint # TODO: http://fbinfer.com/ #789059 +# TODO: https://github.com/facebook/pfff/wiki/Scheck # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/mp3 check-all-the-things-2016.06.29.1~16.04.1/data/mp3 --- check-all-the-things-2015.12.10ubuntu2/data/mp3 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/mp3 2016-06-29 11:17:07.000000000 +0200 @@ -1,20 +1,23 @@ [mp3check] -groups = audio +flags = audio apt = mp3check -match = *.mp3 +files = *.mp3 +types = audio/mpeg command = mp3check --error-check --anomaly-check {files} -# TODO: re-enable if it enters Debian again (#673319) -#[checkmp3] -#groups = audio -#apt = checkmp3 -#match = *.mp3 -#command = checkmp3 {files} +[checkmp3] +flags = todo audio +comment = re-enable if it enters Debian again (#673319) +apt = checkmp3 +files = *.mp3 +types = audio/mpeg +command = checkmp3 {files} [mp3val] -groups = audio +flags = audio apt = mp3val -match = *.mp3 +files = *.mp3 +types = audio/mpeg command = mp3val {files} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/objc check-all-the-things-2016.06.29.1~16.04.1/data/objc --- check-all-the-things-2015.12.10ubuntu2/data/objc 2015-11-08 16:13:49.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/objc 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: any checks? + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/ocaml check-all-the-things-2016.06.29.1~16.04.1/data/ocaml --- check-all-the-things-2015.12.10ubuntu2/data/ocaml 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/ocaml 2016-06-29 11:17:11.000000000 +0200 @@ -1,6 +1,21 @@ [ocaml-lintian] +flags = perl-bug-588017 apt = dh-ocaml, ocaml-nox -match = *.cma +files = *.cma command = ocaml-lintian {files} -# TODO: shell metacharacter injection: system open_process open_process_in open_process_out open_process_full +[ocaml-shell-injection] +files = *.ml +comment = These calls are potentially vulnerable to shell metacharacter injection +command = grep -E 'Unix\.(system|open_process(|_in|_out|_full))' {files} + +[ocaml-unsafe-features] +apt = ocaml-nox +files = *.cmi *.cmo *.cma *.cmx *.cmxa *.cmxs +command = ocamlobjinfo {file} | grep -E '^(File |Uses unsafe features: YES)' | perl -nle 'print "$prev\n$_" if /^Uses / and $prev =~ /^File /; $prev=$_' + +# TODO: unsafe language features: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702349#24 +# asked about on #ocaml and here: <1452740997.2807.5.camel@debian.org> +# TODO: http://mascot.x9c.fr/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/ogg check-all-the-things-2016.06.29.1~16.04.1/data/ogg --- check-all-the-things-2015.12.10ubuntu2/data/ogg 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/ogg 2016-06-29 11:17:07.000000000 +0200 @@ -1,13 +1,15 @@ [ogginfo] -groups = audio +flags = audio apt = vorbis-tools -match = *.ogg *.oga *.ogv +files = *.ogg *.oga *.ogv +types = audio/ogg video/ogg command = ogginfo -q {files} | grep -v '^Processing file ' | cat -s [oggz-validate] -groups = audio +flags = audio apt = oggz-tools -match = *.ogg *.oga *.ogv +files = *.ogg *.oga *.ogv +types = audio/ogg video/ogg command = oggz-validate {files} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/openpgp check-all-the-things-2016.06.29.1~16.04.1/data/openpgp --- check-all-the-things-2015.12.10ubuntu2/data/openpgp 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/openpgp 2016-06-29 11:17:07.000000000 +0200 @@ -1,15 +1,24 @@ [hokey-lint] -groups = keys +flags = keys apt = hopenpgp-tools -match = *.pgp *.gpg +files = *.pgp *.gpg +types = application/x-pgp-keyring command = cat {files} | hokey lint +comment = + If you contact the owners of these keys, please point out OpenPGP best practices: + https://help.riseup.net/en/security/message-security/openpgp/best-practices [hokey-lint-asc] -groups = keys +flags = keys apt = hopenpgp-tools -match = *.asc +files = *.asc command = cat {files} | hot dearmor | hokey lint +comment = + If you contact the owners of these keys, please point out OpenPGP best practices: + https://help.riseup.net/en/security/message-security/openpgp/best-practices [pgp-private-key] -groups = keys +flags = keys command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN PGP PRIVATE KEY BLOCK-----.