diff -Nru check-all-the-things-2015.12.10ubuntu2/check-all-the-things check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/check-all-the-things --- check-all-the-things-2015.12.10ubuntu2/check-all-the-things 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/check-all-the-things 2017-05-20 11:33:18.000000000 +0200 @@ -1,7 +1,8 @@ #!/usr/bin/python3 +# PYTHON_ARGCOMPLETE_OK # Copyright 2014 Jakub Wilk -# Copyright 2015 Paul Wise +# Copyright 2015-2016 Paul Wise # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal @@ -33,7 +34,9 @@ import shlex import stat import time +import signal import subprocess as ipc +import string import sys from textwrap import TextWrapper @@ -43,13 +46,14 @@ def get_columns(): return get_terminal_size().columns except ImportError: + # Python 3.2 compatibility: from fcntl import ioctl from termios import TIOCGWINSZ from struct import unpack def get_columns(): try: - buf = ioctl(sys.stdout.fileno(), TIOCGWINSZ, ' '*4) + buf = ioctl(sys.stdout.fileno(), TIOCGWINSZ, ' ' * 4) return unpack('hh', buf)[1] except IOError: return 80 @@ -58,10 +62,12 @@ from curses import tigetstr, setupterm setupterm() erase_line = tigetstr('el') + reset_term = tigetstr('sgr0') or tigetstr('oc') or tigetstr('op') or bytes() try: from shutil import which except ImportError: + # Python 3.2 compatibility: def which(cmd): PATH = os.environ.get('PATH', '') PATH = PATH.split(os.pathsep) @@ -71,89 +77,234 @@ return path if not hasattr(shlex, 'quote'): + # Python 3.2 compatibility: import pipes shlex.quote = pipes.quote try: + import argcomplete + ChoicesCompleter = argcomplete.completers.ChoicesCompleter +except ImportError: + argcomplete = None + + class ChoicesCompleter: + def __init__(self, *args, **kwargs): + pass + +try: import ptyprocess except ImportError: ptyprocess = None try: - import apt_pkg + import netifaces except ImportError: - apt_pkg = None + netifaces = None + +try: + import magic +except ImportError: + magic = None this = os.path.realpath(__file__) rootdir = os.path.dirname(this) -datadir = os.path.join(rootdir, 'data') +datadir = os.environ.get('CATS_DATA') if not datadir or not os.path.isdir(datadir): - datadir = os.environ.get('CATT_DATA') + datadir = os.path.join(rootdir, 'data') if not datadir or not os.path.isdir(datadir): datadir = os.path.join(os.path.dirname(rootdir), 'share', 'check-all-the-things', 'data') -def erase_to_eol_cr(): - sys.stdout.buffer.write(erase_line) +def erase_to_eol_cr(size=0): + if erase_line: + sys.stdout.buffer.write(erase_line) + else: + width = get_columns() + print(' ' * (width - size), end='') print(end='\r') sys.stdout.flush() -def spawn_header_first(cmd, header): - if sys.stdout.isatty(): - width = get_columns() - line = '$ ' + cmd.replace('\n', '') - size = len(line) - if size > width: - line = line[:width] - print(line, end='') +def show_progress(cmd): + width = get_columns() + line = '$ ' + cmd.replace('\n', '') + size = len(line) + if size > width: + line = line[:width] + print(line, end='') + erase_to_eol_cr(len(line)) + + +def show_header(header): + if header: + print(header) + sys.stdout.flush() + return True + else: + return False + + +def spawn_ptyprocess(terminal, cmd, hide, header, footer, limit): + lines = 0 + trimmed = False + + def output_header(): + nonlocal header erase_to_eol_cr() - if ptyprocess: - proc = ptyprocess.ptyprocess.PtyProcess.spawn(['sh', '-c', cmd]) - while True: - try: - line = proc.readline() - if line: - if header: - erase_to_eol_cr() - print(header) - sys.stdout.flush() - header = None - sys.stdout.buffer.write(line) + show_header(header) + header = None + + proc = ptyprocess.ptyprocess.PtyProcess.spawn(['sh', '-c', cmd]) + while True: + try: + line = proc.readline() + if line: + if limit > 0: + lines += 1 + if lines > limit: + trimmed = True + if terminal: + sys.stdout.buffer.write(reset_term) + print(*footer, sep='\n') sys.stdout.flush() - except EOFError: - break - else: - pipe = None + proc.kill(signal.SIGTERM) + break + if header: + output_header() + sys.stdout.buffer.write(line) + sys.stdout.flush() + except EOFError: + break + if header and not hide: + output_header() + if terminal and not trimmed: + sys.stdout.buffer.write(reset_term) + return not bool(header), trimmed + + +def spawn_pty(terminal, cmd, hide, header, footer, limit): + lines = 0 + trimmed = False + pipe = None - def read(fd): - nonlocal header - nonlocal pipe - if not pipe: - pipe = open(fd, closefd=False) - data = pipe.buffer.readline() - if data and header: - erase_to_eol_cr() - print(header.replace('\n', '\r\n'), end='\r\n') - sys.stdout.flush() - header = None - return data - pty.spawn(['sh', '-c', cmd], read) - pipe.close() - else: - with ipc.Popen(cmd, shell=True, stdout=ipc.PIPE, stderr=ipc.STDOUT) as proc: - line = proc.stdout.readline() - if line and header: - print(header) + def output_header(): + nonlocal header + erase_to_eol_cr() + print(header.replace('\n', '\r\n'), end='\r\n') + sys.stdout.flush() + header = None + + def read(fd): + nonlocal limit + nonlocal lines + nonlocal trimmed + nonlocal header + nonlocal pipe + if not pipe: + pipe = open(fd, closefd=False) + data = pipe.buffer.readline() + if limit > 0: + lines += 1 + if lines > limit: + trimmed = True + if terminal: + sys.stdout.buffer.write(reset_term) + print(*footer, sep='\r\n', end='\r\n') + sys.stdout.flush() + raise OSError + if data and header: + output_header() + return data + + pty.spawn(['sh', '-c', cmd], read) + pipe.close() + if header and not hide: + output_header() + if terminal and not trimmed: + sys.stdout.buffer.write(reset_term) + return not bool(header), trimmed + + +def spawn_pipe(terminal, cmd, hide, header, footer, limit): + lines = 0 + trimmed = False + + def output_header(): + nonlocal header + show_header(header) + header = None + + def check_lines(): + nonlocal proc + nonlocal limit + nonlocal lines + nonlocal trimmed + nonlocal footer + if limit > 0: + lines += 1 + if lines > limit: + trimmed = True + if terminal: + sys.stdout.buffer.write(reset_term) + print(*footer, sep='\n') sys.stdout.flush() - header = None - sys.stdout.buffer.write(line) - sys.stdout.flush() + proc.terminate() + return True + + with ipc.Popen(cmd, shell=True, stdout=ipc.PIPE, stderr=ipc.STDOUT) as proc: + line = proc.stdout.readline() + if line and header: + output_header() + sys.stdout.buffer.write(line) + sys.stdout.flush() + if not check_lines(): for line in proc.stdout: + if check_lines(): + break sys.stdout.buffer.write(line) sys.stdout.flush() - return not bool(header) + if header and not hide: + output_header() + if terminal and not trimmed: + sys.stdout.buffer.write(reset_term) + return not bool(header), trimmed + + +def spawn_none(terminal, cmd, header): + show_header(header) + ipc.call(cmd, shell=True, stderr=ipc.STDOUT) + if terminal: + sys.stdout.buffer.write(reset_term) + return True, False + + +def spawn(terminal, method, cmd, hide, header, footer, limit): + if method == 'pipe': + return spawn_pipe(terminal, cmd, hide, header, footer, limit) + elif method == 'ptyprocess': + show_progress(cmd) + return spawn_ptyprocess(terminal, cmd, hide, header, footer, limit) + elif method == 'pty': + show_progress(cmd) + return spawn_pty(terminal, cmd, hide, header, footer, limit) + elif method == 'none': + return spawn_none(terminal, cmd, header) + else: + raise RuntimeError + + +def spawn_choice(supervise, terminal): + if supervise: + if terminal: + if ptyprocess: + return 'ptyprocess' + else: + return 'pty' + else: + return 'pipe' + else: + return 'none' class UnmetPrereq(Exception): @@ -163,62 +314,91 @@ class Check(object): def __init__(self): self.apt = None - self.match = None - self._match_fn = id - self.not_match = None - self._not_match_fn = None - self.prune = None - self._prune_fn = None + types = set() + types.update('files not_files not_dirs'.split()) + for type in set(types): + types.update((type + '_path', type + '_parent')) + types.update('types not_types'.split()) + for type in types: + self.__dict__[type] = None + self.