*-----END PGP PRIVATE KEY BLOCK-----' . + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/opus check-all-the-things-2016.06.29.1~16.04.1/data/opus --- check-all-the-things-2015.12.10ubuntu2/data/opus 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/opus 2016-06-29 11:17:07.000000000 +0200 @@ -1,4 +1,6 @@ [opusinfo] apt = opus-tools -match = *.opus +files = *.opus command = opusinfo -q {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/overlay/debian/jessie/c check-all-the-things-2016.06.29.1~16.04.1/data/overlay/debian/jessie/c --- check-all-the-things-2015.12.10ubuntu2/data/overlay/debian/jessie/c 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/overlay/debian/jessie/c 2016-06-29 11:17:07.000000000 +0200 @@ -0,0 +1,11 @@ +[clang-modernize] +flags = modify +apt = clang-modernize-3.5 +files = + *.cc *.cxx *.cpp + *.hh *.hxx *.hpp +types = text/x-c text/x-c++ +comment = + Please consider modernizing your C++ code with clang-modernize: + http://clang.llvm.org/extra/clang-modernize.html +command = clang-modernize {files} diff -Nru check-all-the-things-2015.12.10ubuntu2/data/overlay/debian/jessie/gettext check-all-the-things-2016.06.29.1~16.04.1/data/overlay/debian/jessie/gettext --- check-all-the-things-2015.12.10ubuntu2/data/overlay/debian/jessie/gettext 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/overlay/debian/jessie/gettext 2016-06-29 11:17:07.000000000 +0200 @@ -0,0 +1,6 @@ +[i18nspector] +# Drop --jobs from the arguments since it gives an error: +# i18nspector: error: unrecognized arguments: --jobs=2 +command = i18nspector {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/pascal check-all-the-things-2016.06.29.1~16.04.1/data/pascal --- check-all-the-things-2015.12.10ubuntu2/data/pascal 2015-11-08 16:13:49.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/pascal 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: any checks? + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/pdf check-all-the-things-2016.06.29.1~16.04.1/data/pdf --- check-all-the-things-2015.12.10ubuntu2/data/pdf 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/pdf 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: http://slidelint.net/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/perl check-all-the-things-2016.06.29.1~16.04.1/data/perl --- check-all-the-things-2015.12.10ubuntu2/data/perl 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/perl 2016-06-29 11:17:07.000000000 +0200 @@ -1,19 +1,20 @@ [perl-syntax-check] apt = perl -match = *.pl *.pm +files = *.pl *.pm command = perl -wc {file} | grep -v ' syntax OK$' comment = Dangerous because it executes code in use statements and BEGIN, UNITCHECK and CHECK blocks flags = dangerous [perl-b-lint] apt = perl, libb-lint-perl -match = *.pl *.pm -prereq = perl -MO=Lint /dev/null +files = *.pl *.pm +prereq = perl -t -MO=Lint /dev/null command = perl -MO=Lint {file} | grep -v ' syntax OK$' comment = Dangerous because it executes code in use statements and BEGIN, UNITCHECK and CHECK blocks flags = dangerous [perlcritic] +flags = perl-bug-588017 apt = libperl-critic-perl command = perlcritic -1 . 2>&1 | grep -vF 'No perl files were found.' @@ -22,9 +23,15 @@ [podlint] apt = libpod-pom-perl -match = *.pl *.pm +files = *.pl *.pm command = podlint {file} +[cpants-lint] +flags = todo perl-bug-588017 +apt = cpants-lint +comment = It is not able to use the current dir instead of tarball (#823299) +command = cpants_lint + # TODO: pkg-perl-tools dpt-packagecheck check-build # TODO: perltidy # TODO: libperl-metrics-simple-perl diff -Nru check-all-the-things-2015.12.10ubuntu2/data/php check-all-the-things-2016.06.29.1~16.04.1/data/php --- check-all-the-things-2015.12.10ubuntu2/data/php 2016-03-23 02:18:56.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/php 2016-06-29 11:17:07.000000000 +0200 @@ -1,16 +1,19 @@ [php-syntax-check] -apt = php-cli -match = *.php* +apt = php-cli | php5-cli +files = *.php* +types = text/x-php command = php -l -f {file} [php-grinder] -match = *.php* +files = *.php* +types = text/x-php comment = You may want to submit your PHP code to http://php-grinder.com/ # TODO: pkg-php-tools pkgtools # TODO: php-codesniffer # TODO: pdepend # TODO: phpmd +# TODO: php7cc #820420 # TODO: https://github.com/wayfair/hussar # TODO: https://github.com/rlerdorf/phan # TODO: https://github.com/sebastianbergmann/phpcpd diff -Nru check-all-the-things-2015.12.10ubuntu2/data/png check-all-the-things-2016.06.29.1~16.04.1/data/png --- check-all-the-things-2015.12.10ubuntu2/data/png 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/png 2016-06-29 11:17:07.000000000 +0200 @@ -1,9 +1,11 @@ [pngcheck] -groups = images +flags = images apt = pngcheck -match = *.png +files = *.png +types = image/png command = pngcheck -q {files} # TODO: identify -verbose {file} | grep -i copyright && echo {file} +# TODO: pngcrush/optipng/advpng # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/puppet check-all-the-things-2016.06.29.1~16.04.1/data/puppet --- check-all-the-things-2015.12.10ubuntu2/data/puppet 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/puppet 2016-06-29 11:17:07.000000000 +0200 @@ -1,18 +1,17 @@ [puppet-lint] -groups = cfg-mgmt +flags = cfg-mgmt apt = puppet-lint -match = *.pp +files = *.pp command = puppet-lint {files} [puppet] -groups = cfg-mgmt +flags = cfg-mgmt apt = puppet -match = *.pp +files = *.pp command = puppet parser validate {files} [puppet-syntax] -groups = cfg-mgmt -flags = todo +flags = todo cfg-mgmt comment = ruby-puppet-syntax ITP #800400 # TODO: erb files? diff -Nru check-all-the-things-2015.12.10ubuntu2/data/python check-all-the-things-2016.06.29.1~16.04.1/data/python --- check-all-the-things-2015.12.10ubuntu2/data/python 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/python 2016-06-29 11:17:07.000000000 +0200 @@ -1,14 +1,21 @@ [pyflakes] apt = pyflakes -command = pyflakes . +files = *.py +types = text/x-python +command = pyflakes {files} [pyflakes3] -apt = pyflakes -command = pyflakes3 . +apt = pyflakes3 | pyflakes (<< 1.1.0-1) +files = *.py +types = text/x-python +command = pyflakes3 {files} [pep8] +flags = style apt = pep8 -command = pep8 --ignore W191 . +files = *.py +types = text/x-python +command = pep8 --ignore W191 {files} [site-packages] command = grep -rw site-packages . @@ -17,23 +24,36 @@ command = grep -rw PYTHONPATH . [environ-home] -match = *.py +files = *.py +types = text/x-python command = grep 'environ *\[.HOME.\]' {files} [yaml-load] -match = *.py +files = *.py +types = text/x-python +comment = These calls are potentially vulnerable to Python code injection command = grep -F 'yaml.load' {files} +[pylint] +apt = pylint +files = *.py +command = pylint --rcfile=/dev/null --msg-template='{{path}}:{{line}}:{{column}}: [{{category}}:{{symbol}}] {{obj}}: {{msg}}' --reports=n {files} + +[pylint3] +apt = pylint3 +files = *.py +command = pylint3 --rcfile=/dev/null --msg-template='{{path}}:{{line}}:{{column}}: [{{category}}:{{symbol}}] {{obj}}: {{msg}}' --reports=n {files} + # TODO: hacking # TODO: flake8 # TODO: pep257 -# TODO: pylint # TODO: pylint-django # TODO: frosted # TODO: pychecker # TODO: twistedchecker # TODO: pymetrics # TODO: dodgy +# TODO: mypy # TODO: prospector #781165 # TODO: pyroma #734121 # TODO: pylama #779449 @@ -42,10 +62,14 @@ # TODO: bandit #793007 # TODO: python-debtcollector # TODO: python-afl #792317 -# TODO: https://github.com/stackforge/bandit +# TODO: pycodestyle #816496 +# TODO: pydocstyle #816498 +# TODO: python3-requirements-detector # TODO: https://github.com/jlachowski/clonedigger # TODO: https://github.com/rubik/xenon -# TODO: https://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html +# TODO: https://gcc-python-plugin.readthedocs.io/en/latest/cpychecker.html +# TODO: http://jwilk.net/software/pydiatra # TODO: shell metacharacter injection: subprocess shell=True os.system os.popen popen2 commands +# TODO: https://github.com/google/pytype # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/rdf check-all-the-things-2016.06.29.1~16.04.1/data/rdf --- check-all-the-things-2015.12.10ubuntu2/data/rdf 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/rdf 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: raptor-utils/raptor2-utils rapper + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/rpm check-all-the-things-2016.06.29.1~16.04.1/data/rpm --- check-all-the-things-2015.12.10ubuntu2/data/rpm 2014-06-10 04:08:25.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/rpm 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,8 @@ -# TODO: rpmlint +[rpmlint] +flags = package +apt = rpmlint +files = *.rpm *.spec +types = application/x-rpm +command = rpmlint . + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/ruby check-all-the-things-2016.06.29.1~16.04.1/data/ruby --- check-all-the-things-2015.12.10ubuntu2/data/ruby 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/ruby 2016-06-29 11:17:07.000000000 +0200 @@ -1,8 +1,14 @@ # TODO: roodi # TODO: ruby-lint https://github.com/YorickPeterse/ruby-lint # TODO: rubocop #745423 +# TODO: ruby-reek +# TODO: http://ruby.sadi.st/ # TODO: bundler audit # TODO: https://github.com/presidentbeef/brakeman # TODO: disabling SSL: verify_mode = OpenSSL::SSL::VERIFY_NONE # TODO: shell metacharacter injection: exec system backticks IO.popen Open3.popen3 Open4.popen4 # TODO: http://guides.rubyonrails.org/security.html +# TODO: https://www.cs.berkeley.edu/~jnear/derailer/ +# TODO: https://www.cs.berkeley.edu/~jnear/space/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/rust check-all-the-things-2016.06.29.1~16.04.1/data/rust --- check-all-the-things-2015.12.10ubuntu2/data/rust 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/rust 2016-06-29 11:17:07.000000000 +0200 @@ -1,6 +1,8 @@ [rust-unsafe] -match = *.rs -command = grep unsafe {files} +files = *.rs +command = grep -w unsafe {files} # TODO: https://github.com/Manishearth/rust-clippy # TODO: https://github.com/Manishearth/rust-tenacious + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/sass