__dict__['_' + type + '_fn'] = None self.comment = None self.cmd = None self.cmd_nargs = None self.flags = set() - self.groups = set() self.prereq = None self.disabled = set() def set_apt(self, value): - if apt_pkg: - self.apt = apt_pkg.parse_depends(value) + self.apt = value - def set_match(self, value): - self.match = value.split() + def _set_re_fn(self, this, type, affix=True): regexp = '|'.join( fnmatch.translate(s) - for s in self.match + for s in this[type] ) - regexp = r'\A(?:{re})\Z'.format(re=regexp) + if affix: + regexp = r'\A(?:{re})\Z'.format(re=regexp) + else: + regexp = r'(?:{re})'.format(re=regexp) + this['_' + type + '_re'] = regexp regexp = re.compile(regexp, flags=re.IGNORECASE) - self._match_fn = regexp.match + this['_' + type + '_fn'] = regexp.match - def set_not_match(self, value): - self.not_match = value.split() - regexp = '|'.join( - fnmatch.translate(s) - for s in self.not_match - ) - regexp = r'\A(?:{re})\Z'.format(re=regexp) - regexp = re.compile(regexp, flags=re.IGNORECASE) - self._not_match_fn = regexp.match + def _set_match_fn(self, type, values): + type_path = type + '_path' + type_parent = type + '_parent' + this = self.__dict__ + this[type] = [] + this[type_path] = [] + this[type_parent] = [] + for value in values.split(): + if value.startswith('/'): + this[type_path].append('*' + value) + elif value.startswith('./'): + this[type_path].append(value) + elif value.startswith('../'): + this[type_parent].append(value) + elif value.find('/') != -1: + this[type_path].append('*/' + value) + elif value: + this[type].append(value) + for subtype in (type, type_path, type_parent): + if this[subtype]: + self._set_re_fn(this, subtype) + + def set_files(self, value): + self._set_match_fn('files', value) + + def set_not_files(self, value): + self._set_match_fn('not_files', value) + + def set_not_dirs(self, value): + self._set_match_fn('not_dirs', value) + + def _set_type_match_fn(self, type, values): + this = self.__dict__ + this[type] = values.split() + if this[type]: + self._set_re_fn(this, type, False) - def set_prune(self, value): - self.prune = value.split() - regexp = '|'.join( - fnmatch.translate(s) - for s in self.prune - ) - regexp = r'\A(?:{re})\Z'.format(re=regexp) - regexp = re.compile(regexp, flags=re.IGNORECASE) - self._prune_fn = regexp.match + def set_types(self, value): + self._set_type_match_fn('types', value) + + def set_not_types(self, value): + self._set_type_match_fn('not_types', value) def set_comment(self, value): self.comment = value.strip() def set_command(self, value): - self.cmd = cmd = value - d = collections.defaultdict(str) - cmd.format(**d) - nargs = 1 * ('file' in d) + 2 * ('files' in d) + self.cmd = cmd = value.strip() + fields = { + field + for text, field, fmt, conv + in string.Formatter().parse(cmd) + } + nargs = 1 * ('file' in fields) + 2 * ('files' in fields) if nargs >= 3: raise RuntimeError('invalid command specification: ' + cmd) self.cmd_nargs = nargs @@ -226,72 +406,118 @@ def set_flags(self, value): self.flags = set(value.split()) - def set_groups(self, value): - self.groups.update(value.split()) - def set_prereq(self, value): self.prereq = value - def get_sh_cmd(self, njobs=1): + def _set_fcmd_(self, fcmd, types, tests): + this = self.__dict__ + wildcards = [] + _tests = [] + # Aggregate everything into one array since + # the find command works this way + for i, type in enumerate(types): + if this[type]: + wildcards += this[type] + _tests += len(this[type])*[tests[i]] + if not wildcards: + return + elif len(wildcards) == 1: + [wildcard] = wildcards + fcmd += [_tests[0], shlex.quote(wildcard)] + else: + end = len(fcmd) + for i, wildcard in enumerate(wildcards): + fcmd += ['-o', _tests[i], shlex.quote(wildcard)] + fcmd[end] = '\\(' + fcmd += ['\\)'] + + def _set_fcmd(self, fcmd, type): + self._set_fcmd_(fcmd, [type, type + '_path'], ['-iname', '-iwholename']) + + def get_sh_cmd(self, njobs=1, types=False): + pd = os.path.pardir + cwd = os.path.curdir + if self.is_flag_set('run-in-tmp-dir'): + pd = os.path.abspath(pd) + cwd = os.path.abspath(cwd) + pd = shlex.quote(pd) + cwd = shlex.quote(cwd) kwargs = { + 'pd': pd, + 'cwd': cwd, 'files': '{} +', 'file': '{} \\;', 'njobs': njobs, } + null_kwargs = { + 'pd': '', + 'cwd': '', + 'files': '', + 'file': '', + 'njobs': njobs, + } if not self.cmd: return cmd = self.cmd.format(**kwargs) + # FIXME: remove this once Debian bug #588017 is no longer relevant + if self.is_flag_set('perl-bug-588017'): + cmd = 'env PERL5OPT=-m-lib=. ' + cmd if self.cmd_nargs > 0: fcmd = ['find'] - if self.prune is not None: + any = self.not_files or self.not_files_path or self.files or self.files_path + if self.files_parent: + fcmd += [pd, '-maxdepth', '1', '-type', 'f'] + self._set_fcmd_(fcmd, ['files_parent'], ['-iwholename']) + fcmd += ['-exec', cmd] + if any: + fcmd += [';', 'find', cwd] + else: + fcmd += [cwd] + if self.not_dirs or self.not_dirs_path: fcmd += ['-type', 'd'] - if len(self.prune) == 1: - [wildcard] = self.prune - fcmd += ['-iname', shlex.quote(wildcard)] - else: - end = len(fcmd) - for wildcard in self.prune: - fcmd += ['-o', '-iname', shlex.quote(wildcard)] - fcmd[end] = '\\(' - fcmd += ['\\)'] + self._set_fcmd(fcmd, 'not_dirs') fcmd += ['-prune', '-o'] - fcmd += ['-type', 'f'] - if self.match is not None: - if len(self.match) == 1: - [wildcard] = self.match - fcmd += ['-iname', shlex.quote(wildcard)] - else: - end = len(fcmd) - for wildcard in self.match: - fcmd += ['-o', '-iname', shlex.quote(wildcard)] - fcmd[end] = '\\(' - fcmd += ['\\)'] - if self.not_match is not None: - if self.match: + if any: + fcmd += ['-type', 'f'] + self._set_fcmd(fcmd, 'files') + if self.not_files or self.not_files_path: + if self.files or self.files_path: fcmd += ['-a'] fcmd += ['!'] - if len(self.not_match) == 1: - [wildcard] = self.not_match - fcmd += ['-iname', shlex.quote(wildcard)] - else: - end = len(fcmd) - for wildcard in self.not_match: - fcmd += ['-o', '-iname', shlex.quote(wildcard)] - fcmd[end] = '\\(' - fcmd += ['\\)'] - fcmd += ['-exec', cmd] + self._set_fcmd(fcmd, 'not_files') + if self.types and types: + tfcmd = '' + if any: + tfcmd += '''-print0 -o ''' + tfcmd += '''-exec sh -c 'file --mime-type -r0 "$1" | cut -d "" -f 2 | grep -qP "^: ''' + tfcmd += self._types_re + tfcmd += '''$" && printf "%s\\0" "$1"' sh {} \\; | xargs -0''' + if self.cmd_nargs == 1: + tfcmd += 'n1' + fcmd += [tfcmd, self.cmd.format(**null_kwargs)] + elif not self.files_parent or any: + fcmd += ['-exec', cmd] cmd = ' '.join(fcmd) + if self.is_flag_set('run-in-tmp-dir'): + cmd = '( d=$(mktemp -d) || exit 1 ; c () { rm -rf "$d"; } ; trap c EXIT ; cd "$d" || exit 1 ; ' + cmd + ' )' + elif self.is_flag_set('run-in-root-dir'): + cmd = '( cd / || exit 1 ; ' + cmd + ' )' return cmd def meet_prereq(self): if self.prereq is None: if not self.cmd: return - cmd = shlex.split(self.cmd)[0] - if not which(cmd): + cmdline = shlex.split(self.cmd) + cmd = cmdline[0] + if cmd == 'cat': + cmd = cmdline[cmdline.index('|') + 1] + if not which(cmd) and not self.is_flag_set('todo'): raise UnmetPrereq('command not found: ' + cmd) else: try: + # For Python 3.2 compatibility, open /dev/null manually instead + # of using subprocess.DEVNULL with open(os.devnull, 'wb') as dev_null: ipc.check_call( ['sh', '-e', '-c', self.prereq], @@ -301,51 +527,166 @@ except ipc.CalledProcessError: raise UnmetPrereq('command failed: ' + self.prereq) - def is_file_matching(self, path): - if self._not_match_fn and self._not_match_fn(path): + def is_file_matching(self, path, file): + if self._not_files_path_fn and self._not_files_path_fn(path): + return False + if self._not_files_fn and self._not_files_fn(file): return False - return self._match_fn(path) + if self._files_path_fn and self._files_path_fn(path): + return True + if self._files_fn and self._files_fn(file): + return True + if not (self.files or self.files_path or self.files_parent): + return True + return False - def is_dir_pruned(self, path): - return self._prune_fn(path) if self._prune_fn else False + def is_parent_file_matching(self, path): + if