check-all-the-things-2016.06.29.1~16.04.1/data/sass --- check-all-the-things-2015.12.10ubuntu2/data/sass 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/sass 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: sass-spec #779636 + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/scala check-all-the-things-2016.06.29.1~16.04.1/data/scala --- check-all-the-things-2015.12.10ubuntu2/data/scala 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/scala 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: https://github.com/scalastyle/scalastyle + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/sh check-all-the-things-2016.06.29.1~16.04.1/data/sh --- check-all-the-things-2015.12.10ubuntu2/data/sh 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/sh 2016-06-29 11:17:11.000000000 +0200 @@ -1,22 +1,28 @@ [sh-syntax-check] -match = *.sh +files = *.sh +types = text/x-shellscript command = sh -n {file} [checkbashisms] apt = devscripts -match = *.sh +files = *.sh +types = text/x-shellscript command = checkbashisms {files} [shellcheck] apt = shellcheck -match = *.sh *.bash *.zsh +files = *.sh *.bash *.zsh +types = text/x-shellscript command = shellcheck {files} [bashate] apt = python3-bashate | python-bashate -match = *.sh *.bash -command = bashate --ignore E002 {files} +files = *.sh *.bash +types = text/x-shellscript +command = bashate --ignore E002,E003 {files} +flags = style -# TODO: wget | sudo (ba|z|)sh +[web-to-shell] +command = grep -rE '(wget|curl).*\|( *sudo)? *(ba|z|)sh' . # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/ssh check-all-the-things-2016.06.29.1~16.04.1/data/ssh --- check-all-the-things-2015.12.10ubuntu2/data/ssh 2015-11-07 15:21:33.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/ssh 2016-06-29 11:17:07.000000000 +0200 @@ -1,11 +1,13 @@ [openssh-private-key] -groups = keys +flags = keys command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN OPENSSH PRIVATE KEY-----.*-----END OPENSSH PRIVATE KEY-----' . [ssh2-private-key] -groups = keys +flags = keys command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----.*---- END SSH2 ENCRYPTED PRIVATE KEY ----' . [ec-private-key] -groups = keys +flags = keys command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN EC PRIVATE KEY-----.*-----END EC PRIVATE KEY-----' . + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/swift check-all-the-things-2016.06.29.1~16.04.1/data/swift --- check-all-the-things-2015.12.10ubuntu2/data/swift 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/swift 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,4 @@ # TODO: https://tailor.sh/ +# TODO: https://github.com/realm/SwiftLint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/tex check-all-the-things-2016.06.29.1~16.04.1/data/tex --- check-all-the-things-2015.12.10ubuntu2/data/tex 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/tex 2016-06-29 11:17:07.000000000 +0200 @@ -1,11 +1,12 @@ [lacheck] apt = lacheck -match = *.tex +files = *.tex +types = text/x-tex command = lacheck {files} [lintex] apt = lintex -match = *.aux *.bbl *.blg *.dvi *.idx *.ilg *.ind *.lof *.log *.lot *.nav *.out *.pdf *.ps *.snm *.thm *.toc *.toc.old *.synctex.gz *.xyc +files = *.aux *.bbl *.blg *.dvi *.idx *.ilg *.ind *.lof *.log *.lot *.nav *.out *.pdf *.ps *.snm *.thm *.toc *.toc.old *.synctex.gz *.xyc command = lintex -r -o -p # TODO: chktex diff -Nru check-all-the-things-2015.12.10ubuntu2/data/text check-all-the-things-2016.06.29.1~16.04.1/data/text --- check-all-the-things-2015.12.10ubuntu2/data/text 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/text 2016-06-29 11:17:07.000000000 +0200 @@ -1,11 +1,13 @@ [rst-lint] flags = todo apt = python3-restructuredtext-lint | python-restructuredtext-lint -match = *.rst +files = *.rst comment = rst-lint {files} [doc8] flags = todo apt = python3-doc8 | python-doc8 -match = *.txt *.text *.rst +files = *.txt *.text *.rst comment = doc8 {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/vala check-all-the-things-2016.06.29.1~16.04.1/data/vala --- check-all-the-things-2015.12.10ubuntu2/data/vala 2015-11-08 16:13:49.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/vala 2016-06-29 11:17:07.000000000 +0200 @@ -1 +1,3 @@ # TODO: any checks? + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/vcs check-all-the-things-2016.06.29.1~16.04.1/data/vcs --- check-all-the-things-2015.12.10ubuntu2/data/vcs 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/data/vcs 2016-06-29 11:17:07.000000000 +0200 @@ -1,7 +1,9 @@ -# TODO: vcs-lint #677792 http://jmtd.net/software/vcs-lint/ https://lists.debian.org/20150310102557.GA32220@chew.redmars.org +# TODO: vcs-lint #677792 https://jmtd.net/software/vcs-lint/ https://lists.debian.org/20150310102557.GA32220@chew.redmars.org # TODO: git tags not pushed to all remotes # for remote in $(git remote) ; do comm -23 <(git tag | sort) <(git ls-remote --tags $remote | sed -n '/{}$/d; s:.*refs/tags/::p' | sort) ; done -# TODO: git commit/tag signing http://mikegerwitz.com/papers/git-horror-story +# TODO: git commit/tag signing https://mikegerwitz.com/papers/git-horror-story # TODO: git/etc fsck # TODO: mr status # TODO: gitrob https://github.com/michenriksen/gitrob + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/web check-all-the-things-2016.06.29.1~16.04.1/data/web --- check-all-the-things-2015.12.10ubuntu2/data/web 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/web 2016-06-29 11:17:07.000000000 +0200 @@ -0,0 +1,4 @@ +# TODO: https://github.com/GoogleChrome/lighthouse +# TODO: http://www.kryogenix.org/days/2016/06/02/programmatic-progressiveness/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/x509 check-all-the-things-2016.06.29.1~16.04.1/data/x509 --- check-all-the-things-2015.12.10ubuntu2/data/x509 2015-11-07 15:21:33.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/x509 2016-06-29 11:17:07.000000000 +0200 @@ -1,9 +1,18 @@ [rsa-private-key] -groups = keys +flags = keys command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN RSA PRIVATE KEY-----.*-----END RSA PRIVATE KEY-----' . [dsa-private-key] -groups = keys +flags = keys command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN DSA PRIVATE KEY-----.*-----END DSA PRIVATE KEY-----' . -# TODO: ssl-cert-check +[ssl-cert-check] +flags = keys +apt = ssl-cert-check +files = *.pem *.cert +command = ssl-cert-check -b -c {file} | grep -v -w Valid + +# TODO: https://github.com/kroeckx/x509lint +# TODO: https://github.com/awslabs/certlint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/xapian check-all-the-things-2016.06.29.1~16.04.1/data/xapian --- check-all-the-things-2015.12.10ubuntu2/data/xapian 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/xapian 2016-06-29 11:17:07.000000000 +0200 @@ -0,0 +1,7 @@ +[xapian-check] +flags = todo +comment = needs a way to find which dirs to check +apt = xapian-tools +command = xapian-check {dir} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/xml check-all-the-things-2016.06.29.1~16.04.1/data/xml --- check-all-the-things-2015.12.10ubuntu2/data/xml 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/xml 2016-06-29 11:17:07.000000000 +0200 @@ -1,6 +1,7 @@ [xmllint] apt = libxml2-utils -match = *.xml +files = *.xml +types = application/xml command = xmllint --noout --nonet {files} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/yaml check-all-the-things-2016.06.29.1~16.04.1/data/yaml --- check-all-the-things-2015.12.10ubuntu2/data/yaml 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/data/yaml 2016-06-29 11:17:07.000000000 +0200 @@ -0,0 +1,6 @@ +[yamllint] +apt = yamllint +files = *.yaml *.yml ./debian/upstream/metadata ./debian/upstream/edam +command = yamllint {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/changelog check-all-the-things-2016.06.29.1~16.04.1/debian/changelog --- check-all-the-things-2015.12.10ubuntu2/debian/changelog 2016-03-23 02:18:56.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/debian/changelog 2017-05-31 08:43:27.000000000 +0200 @@ -1,14 +1,114 @@ -check-all-the-things (2015.12.10ubuntu2) xenial; urgency=medium +check-all-the-things (2016.06.29.1~16.04.1) xenial; urgency=medium - * Update to PHP7.0 dependencies (LP: #1544352). + * SRU to Ubuntu 16.04, Fixing security issues (LP: #1597245) - -- Nishanth Aravamudan Tue, 22 Mar 2016 15:46:03 -0700 + -- Gianfranco Costamagna Wed, 31 May 2017 08:42:30 +0200 -check-all-the-things (2015.12.10ubuntu1) xenial; urgency=medium +check-all-the-things (2016.06.29.1) unstable; urgency=medium - * Remove references to clang-modernize. + * New release. + - The "Check A Few More Things Slightly More Securely" release + - More mitigations for Debian perl bug #588017 + - Fix dependencies for uscan based checks + + -- Paul Wise Wed, 29 Jun 2016 13:06:12 +0200 + +check-all-the-things (2016.06.29) unstable; urgency=medium + + * Upload to unstable + * New release. + - The "Check Some Things Slightly More Securely" release + - Warn that running cats in untrusted dirs could have consequences + - Does not enable checks with disabled flags unless choosing those flags + This prevents running dangerous checks with -f perl (Closes: #826089) + - Mitigate Debian perl bug #588017 by passing -m-lib=. to perl-based checks + This prevents perl-based commands from running code from the current dir + - Fix MIME support: disable MIME in commands when MIME is turned off + - Give an error with checks/flags options without check names + - Fixes crash when interrupting the first command that is run + - Fix