self._not_files_parent_fn and self._not_files_parent_fn(path): + return False + if self._files_parent_fn and self._files_parent_fn(path): + return True + return False + + def is_dir_matching(self, path): + dir = os.path.split(path)[-1] + if self._not_dirs_fn and self._not_dirs_fn(dir): + return True + if self._not_dirs_path_fn and self._not_dirs_path_fn(path): + return True + return False + + def is_type_matching(self, type): + if self._not_types_fn and self._not_types_fn(type): + return False + if self._types_fn and self._types_fn(type): + return True + return False + + def is_always_matching_files(self): + return not (self.files or self.files_path or self.files_parent) + + def is_always_matching_types(self): + return not self.types def is_flag_set(self, value): return value in self.flags + def do(self, name, jobs, types, run, hide, limit, method, terminal, remarks): + cmd = self.get_sh_cmd(njobs=jobs, types=types) + comment = self.comment + manual = self.is_flag_set('manual') + style = self.is_flag_set('style') + complexity = self.is_flag_set('complexity') + fixme = self.is_flag_set('fixme') + fixme_silent = fixme and self.is_flag_set('fixme-silent') + fixme_ignore = fixme and self.is_flag_set('fixme-ignore') + todo = self.is_flag_set('todo') + embed = self.is_flag_set('embed') + run = cmd and run and not manual and not todo + hide = hide and run + trim = limit > 0 + supervise = hide or trim + if method == 'auto': + method = spawn_choice(supervise, terminal) + header = '' + footer = ('...',) + if manual and not todo: + header += '# This command needs a human to read about and run it\n' + if style and not todo: + header += '# This command checks style. While a consistent style\n' + header += '# is a good idea, people who have different style\n' + header += '# preferences will want to ignore some of the output.\n' + if complexity and not todo: + header += '# This command checks code complexity. While simple\n' + header += '# code is a good idea, complex code can be needed.\n' + if (style or complexity) and not todo: + header += '# Do not bother adding non-upstreamable patches for this.\n' + if fixme or todo: + header += '# This command needs someone to help out with it.\n' + remark(remarks, name, 'help needed') + if fixme_silent: + header += '# This command needs an option to only print issues.\n' + if fixme_ignore: + header += '# This command needs an option to ignore certain paths.\n' + if comment: + header += ''.join('# ' + line + '\n' for line in comment.split('\n')) + if embed and not todo: + header += '# Please remove any embedded copies from the upstream VCS and tarballs.\n' + header += '# https://wiki.debian.org/EmbeddedCodeCopies\n' + if cmd: + prompt = '# $ ' if manual or todo else '$ ' + header += prompt + cmd + if run: + output, trimmed = spawn(terminal, method, cmd, hide, header, footer, limit) + if not output and hide: + remark(remarks, name, 'no output') + if trim and trimmed: + remark(remarks, name, 'trimmed') + else: + if terminal: + erase_to_eol_cr() + output = show_header(header) + return output + -class Formatter(argparse.ArgumentDefaultsHelpFormatter, argparse.MetavarTypeHelpFormatter): +class Formatter(argparse.ArgumentDefaultsHelpFormatter): pass +def process_args(self, action, args): + if args: + for arg in args: + if arg not in self.all: + raise argparse.ArgumentError(self, self.unknown_msg.format(arg)) + action(args) + else: + raise argparse.ArgumentError(self, self.missing_msg) + + def process(self, choices): - action = self.change + action = None args = set() - for choice in choices: + if not choices: + raise argparse.ArgumentError(self, self.missing_msg) + end = len(choices)-1 + for i, choice in enumerate(choices): arg = None if choice.startswith('='): - action = self.change + new_action = self.change elif choice.startswith('+'): - action = self.enable + new_action = self.enable elif choice.startswith('-'): - action = self.disable + new_action = self.disable else: + new_action = None arg = choice if arg is None: - args = set() arg = choice[1:] if arg: arg = set([arg]) else: arg = set() - args.update(arg) - action(args) + if i == 0: + action = new_action if new_action else self.change + args.update(arg) + if i > 0: + if new_action: + process_args(self, action, args) + action = new_action + args = set() + args.update(arg) + if i == end: + process_args(self, action, args) class CheckSelectionAction(argparse.Action): msg = 'cmdline disabled check' + unknown_msg = 'unknown check: {}' + missing_msg = 'missing check name' - def __init__(self, option_strings, dest, checks={}, prepend_values=[], *args, **kwargs): + def __init__(self, option_strings, dest, checks={}, all=set(), prepend_values=[], *args, **kwargs): self.checks = checks + self.all = all self.prepend_values = prepend_values super().__init__(option_strings=option_strings, dest=dest, *args, **kwargs) @@ -369,13 +710,16 @@ self.checks[name].disabled.add(self.msg) -class GroupSelectionAction(argparse.Action): +class FlagSelectionAction(argparse.Action): + msg = 'cmdline disabled flag' + unknown_msg = 'unknown flag: {}' + missing_msg = 'missing flag name' - def __init__(self, option_strings, dest, msg=None, name=None, checks={}, groups=set(), prepend_values=[], *args, **kwargs): - self.msg = msg - self.name = name + def __init__(self, option_strings, dest, checks={}, flags=set(), all=set(), disable={}, prepend_values=[], *args, **kwargs): self.checks = checks - self.groups = groups + self.flags = flags + self.all = all + self.disabled = disable self.prepend_values = prepend_values super().__init__(option_strings=option_strings, dest=dest, *args, **kwargs) @@ -383,69 +727,253 @@ for value in self.prepend_values + values: process(self, value.split()) - def change(self, groups): - self.groups.__init__(groups) - for name, check in self.checks.items(): - if check.__getattribute__(self.name).isdisjoint(groups): - self.checks[name].disabled.add(self.msg) + def change(self, flags): + self.flags.__init__(flags) + bad = set(self.disabled.keys()) + want_all = flags + want_bad = flags & bad + want_good = flags - bad + for name, check in sorted(self.checks.items()): + checkf = check.flags + check_enable = check_disable = False + if want_good & checkf: + if bad & checkf & want_bad: + check_enable = True + elif not(checkf & bad): + check_enable = True + else: + check_disable = True + elif want_all <= bad and want_all & checkf: + check_enable = True else: + check_disable = True + if check_enable: self.checks[name].disabled.clear() + elif check_disable: + self.checks[name].disabled.add(self.msg) - def enable(self, groups): - self.groups.update(groups) - for name, check in self.checks.items(): - if not check.__getattribute__(self.name).isdisjoint(groups): + def enable(self, flags): + self.flags.update(flags) + bad = set(self.disabled.keys()) + want_all = flags + want_bad = flags & bad + want_good = flags - bad + for name, check in sorted(self.checks.items()): + checkf = check.flags + check_enable = False + if want_good & checkf: + if bad & checkf & want_bad: + check_enable = True + elif not(checkf & bad): + check_enable = True + elif want_all <= bad and want_all & checkf: + check_enable = True + if check_enable: self.checks[name].disabled.clear() - def disable(self, groups): - self.groups.difference_update(groups) - for name, check in self.checks.items(): - if not check.