checking prerequisites for "cat ... | foo" command-lines + - Update dependencies for licensecheck-based checks (see #828830, #828872) + - Disable KWStyle - should only be run manually + - Add clang-tidy - tidy C++ code using LLVM + - Add clang-check - check C++ code using LLVM + - Add clang-modernize (jessie-only) - modernize C++ code + - Add ocaml-unsafe-features - check compiled OCaml for unsafe features + + -- Paul Wise Wed, 29 Jun 2016 10:43:04 +0200 + +check-all-the-things (2016.06.25) experimental; urgency=medium + + * New release. + - The "Check A Bunch Of Things" release + - The official abbreviation is now cats. Meow! + - Bump Standards-Version, no changes needed + - Use https for Vcs-Git and other URLs + - Warn away the busy, lazy or noise intolerant + - Drop the separation between groups/flags + - Drop todo item deps down to Suggests + - Fix file matching in a number of cases + - Add argument completion for bash + - Add an indicator of the currently running command + - Add (slow) support for matching files based on MIME type (Closes: #791722) + - Add better advice for style/complexity/other checks + - Disable network checks when there is no default gateway + - Trim check output to 10 lines by default + - Support overlays for older distros + - Add 'modify' flag for commands that modify files and + thus should not be run by default + - Add 'manual' flag for commands that must be manually run + - Handle 'todo' flagged checks properly + - Show list of found file extensions that were not checked + - Rename final section to 'Remarks' since the name grew long + - Give an error when choosing unknown checks/flags + - Report when help is needed for some existing checks + - Match more ZIP-based files for the unzip-test check + - Document the use of usertags for this package + - Document places where more check tools can be found + - Add appstreamcli validate - check AppStream files + - Add appstream-util validate - check AppStream files + - Add bls-standalone - check build logs for issues + - Add build-log-static-library - warn against static linking + - Add complexity - check C code for function complexity + - Add kwstyle - check C code for style conformance + - Add opencolladavalidator - check COLLADA files + - Add csslint-0.6 - check CSS files + - Add wrap-and-sort - wrap and sort various debian/ files + - Add license-reconcile - check debian/copyright files + - Add debmake-k - check debian/copyright files + - Add autodep8 - check if DEP-8 tests can be created + - Add lockdep - check pthread-using programs + - Add zzuf - fuzz program input + - Add afl - intelligently fuzz program input + - Add hardening-check - check programs for hardening + - Add spellintian - check spelling using lintian dictionaries + - Add flightcrew - check epub e-book files + - Add erlang-shell-inject - check for Erlang shell metachar injection + - Add erl-tidy - check Erlang code + - Add font-embedding-restrictions - check TTF embedding restrictions + - Add two jsonlints - check JSON files + - Add autoupdate - update autotools files + - Add autoscan - check completeness of configure.ac + - Add timeless - check for macros that break reproducible builds + - Add http - check for http URLs to switch to https + - Add embed checks - heuristics for embedded code copies + - Add mailto - check mailto: links + - Add ocaml-shell-injection - check for OCaml shell metachar injection + - Add pylint - check Python code for various issues + - Add rpmlint - check RPM files + - Add web-to-shell - check for `curl | sudo sh` antipattern + - Add ssl-cert-check - check SSL key/cert files + - Add yamllint - check YAML files + - TODO items for android-lint smatch rzip-test lrzip-test + csslint scan-copyrights licensecheck2dep5 debian-tracker + erlang-elvis opentype-sanitiser bugpicker nit librejs-cli + jpegoptim lisp-critic project-flint scheck ocaml-unsafe + ocaml-mascot cpants-lint php7cc pngcrush optipng advpng + mypy pycodestyle pydocstyle python3-requirements-detector + pydiatra pytype ruby-reek ruby-sadist ruby-derailer + ruby-space swiftlint x509lint certlint - -- Matthias Klose Tue, 16 Feb 2016 18:37:10 +0100 + -- Paul Wise Sat, 25 Jun 2016 12:08:10 +0200 check-all-the-things (2015.12.10) experimental; urgency=medium diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/clean check-all-the-things-2016.06.29.1~16.04.1/debian/clean --- check-all-the-things-2015.12.10ubuntu2/debian/clean 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/debian/clean 2016-06-29 11:17:07.000000000 +0200 @@ -0,0 +1,2 @@ +check-all-the-things.1 +debian/check-all-the-things.bash-completion diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/control check-all-the-things-2016.06.29.1~16.04.1/debian/control --- check-all-the-things-2015.12.10ubuntu2/debian/control 2016-03-23 02:18:56.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/debian/control 2016-06-29 11:17:07.000000000 +0200 @@ -1,24 +1,31 @@ Source: check-all-the-things -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Paul Wise -Standards-Version: 3.9.6 +Maintainer: Paul Wise +Standards-Version: 3.9.8 Section: devel Priority: optional Build-Depends: + bash-completion, debhelper (>= 9), help2man, - python3 -Vcs-Git: git://anonscm.debian.org/collab-maint/check-all-the-things.git + python-argcomplete, + python3, + python3-apt, +Vcs-Git: https://anonscm.debian.org/git/collab-maint/check-all-the-things.git Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/check-all-the-things.git Package: check-all-the-things Architecture: all Depends: python3, - ${misc:Depends} + ${misc:Depends}, Recommends: + python3-argcomplete, + python3-magic, + python3-netifaces, python3-ptyprocess, - ${catt:Recommends} + ${cats:Recommends}, +Suggests: + ${cats:Suggests}, Description: check all of the things! This package will help you check all of the things. . @@ -28,6 +35,10 @@ To find out what kind of things it checks, take a look at the package recommends and data directory. . + WARNING: At this time it is probably not suitable + for running against untrusted directories. + . WARNING: since it checks so many things the output can be very verbose so don't use it if you don't have time to go through the output to find problems. + It is not for the busy, lazy or noise intolerant. diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/copyright check-all-the-things-2016.06.29.1~16.04.1/debian/copyright --- check-all-the-things-2015.12.10ubuntu2/debian/copyright 2015-11-05 10:42:44.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/debian/copyright 2016-06-29 11:17:07.000000000 +0200 @@ -1,8 +1,8 @@ -Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Files: * Copyright: 2014 Jakub Wilk , - 2015 Paul Wise , + 2015-2016 Paul Wise , License: Expat Files: debian/* diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/install check-all-the-things-2016.06.29.1~16.04.1/debian/install --- check-all-the-things-2015.12.10ubuntu2/debian/install 2015-12-10 05:00:15.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/debian/install 2016-06-29 11:17:07.000000000 +0200 @@ -1,2 +1,3 @@ check-all-the-things usr/bin +check-font-embedding-restrictions usr/bin data usr/share/check-all-the-things diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/rules check-all-the-things-2016.06.29.1~16.04.1/debian/rules --- check-all-the-things-2015.12.10ubuntu2/debian/rules 2015-09-24 11:11:10.000000000 +0200 +++ check-all-the-things-2016.06.29.1~16.04.1/debian/rules 2016-06-29 11:17:07.000000000 +0200 @@ -4,10 +4,11 @@ P = check-all-the-things %: - dh $@ --parallel + dh $@ --parallel --with bash-completion override_dh_gencontrol: - dh_gencontrol -- -Vcatt:Recommends="$$(sed -n 's/$$/, /;s/^ *apt *= *//p' data/* | tr -d \\n)" + ./check-all-the-things --set-debian-substvars + dh_gencontrol override_dh_auto_build: help2man \ @@ -16,3 +17,4 @@ --name="Check all of the things!" \ ./$P \ > $P.1 + register-python-argcomplete check-all-the-things > debian/$P.bash-completion diff -Nru check-all-the-things-2015.12.10ubuntu2/doc/README check-all-the-things-2016.06.29.1~16.04.1/doc/README --- check-all-the-things-2015.12.10ubuntu2/doc/README 2015-12-10 05:00:15.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/doc/README 2016-06-29 11:17:07.000000000 +0200 @@ -1,6 +1,9 @@ # check-all-the-things This is a tool to run many tools that can check various things. +It is probably not suitable for running in untrusted directories +since there could be unknown interactions leading to code execution +or commands that do code execution but are not yet known to do that. ## Philosophy @@ -37,16 +40,30 @@ When adding support for new checkers, please ensure that you add the 'dangerous' flag for checks that execute package code. +When adding support for new checkers that are written in perl, please +make sure that you mitigate the effects of Debian perl bug #588017 to +ensure that the check does *not* execute package code. If you flag +the package perl-bug-588017 then cats will automatically prefix the +command with `env PERL5OPT=-m-lib=.