__getattribute__(self.name).isdisjoint(groups): + def disable(self, flags): + self.flags.difference_update(flags) + bad = set(self.disabled.keys()) + want_good = flags - bad + for name, check in sorted(self.checks.items()): + checkf = check.flags + check_disable = False + if want_good & checkf: + check_disable = True + if check_disable: self.checks[name].disabled.add(self.msg) -def parse_section(section): - check = Check() +class RangeCompleter(object): + def __init__(self, start, end): + self.choices = range(start, end + 1) + + def __call__(self, prefix, **kwargs): + return (str(c) for c in self.choices if str(c).startswith(prefix)) + + +def parse_section(section, check=None): + if not check: + check = Check() for key, value in section.items(): key = key.replace('-', '_') getattr(check, 'set_' + key)(value) return check -def parse_conf(): - checks = {} - flags = set() - groups = set() - for path in glob.glob(os.path.join(datadir, '*')): - cp = configparser.ConfigParser(interpolation=None) - cp.read(path, encoding='UTF-8') - for name in cp.sections(): - if name in checks: +def parse_conf(checks={}, flags=set(), distro=None, release=None): + if distro and release: + for path in glob.glob(os.path.join(datadir, 'overlay', distro, release, '*')): + parse_file(checks, flags, path, True) + else: + for path in glob.glob(os.path.join(datadir, '*')): + parse_file(checks, flags, path) + return (checks, flags) + + +def parse_file(checks, flags, path, overlay=False): + cp = configparser.ConfigParser(interpolation=None) + cp.read(path, encoding='UTF-8') + for name in cp.sections(): + section = cp[name] + if name in checks: + if overlay: + parse_section(section, checks[name]) + else: raise RuntimeError('duplicate check name: ' + name) - section = cp[name] + else: checks[name] = parse_section(section) - checks[name].groups.update({os.path.basename(path)}) - flags.update(checks[name].flags) - groups.update(checks[name].groups) - return (checks, flags, groups) + checks[name].flags.update({os.path.basename(path)}) + flags.update(checks[name].flags) -def skip(skipped, name, reason): - if reason not in skipped: - skipped[reason] = set() - skipped[reason].add(name) +def remark(remarks, name, reason): + if reason not in remarks: + remarks[reason] = set() + if name: + remarks[reason].add(name) return True +def set_debian_substvars(checks): + try: + import apt_pkg + except ImportError: + print('ERROR: Python apt module not installed', file=sys.stderr) + sys.exit(1) + recommends = [] + suggests = [] + for name, check in checks.items(): + try: + if check.apt: + apt_pkg.parse_depends(check.apt) + else: + continue + except ValueError: + print('ERROR: Could not parse deps for {}: {}'.format(name, check.apt), file=sys.stderr) + sys.exit(1) + if not check.is_flag_set('todo') and not check.is_flag_set('apt-suggests'): + recommends.append(check.apt) + else: + suggests.append(check.apt) + recommends = ', '.join(sorted(recommends)) + suggests = ', '.join(sorted(suggests)) + with open('debian/check-all-the-things.substvars', 'a') as substvars: + print('cats:Recommends={}'.format(recommends), file=substvars) + print('cats:Suggests={}'.format(suggests), file=substvars) + + +def walk(typedb, checks, remarks, matching_checks, parent, top): + matched_globs = collections.defaultdict(set) + matched_names = collections.defaultdict(set) + matched_types = collections.defaultdict(set) + unknown = 'application/octet-stream' + ignore_checks = {} + ignore_checks[top] = set() + ignore_dirs = set('.git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc'.split()) + for root, dirs, files in os.walk(top): + root_set = set(root.split(os.path.sep)) + if parent: + del dirs[:] + else: + if root not in ignore_checks: + up = os.path.split(root)[0] + ignore_checks[root] = set(ignore_checks[up]) + for name, check in checks.items(): + if name in ignore_checks[root]: + continue + if check.is_dir_matching(root): + ignore_checks[root].add(name) + for file in files: + type = None + path = os.path.join(root, file) + st = os.lstat(path) + if not stat.S_ISREG(st.st_mode): + continue + base, ext = os.path.splitext(file) + base = base.lower() + ext = ext.lower() + if ext: + matched_files = matched_globs + matched_key = ext + else: + matched_files = matched_names + matched_key = base + for name, check in checks.items(): + if check.disabled: + continue + if name in ignore_checks[root]: + continue + if parent: + if check.is_parent_file_matching(path): + matching_checks.add(name) + else: + if check.is_file_matching(path, file): + matching_checks.add(name) + if not check.is_always_matching_files() and not check.is_flag_set('todo'): + matched_files[matched_key].add(name) + if typedb: + if not type: + type = typedb.file(path) + if type != unknown: + if name in matched_types[type]: + continue + if check.is_type_matching(type): + matching_checks.add(name) + if not check.is_always_matching_types() and not check.is_flag_set('todo'): + matched_types[type].add(name) + if not (parent or root_set.intersection(ignore_dirs)): + if ext and not matched_globs[ext]: + remark(remarks, '*' + ext, 'no specific file name wildcard checks') + if not ext and base and not matched_names[base]: + remark(remarks, base, 'no specific file name checks') + if typedb and type != unknown and not matched_types[type]: + remark(remarks, type, 'no specific file type checks') + + +def network(): + if netifaces: + gws = netifaces.gateways() + gw = gws.get('default') + if gw: + if netifaces.AF_INET in gw: + return True + if netifaces.AF_INET6 in gw: + return True + else: + return False + else: + return True + + +def terminal_working(): + if not sys.stdout.isatty(): + return False + try: + master, slave = pty.openpty() + os.close(slave) + os.close(master) + return True + except OSError: + return False + + def main(): - (checks, flags, groups) = parse_conf() - skipped = {} + (checks, flags) = parse_conf() + all_checks = set(checks.keys()) + all_flags = set(flags) + remarks = {} disable_flags = { 'dangerous': 'dangerous check', + 'modify': 'modifies files', 'todo': 'help needed', } + if not network(): + disable_flags['network'] = 'no network' + + all_flags.update(disable_flags.keys()) flags.difference_update(disable_flags.keys()) for name, check in checks.items(): for flag, reason in disable_flags.items(): @@ -455,36 +983,36 @@ ap = argparse.ArgumentParser( formatter_class=Formatter, description='This program is aimed at checking things related to ' - 'packaging and software development. It automates statical ' - 'analysis of code, QA checks, syntax checking, for a very large ' - 'set of files.', + 'packaging and software development. It automates static ' + 'analysis of code, QA, syntax and style checks and more, ' + 'for a large set of file types.', epilog="WARNING: since it checks so many things the output can be " "very verbose so don't use it if you don't have time to go " "through the output to find problems." ) ap.add_argument('--jobs', '-j', metavar='N', type=int, nargs='?', help="passed to tools that can parallelize their checks", - default=1) + default=1).completer = RangeCompleter(1, multiprocessing.cpu_count()) ap.add_argument('--checks', '-c', metavar='selectors', nargs=1, help="alter the set of checks to be run based on check names" " (example: = cppcheck + lintian duck - duck)", type=str, default=argparse.SUPPRESS, dest=argparse.SUPPRESS, - action=CheckSelectionAction, checks=checks) + action=CheckSelectionAction, checks=checks, all=all_checks, + ).completer = ChoicesCompleter(sorted(all_checks)) ap.add_argument('--flags', '-f', metavar='selectors', nargs=1, help="alter the set of checks to be run based on flag names" + " (example: = audio c - mp3 + sh)" " (example: = dangerous + network - todo)", type=str, default=argparse.SUPPRESS, dest=argparse.SUPPRESS, - action=GroupSelectionAction, msg='cmdline disabled flag', name='flags', checks=checks, groups=flags) - ap.add_argument('--groups', '-g', metavar='selectors', nargs=1, - help="alter the set of checks to be run based on group names" - " (example: = audio c - mp3 + sh)", - type=str, default=argparse.SUPPRESS, dest=argparse.SUPPRESS, - action=GroupSelectionAction, msg='cmdline disabled group', name='groups', checks=checks, groups=groups) + action=FlagSelectionAction, checks=checks, flags=flags, all=all_flags, disable=disable_flags, + ).completer = ChoicesCompleter(sorted(all_flags)) ap.add_argument('--all', '-a', nargs=0, - help="perform checks with possibly dangerous side effects." - " (equivalent: --flags +dangerous)", + help="perform checks with possible side effects," + " including executing code or modifying files" + " from the current directory." + " (equivalent: --flags +dangerous --flags +modify)", type=str, default=argparse.SUPPRESS, dest=argparse.SUPPRESS, - action=GroupSelectionAction, name='flags', checks=checks, groups=flags, prepend_values=['+dangerous']) + action=FlagSelectionAction, checks=checks, flags=flags, prepend_values=['+dangerous modify']) ap.add_argument('--interrupt', '-i', type=str, help="when interrupted, quit or skip the current check", default='skip', choices=['quit', 'exit', 'skip']) @@ -494,105 +1022,141 @@ ap.add_argument('--silent-checks', type=str, help="what to do with checks that did not print any output", default='hide', choices=['show', 'hide']) - ap.add_argument('--suppressed-checks-lines', metavar='N', - help="output lines to use for checks per suppression reason." + ap.add_argument('--remarks-lines', metavar='N', + help="output lines to use for checks per remark." " (<= -1: all, 0: only reasons, >= 1: N lines of checks)", - type=int, default=1) + type=int, default=1).completer = RangeCompleter(-1, 20) ap.add_argument('--commands', type=str, help="what to do with the commands for the chosen set of hooks", default='run', choices=['run', 'show']) + ap.add_argument("--set-debian-substvars", help=argparse.SUPPRESS, action="store_true") + ap.add_argument('--spawn-method', type=str, help=argparse.SUPPRESS, + default='auto', choices=['auto', 'none', 'pipe', 'pty', 'ptyprocess']) + ap.add_argument('--checks-output-lines', metavar='N', + help="output lines to allow for checks." + " checks using more lines are terminated," + " their output is truncated to fit," + " a footer is appended as an indicator" + " and their names are printed at the end." + " (<= 0: all, > 0: N lines of output)", + type=int, default=10).completer = RangeCompleter(0, 20) + ap.add_argument('--distro', '-d', type=str, + help="enable check overlay for distribution", + default=None, choices=['debian']) + ap.add_argument('--release', '-r', type=str, + help="enable check overlay for distribution release", + default=None, choices=['jessie']) + mime_help = (" matching files based on MIME type." + " MIME checking is slow and" + " makes more complicated commands.") + ap.add_argument('--mime', dest='mime', action='store_true', help='Enable '+mime_help) + ap.add_argument('--no-mime', dest='mime', action='store_false', help='Disable '+mime_help) + ap.set_defaults(mime=False) + if argcomplete: + argcomplete.autocomplete(ap) + elif '_ARGCOMPLETE' in os.environ: + print('ERROR: Argument completion requested but Python argcomplete module not installed', file=sys.stderr) + sys.exit(1) + options = ap.parse_args() + if options.distro and options.release: + parse_conf(checks, flags, options.distro, options.release) + if options.set_debian_substvars: + set_debian_substvars(checks) + sys.exit() if options.jobs is None: options.jobs = multiprocessing.cpu_count() + jobs = options.jobs + run = options.commands == 'run' + hide = options.silent_checks == 'hide' + limit = options.checks_output_lines + mime = options.mime + method = options.spawn_method + terminal = terminal_working() last_interrupt = 0 matching_checks = set() - for root, dirs, files in os.walk('.'): - for file in files: - path = os.path.join(root, file) - st = os.lstat(path) - if not stat.S_ISREG(st.st_mode): - continue - for name, check in checks.items(): - if name in matching_checks: - continue - if check.is_file_matching(path): - matching_checks.add(name) - i = 0 - for dir in dirs: - for name, check in checks.items(): - if check.is_dir_pruned(path): - del dirs[i] - i += 1 + if magic and mime: + typedb = magic.open(magic.MAGIC_MIME_TYPE) + typedb.load() + else: + typedb = None + walk(typedb, checks, remarks, matching_checks, True, os.path.pardir) + walk(typedb, checks, remarks, matching_checks, False, os.path.curdir) + if typedb: + typedb.close() + types = bool(typedb) for name, check in sorted(checks.items()): next = False - if name not in matching_checks: - next |= skip(skipped, name, 'no matching files') + if name not in matching_checks and not check.disabled: + next |= remark(remarks, name, 'no matching files') for reason in checks[name].disabled: - next |= skip(skipped, name, reason) + next |= remark(remarks, name, reason) if next: continue try: check.meet_prereq() except UnmetPrereq as exc: - skip(skipped, name, str(exc)) + remark(remarks, name, str(exc)) exc = None else: - show_check = options.silent_checks == 'show' or options.commands == 'show' - if (time.time()-last_interrupt) < options.interrupt_period: + if (time.time() - last_interrupt) < options.interrupt_period: try: time.sleep(options.interrupt_period) except KeyboardInterrupt: print() sys.exit() - cmd = check.get_sh_cmd(njobs=options.jobs) - comment = check.comment - header = '' - if comment: - header += ''.join('# ' + line + '\n' for line in comment.split('\n')) - if cmd: - header += '$ ' + cmd - if show_check or (check.comment and not cmd): - print(header) - sys.stdout.flush() try: - if cmd and options.commands == 'run': - if show_check: - ipc.call(cmd, shell=True, stderr=ipc.STDOUT) - else: - show_check |= spawn_header_first(cmd, header) - if not show_check: - skip(skipped, name, 'no output') + output = None + output = check.do(name, jobs, types, run, hide, limit, method, terminal, remarks) except KeyboardInterrupt: - if options.interrupt in {'exit', 'quit'} or (time.time()-last_interrupt) < options.interrupt_period: - if show_check: + if options.interrupt in {'exit', 'quit'} or (time.time() - last_interrupt) < options.interrupt_period: + if output: + if terminal: + sys.stdout.buffer.write(reset_term) print() sys.exit() elif options.interrupt == 'skip': - skip(skipped, name, 'user interrupted') - if show_check: + remark(remarks, name, 'user interrupted') + if output: + if terminal: + sys.stdout.buffer.write(reset_term) print() last_interrupt = time.time() - if cmd and show_check: + if output: print() - if options.commands == 'run' and options.silent_checks == 'hide' and sys.stdout.isatty(): + if run and hide and terminal: erase_to_eol_cr() - if skipped: - header = 'Skipped and hidden checks:' - out = TextWrapper() - out.width = get_columns() + if remarks: + header = 'Remarks:' + if terminal: + out = TextWrapper(80) + out.width = get_columns() + else: + class TextNotWrapper(object): + initial_indent = '' + + def fill(self, line): + return self.initial_indent + line + out = TextNotWrapper() out.break_long_words = False out.break_on_hyphens = False - if options.suppressed_checks_lines == 0: - print(header + ' ' + out.fill(', '.join(sorted(skipped)))) + if options.remarks_lines == 0: + out.initial_indent = header + ' ' + out.subsequent_indent = ' ' * len(out.initial_indent) + print(out.fill(', '.join(sorted(remarks)))) else: print(header) - if options.suppressed_checks_lines >= 1: + if options.remarks_lines >= 1: out.placeholder = ' ...' - out.max_lines = options.suppressed_checks_lines - for reason in sorted(skipped): - out.initial_indent = '- {reason}: '.format(reason=reason) - out.subsequent_indent = ' ' * len(out.initial_indent) - print(out.fill(' '.join(sorted(skipped[reason])))) + out.max_lines = options.remarks_lines + for reason in sorted(remarks): + if remarks[reason]: + out.initial_indent = '- {reason}: '.format(reason=reason) + out.subsequent_indent = ' ' * len(out.initial_indent) + print(out.fill(' '.join(sorted(remarks[reason])))) + else: + print('- {reason}'.format(reason=reason)) + if __name__ == '__main__': main() diff -Nru check-all-the-things-2015.12.10ubuntu2/check-font-embedding-restrictions check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/check-font-embedding-restrictions --- check-all-the-things-2015.12.10ubuntu2/check-font-embedding-restrictions 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/check-font-embedding-restrictions 2017-05-09 03:20:41.000000000 +0200 @@ -0,0 +1,46 @@ +#!