`, which usually mitigates this. +Please also verify that the check does not execute package code. + When adding support for new checkers, please ensure that you use {file} for checkers that take only one argument and that you use {files} for checkers that take more than one argument. +When the support for a check is suboptimal, you can add fixme to the flags +field and add a comment with info about what needs to be fixed. + When adding TODO entries, please add a new check config but set the flags field to todo and add any known hints in the apt/comment/command fields. When adding TODO entries for packages not in Debian, please either add the ITP bug number or a URL to upstream in the comment field. +For ITP bugs or when reporting bugs on other tools that show up in +check-all-the-things, please mark the bug as affecting check-all-the-things +and please usertag the bugs as mentioned in the bugs section below. + For more involved changes to the code you might want to file a bug to discuss the changes with people who are interested. @@ -55,11 +72,52 @@ ircs://irc.debian.org/debian-qa https://webchat.oftc.net/?channels=debian-qa -Please sign all of your commits, tags and pushes with OpenPGP: +Please sign all of your commits and tags with OpenPGP: + +https://mikegerwitz.com/papers/git-horror-story + +Before releases, update lists of extensions copied from elsewhere: -http://mikegerwitz.com/papers/git-horror-story +git grep -C1 TODO.*releases + +Every release should proclaim to be the "Check all the things" release, +but the phrase needs to be mutated for each release to a similar phrase. Tags should be created using this command and the tag annotation should be the release notes for this version, usually stuff from debian/changelog. git tag -a -s check-all-the-things-$(date -u --iso-8601 | tr - .) + +You can use 'cats' as the abbreviation of check-all-the-things. Meow! + +## Bugs + +ITP bugs and bugs filed against other packages should be marked as +affecting check-all-the-things and usertagged as below. + +The user for usertags is check-all-the-things@packages.debian.org + +These usertags should be used: + +new-check: for ITPs or bugs that block the addition of new checks +new-issues: for requests to check new issues in particular checker tools +noise: for bugs in particular checkers that make unnecessary noise +false-positive: for false positives in particular checker tools +file-detection: for issues related to choice of files to check +rm-check: for bugs related to the removal of tools used by checks + +Please feel free to add new usertags and document them here. + +For example: + +To: submit@bugs.debian.org + +User: check-all-the-things@packages.debian.org +Usertags: new-check +Control: affects -1 check-all-the-things + +To: control@bugs.debian.org + +user check-all-the-things@packages.debian.org +usertags 123456 + new-check +affects 123456 + check-all-the-things diff -Nru check-all-the-things-2015.12.10ubuntu2/doc/TODO check-all-the-things-2016.06.29.1~16.04.1/doc/TODO --- check-all-the-things-2015.12.10ubuntu2/doc/TODO 2015-12-10 05:00:17.000000000 +0100 +++ check-all-the-things-2016.06.29.1~16.04.1/doc/TODO 2016-06-29 11:17:28.000000000 +0200 @@ -6,18 +6,27 @@ grep -r 'PATH' . grep -r 'x86_64-linux-gnu' . -Add syntax checkers from the syntastic vim plugin: +Places to find new checks: +apt-file search --regex 'bin/.*(lint|check|valid|tidy|detect)' +apt-cache search --names-only '(lint|check|valid|tidy|detect)' https://github.com/scrooloose/syntastic/tree/master/syntax_checkers - -Add checkers from the fedora-review tool: - https://git.fedorahosted.org/cgit/FedoraReview.git - -Some (all?) wildcards should be case-insensitive. - -Wildcards is not always an adequate mechanisms for detecting file types. Think -of Python or Perl scripts without extensions, or ELF binaries. +https://github.com/michenriksen/gitrob/blob/master/patterns.json +https://registry.hub.docker.com/repos/codeclimate/ +https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis#C.2FC.2B.2B +https://github.com/mcandre/linters +https://gitlab.com/linted/linted/tree/master/scripts +https://support.codacy.com/hc/en-us/articles/207995005-Special-Thanks +https://github.com/linuxfoundation/cii-best-practices-badge/blob/master/doc/criteria.md#user-content-analysis +https://github.com/simplymeasured/ruby-appraiser +https://bazaar.launchpad.net/~ubuntu-security/ubuntu-security-tools/trunk/files/head:/audits/ +https://github.com/sk-/git-lint +https://prospector.readthedocs.io/en/master/supported_tools.html +http://www.flycheck.org/en/latest/languages.html +https://atomlinter.github.io/ +https://github.com/coala-analyzer/coala-bears/tree/master/bears +https://github.com/alecthomas/gometalinter A mechanisms for filtering output is needed. @@ -25,4 +34,13 @@ A mechanism to specify the amount/pedanticness of the output. +Support commands that must be run with `find | xargs` instead of `find -exec` + +Sandboxing with kvmtool/bubblewrap/firejail/etc: + +Files in cwd to read-only unless modify flag +Files in cwd to no-exec unless dangerous flag +All other files to read-only +All processes to cgroup, kill after each command + .. vim:ts=3 sw=3 et ft=rst