/usr/bin/python2 + +import fontforge +import deb822 +import sys +import os + +# The fontforge module prints warnings to stderr +# but that isn't useful for checking OS/2 fsType +old = os.dup(2) +os.close(2) +os.open(os.devnull, os.O_WRONLY) + +try: + with open('debian/control') as f: + for para in deb822.Deb822.iter_paragraphs(f): + if 'Section' in para and para['Section'].startswith('non-free/'): + exit() +except IOError: + exit() + +embedding_restricted = set() + +for file in set(sys.argv[1:]): + try: + font = fontforge.open(file) + if font: + if 0 != font.os2_fstype: + info = '{}: {:#06x}'.format(file, font.os2_fstype) + embedding_restricted.add(info) + font.close() + except EnvironmentError: + pass + +# Restore stderr +os.close(2) +os.dup(old) +os.close(old) + +if embedding_restricted: + print 'These fonts in Debian main/contrib have embedding' + print 'restrictions, which are not DFSG compatible:' + print + print '\n'.join(sorted(embedding_restricted)) + print + print 'https://www.microsoft.com/typography/otspec/os2.htm#fst' diff -Nru check-all-the-things-2015.12.10ubuntu2/data/android check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/android --- check-all-the-things-2015.12.10ubuntu2/data/android 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/android 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,7 @@ +[android-lint] +flags = todo +comment = can't run it from the command-line? +command = lint ... +apt = android-platform-tools-base + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/ansible check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/ansible --- check-all-the-things-2015.12.10ubuntu2/data/ansible 2015-11-07 15:21:33.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/ansible 2017-05-20 11:33:18.000000000 +0200 @@ -1,4 +1,5 @@ [ansible-lint] -groups = cfg-mgmt -flags = todo +flags = todo cfg-mgmt comment = ansible-lint ITP #799144 + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/appstream check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/appstream --- check-all-the-things-2015.12.10ubuntu2/data/appstream 2015-09-30 15:31:26.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/appstream 2017-05-20 11:33:18.000000000 +0200 @@ -1,9 +1,13 @@ [appstreamcli-validate] -flags = todo apt = appstream -comment = appstreamcli validate ... +files = *.metainfo.xml *.appdata.xml +command = appstreamcli validate --pedantic {files} [appstream-util-validate] -flags = todo -apt = appstream-glib -comment = appstream-util validate ... +flags = network fixme fixme-silent +apt = appstream-util +files = *.metainfo.xml *.appdata.xml +comment = Need to clarify if we want validate-strict +command = appstream-util validate {files} | grep -v ': OK$' + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/build-logs check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/build-logs --- check-all-the-things-2015.12.10ubuntu2/data/build-logs 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/build-logs 2017-05-20 11:33:18.000000000 +0200 @@ -1,18 +1,34 @@ [blhc] apt = blhc -match = ../*.build +files = ../*.build command = blhc --all {files} [build-log-warnings] -match = ../*.build -command = grep -H -i warn {files} ; grep -H -w W {files} +files = ../*.build +command = grep -nHi warn {files} + +[build-log-w] +files = ../*.build +command = grep -nHw W {files} [build-log-errors] -match = ../*.build -command = grep -H -i error {files} ; grep -H -w E {files} +files = ../*.build +command = grep -nHi error {files} + +[build-log-e] +files = ../*.build +command = grep -nHw E {files} + +[bls-standalone] +apt = bls-standalone +files = ../*.build +command = bls-standalone check --blhc=NO {files} -[build-log-scanner] -flags = todo -comment = Waiting on bls to be split and packaged: http://qa.debian.org/bls/ +[build-log-static-library] +files = ../*.build +command = grep -nH '\.a\>' {files} +comment = + Please avoid the use of static libraries where possible + https://wiki.debian.org/StaticLinking # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/c check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/c --- check-all-the-things-2015.12.10ubuntu2/data/c 2016-02-16 18:37:09.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/c 2017-05-20 11:33:18.000000000 +0200 @@ -1,57 +1,97 @@ [cppcheck] apt = cppcheck -command = cppcheck -j{njobs} --quiet -f . | grep -vF 'cppcheck: error: could not find or open any of the paths given.' -# TODO: drop the filter when #769757 gets fixed +# see Path::acceptFile etc in lib/path.cpp in cppcheck +# TODO: update it before releases: +# curl -s https://sources.debian.net/data/main/c/cppcheck/latest/lib/path.cpp | +# grep 'ext.* == "' | +# sed 's/.*"\([^"]*\)".*/\1/;s/^/ */' +files = + *.c + *.cpp + *.cxx + *.cc + *.c++ + *.hpp + *.hxx + *.hh + *.tpp + *.txx +types = text/x-c text/x-c++ +command = cppcheck -j{njobs} --quiet -f . [deheader] +flags = manual apt = deheader -match = *.c *.cc *.cxx *.cpp -comment = Check if your C/C++ code contains any unnecessary headers. -command = echo deheader +files = *.c *.cc *.cxx *.cpp +types = text/x-c text/x-c++ +comment = + Check if your C/C++ code contains any unnecessary headers. + Dangerous because it executes Makefiles +command = deheader [include-what-you-use] apt = iwyu -match = +files = *.c *.cc *.cxx *.cpp *.h *.hh *.hxx *.hpp +types = text/x-c text/x-c++ command = include-what-you-use {file} [flawfinder] apt = flawfinder +# see maybe_process_file and c_extensions in the flawfinder script in flawfinder +# TODO: update it before releases: +# sed -n '/^c_extensions/,/ *}$/p' /usr/bin/flawfinder | sed "s/ *: *1 *,*/ /g;s/#.*//;s/'//g;s/\./*./g;s/ \+/ /g;s/.*[{}]//;s/\(.*\)/\L\1/;s/ *$//" +files = + *.c *.h + *.ec *.ecp + *.pgc + *.cpp *.cxx *.cc + *.cc *.c++ + *.pcc + *.hpp command = flawfinder -Q -c . +flags = fixme fixme-silent [pmccabe] +flags = complexity apt = pmccabe -match = +files = *.c *.cc *.cxx *.cpp *.h *.hh *.hxx *.hpp +types = text/x-c text/x-c++ command = pmccabe {files} | sort -nr [clang-check] -flags = todo +flags = manual apt = clang -match = +files = *.c *.cc *.cxx *.cpp *.h *.hh *.hxx *.hpp +types = text/x-c text/x-c++ comment = + because it can't be automatically run from `find -exec` due to the requirement for -- Please consider checking your code with clang-check: - http://clang.llvm.org/extra/clang-tidy.html -command = echo clang-check {files} -- + http://clang.llvm.org/docs/ClangCheck.html +command = clang-check -- [clang-tidy] -flags = todo +flags = manual apt = clang-tidy -match = +files = *.c *.cc *.cxx *.cpp *.h *.hh *.hxx *.hpp -command = echo clang-tidy {files} -- +types = text/x-c text/x-c++ +command = clang-tidy '-checks=*' -- +comment = because it can't be automatically run from `find -exec` due to the requirement for -- [m64-m32] -match = +files = *.c *.cc *.cxx *.cpp *.h *.hh *.hxx *.hpp +types = text/x-c text/x-c++ comment = You should almost never use -m64 and -m32 when compiling. -command = grep -rE -- '-m64|-m32' . +command = grep -nHrwE -- '-m64|-m32' . [cbmc] flags = todo @@ -70,25 +110,61 @@ flags = todo comment = https://github.com/myint/cppclean/ -# TODO: pscan +[complexity] +flags = complexity +apt = complexity +files = *.c +types = text/x-c +command = complexity --no-load-opts {files} + +[kwstyle] +flags = manual +apt = kwstyle +files = + *.c *.cc *.cxx *.cpp + *.h *.hh *.hxx *.hpp +comment = + Please consider checking your code with KWStyle: + https://kitware.github.io/KWStyle/resources/documentation.html +command = KWStyle -R -d . + +[path-max] +files = + *.c *.cc *.cxx *.cpp + *.h *.hh *.hxx *.hpp +types = text/x-c text/x-c++ +command = grep -nHwE 'PATH_MAX|MAXPATHLEN' {files} +comment = + You should not assume that paths are at most PATH_MAX characters long. + Some operating systems (e.g. Hurd) don't define PATH_MAX at all. + Others (e.g. Linux, OS X) define it, but don't enforce the limit. + +[pscan] +apt = pscan +files = + *.c *.cc *.cxx *.cpp + *.h *.hh *.hxx *.hpp +types = text/x-c text/x-c++ +command = pscan {files} + # TODO: adlint # TODO: sparse +# TODO: http://repo.or.cz/w/smatch.git # TODO: splint -# TODO: kwstyle # TODO: frama-c # TODO: scan-build # TODO: abi-compliance-checker -# TODO: complexity #781946 # TODO: http://oclint.org/ # TODO: http://saturn.stanford.edu/ # TODO: https://scan.coverity.com/ -# TODO: https://github.com/facebook/flint +# TODO: https://github.com/facebookarchive/flint # TODO: https://github.com/Krazy-collection/krazy # TODO: https://css.csail.mit.edu/stack/ # TODO: https://github.com/kframework/c-semantics # TODO: https://code.google.com/p/checkheaders/ https://github.com/cristeab/checkheaders # TODO: https://github.com/danmar/ublinter -# TODO: https://quickgit.kde.org/?p=clazy.git +# TODO: https://cgit.kde.org/clazy.git/ +# TODO: http://trust-in-soft.com/tis-interpreter/ # TODO: shell metacharacter injection: g_spawn_command_line* system popen # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/chef check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/chef --- check-all-the-things-2015.12.10ubuntu2/data/chef 2015-09-02 14:19:16.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/chef 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,8 @@ -# TODO: foodcritic +[foodcritic] +flags = todo cfg-mgmt +comment = lots of false positives due to *.rb being Chef files and also Ruby files +apt = foodcritic +files = *.rb +command = foodcritic . + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/cil check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/cil --- check-all-the-things-2015.12.10ubuntu2/data/cil 2015-11-05 07:55:51.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/cil 2017-05-20 11:33:18.000000000 +0200 @@ -1,4 +1,9 @@ [gendarme] -flags = todo +flags = fixme +comment = Needs an option to disable warnings about non-CIL *.dll files apt = gendarme -comment = gendarme ... +files = *.dll +types = application/x-dosexec +command = gendarme --quiet {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/cmake check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/cmake --- check-all-the-things-2015.12.10ubuntu2/data/cmake 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/cmake 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,3 @@ -# TODO: any checks? +# TODO: https://github.com/richq/cmake-lint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/collada check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/collada --- check-all-the-things-2015.12.10ubuntu2/data/collada 2014-08-30 01:40:17.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/collada 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,8 @@ -# TODO: opencollada-tools #694932 OpenCOLLADAValidator +[opencolladavalidator] +flags = fixme fixme-silent +apt = opencollada-tools +files = *.dae +comment = Remove the grep when #808796 is fixed +command = opencolladavalidator {file} | grep -v '" is valid against the COLLADA [0-9.]\+ schema\.$' + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/compression check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/compression --- check-all-the-things-2015.12.10ubuntu2/data/compression 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/compression 2017-05-20 11:33:18.000000000 +0200 @@ -1,60 +1,132 @@ [gzip-test] -match = *.gz *.tgz +files = *.gz *.tgz +types = application/gzip command = gzip --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc [bzip2-test] apt = bzip2 -match = *.bz2 *.tbz +files = *.bz2 *.tbz +types = application/x-bzip2 command = bzip2 --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc [xz-test] apt = xz-utils -match = *.xz *.txz +files = *.xz *.txz +types = application/x-xz command = xz --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc [lzma-test] apt = xz-utils -match = *.lzma +files = *.lzma +types = application/x-lzma command = lzma --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc [lzo-test] apt = lzop -match = *.lzo +files = *.lzo command = lzop --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc [lzip-test] apt = lzip -match = *.lzip +files = *.lzip +types = application/x-lzip command = lzip --test {files} -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc [unzip-test] +flags = fixme fixme-silent apt = unzip # Extension list from the File Formats wiki: # http://fileformats.archiveteam.org/wiki/Category:ZIP_based_file_formats -match = - *.zip - *.jar *.apk *.xpi *.ipa *.sb2 *.pk3 *.wz *.love - *.docx *.xlsx *.pptx *.xlsb +# TODO: update it before releases: +# echo ' *.xpi *.sb2 *.pk3 *.wz *.love *.zhfst' +# curl -s http://fileformats.archiveteam.org/wiki/Category:ZIP_based_file_formats | +# sed -n '/ bodycontent/,/\/bodycontent/p' | +# sed -n 's_.*\(/wiki/[^"]*\).*_\1_p' | +# xargs -d'\n' -n1 -i_ curl -s 'http://fileformats.archiveteam.org_?action=raw' | +# grep extensions= | +# sed 's_| *extensions *= *_ _;s_{{ext|\([^}]*\)}} *,* *_*.\1 _g;s_others__;s/ *$//' +files = + *.xpi *.sb2 *.pk3 *.wz *.love *.zhfst + *.apk + *.cbz *.cbr *.cbt *.cba *.cb7 + *.epub + *.docx + *.epub + *.folio + *.ggb + *.it *.itbz *.itgz *.itr *.itz + *.ipa + *.jar *.j + *.cel *.kcf + *.kra + *.maff + *.docx *.xlsx *.pptx + *.ofip *.odm *.odt *.ods *.odg *.odp *.odc *.odi *.odf *.odb *.ott *.ots *.otg *.otp *.otc *.oti *.otf *.oth *.fodt *.fods *.fodg *.fodp - *.ggb *.maff *.cbz *.ora - *.epub *.oxps *.xps + *.odg *.fodg *.otg + *.odp *.fodp *.otp + *.ods *.fods *.ots + *.odt *.fodt *.ott + *.ora + *.oxps *.xps *.otx *.pkpass - *.itz + *.epub + *.exe *.svx + *.sxd *.std + *.sxi *.sti + *.sxw + *.xlsb + *.xlsx + *.zip +types = application/zip command = unzip -q -t {file} | grep -v '^No errors detected in compressed data of ' -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc [7z-test] +flags = fixme fixme-silent apt = p7zip -match = *.7z -command = 7zr t {file} | grep --perl-regexp --null-data --only-matching '(?s)Processing archive: .*\n\nError[^\n]*' | tr -s '\n' -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer +files = *.7z +types = application/x-7z-compressed +command = 7zr t {file} | grep -Pzo '(?s)Processing archive: .*\n\nError[^\n]*' | tr -s '\n' +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc + +[rzip-test] +flags = todo +comment = the --test argument is not supported and runzip -o /dev/null gives an error +apt = rzip +files = *.rz +command = rzip --test {files} +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc + +[lrzip-test] +flags = todo +comment = All the tests I did killed my computer +apt = lrzip +files = *.lrz +types = application/x-lrzip +command = lrzip --test {files} +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc + +[zstd-test] +apt = zstd +files = *.zst +types = application/x-zstd +command = zstd --quiet --test {file} +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc + +[lz4-test] +apt = liblz4-tool +files = *.lz4 +types = application/x-lz4 +command = lz4 --quiet --test {file} +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/cruft check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/cruft --- check-all-the-things-2015.12.10ubuntu2/data/cruft 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/cruft 2017-05-20 11:33:18.000000000 +0200 @@ -1,9 +1,9 @@ [paypal-logo] -match = *paypal*.png *paypal*.gif +files = *paypal*.png *paypal*.gif command = ls {files} [flattr-logo] -match = *flattr*.png *flattr*.gif +files = *flattr*.png *flattr*.gif command = ls {files} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/css check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/css --- check-all-the-things-2015.12.10ubuntu2/data/css 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/css 2017-05-20 11:33:18.000000000 +0200 @@ -1,4 +1,12 @@ -# TODO: csslint +[csslint-libcroco] +apt = libcroco-tools +files = *.css +command = csslint-0.6 {file} > /dev/null + +# TODO: https://github.com/CSSLint/csslint # TODO: https://github.com/sasstools/sass-lint # TODO: https://github.com/brigade/scss-lint/ # TODO: https://github.com/rtfpessoa/lesslinter +# TODO: https://github.com/stylelint/stylelint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/cypher check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/cypher --- check-all-the-things-2015.12.10ubuntu2/data/cypher 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/cypher 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,8 @@ +# https://en.wikipedia.org/wiki/Cypher_Query_Language + +[cypher-lint] +apt = cypher-lint (>= 0.3.4) +files = *.cyp +command = cypher-lint {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/dart check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/dart --- check-all-the-things-2015.12.10ubuntu2/data/dart 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/dart 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,3 @@ # TODO: shell metacharacter injection: Process runInShell parameter + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/debian check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/debian --- check-all-the-things-2015.12.10ubuntu2/data/debian 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/debian 2017-05-20 11:33:18.000000000 +0200 @@ -1,52 +1,116 @@ [cme-check-dpkg] +flags = perl-bug-588017 network apt = cme | libconfig-model-perl (<< 2.063), libconfig-model-dpkg-perl -match = ./debian/control ./debian/copyright +files = ./debian/control ./debian/copyright command = cme check dpkg +[scan-copyrights] +flags = todo perl-bug-588017 +comment = needs testing +apt = libconfig-model-dpkg-perl +command = scan-copyrights + [uscan] -apt = devscripts -match = ./debian/watch +apt = devscripts, libwww-perl +files = ./debian/watch command = uscan --report-status --no-verbose -flags = network +flags = network perl-bug-588017 [chk-origtargz] flags = todo network -apt = devscripts -match = ./debian/watch +apt = devscripts, libwww-perl +files = ./debian/watch comment = not yet implemented but checkorig would be like this: tmp=$(mktemp -d) - uscan --download-current-version --destdir $tmp + env PERL5OPT=-m-lib=. uscan --download-current-version --destdir $tmp diffoscope/tardiff/cmp ../*.orig.* $tmp/* rm -rf $tmp [duck] apt = duck -match = ./debian/control ./debian/upstream ./debian/upstream-metadata.yaml ./debian/upstream/metadata ./debian/copyright +files = ./debian/control ./debian/upstream ./debian/upstream-metadata.yaml ./debian/upstream/metadata ./debian/copyright command = duck -flags = network +flags = network perl-bug-588017 [lintian] +flags = package perl-bug-588017 apt = lintian -match = ../*.changes ../*.deb ../*.dsc +files = ./debian/changelog +command = lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto + +[lintian-curdir] +flags = package perl-bug-588017 +apt = lintian +files = *.changes *.deb *.dsc +types = application/vnd.debian.binary-package command = lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto {files} -# TODO: re-enable if the package is ever revived -# TODO: see #768988 and #778796 -#[lintian4python] -#apt = lintian4python -#match = ../*.changes ../*.deb ../*.dsc -#command = lintian4py {files} +[lintian4python] +flags = apt-suggests package python perl-bug-588017 +comment = remove apt-suggests if the package is ever revived, see Debian #768988 and #778796 +apt = lintian4python +files = ../*.changes ../*.deb ../*.dsc *.changes *.deb *.dsc +types = application/vnd.debian.binary-package +command = lintian4py {files} [upstream-metadata] -command = +command = test -d ./debian && - ! grep -s -q native debian/source/format && + ! grep -sq native debian/source/format && ! test -e debian/upstream/metadata && echo 'Please add some upstream metadata: https://wiki.debian.org/UpstreamMetadata' +[wrap-and-sort] +flags = modify +apt = devscripts +# Only need to match debian/control as it is always present +# alongside any of the files supported by wrap-and-sort +files = ./debian/control +command = wrap-and-sort --short-indent --wrap-always --sort-binary-packages --trailing-comma --verbose +comment = + wrap-and-sort always modifies files in the source tree (#808574) + wrap-and-sort makes VCS diffs of package info easier to read + +[license-reconcile] +flags = copyright perl-bug-588017 +apt = license-reconcile +files = ./debian/copyright +command = license-reconcile + +[debmake-k] +flags = copyright +apt = debmake +files = ./debian/copyright +command = debmake -k + +[licensecheck2dep5] +flags = copyright todo perl-bug-588017 +comment = Doesn't yet work from within cats +apt = cdbs +files = ./debian/copyright +command = diff -u <(licensecheck --copyright --recursive --check=. | /usr/lib/cdbs/licensecheck2dep5) debian/copyright + +[autodep8] +flags = test +apt = autodep8 +files = ./debian/control +command = autodep8 +comment = + To automatically test the installed packages, + place this in debian/tests/control: + +[debian-tracker] +flags = todo +comment = + First the tracker.d.o API needs to be added (#824912) + Then the pts-actions script needs adding to devscripts +apt = devscripts +files = ./debian/control +command = pts-actions + +# TODO: decopy # TODO: dep11-tools -# TODO: spellintian # TODO: i18n # TODO: vcswatch # TODO: screenshot @@ -84,8 +148,6 @@ # TODO: grep-excuses -w # TODO: autopkgtest/sadt # TODO: pkg-perl-tools lintian -# TODO: license-reconcile -# TODO: scan-copyright # TODO: apt Apt::Get::AllowUnauthenticated=true and --force-yes # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/desktop check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/desktop --- check-all-the-things-2015.12.10ubuntu2/data/desktop 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/desktop 2017-05-20 11:33:18.000000000 +0200 @@ -1,6 +1,6 @@ [desktop-file-validate] apt = desktop-file-utils -match = *.desktop +files = *.desktop command = desktop-file-validate {file} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/django check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/django --- check-all-the-things-2015.12.10ubuntu2/data/django 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/django 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,3 @@ # TODO: https://chris-lamb.co.uk/projects/django-template-tests + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/docker check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/docker --- check-all-the-things-2015.12.10ubuntu2/data/docker 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/docker 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,6 @@ +# TODO: https://github.com/lukasmartinelli/hadolint +# TODO: https://github.com/RedCoolBeans/dockerlint/ +# TODO: https://github.com/projectatomic/dockerfile_lint/ +# TODO: https://github.com/aweiteka/dockerfile_checker + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/elf check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/elf --- check-all-the-things-2015.12.10ubuntu2/data/elf 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/elf 2017-05-20 11:33:18.000000000 +0200 @@ -1,18 +1,85 @@ [bfbtester] comment = Dangerous because it executes binaries apt = bfbtester -match = ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* -command = bfbtester -x{njobs} -a {files} +files = ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* +types = application/x-executable +command = bfbtester -x{njobs} -a -t {files} flags = dangerous -# TODO: lockdep +[lockdep] +flags = dangerous manual +apt = lockdep +files = ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* +types = application/x-executable +comment = + Please test any installed pthread-using programs using lockdep + Dangerous because it executes binaries +command = lockdep {files} + +[zzuf] +flags = dangerous manual fuzz +apt = zzuf +files = + ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* + *.c *.cc *.cxx *.cpp +types = application/x-executable text/x-c text/x-c++ +comment = + Please fuzz test any installed programs using zzuf + Dangerous because it executes binaries +command = zzuf command args + +[afl] +flags = dangerous manual fuzz +apt = afl +files = + ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* + *.c *.cc *.cxx *.cpp +types = application/x-executable text/x-c text/x-c++ +comment = + Please fuzz test any installed programs using American fuzzy lop + Dangerous because it executes binaries +prereq = command -v afl-gcc +command = CC=afl-gcc CXX=afl-g++ ./configure ; make clean all ; afl-fuzz -i testcases -o findings command -arg @@ + +[hardening-check] +apt = hardening-includes +files = ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* + ./debian/*/lib/lib*.so* ./debian/*/lib/*/lib*.so* ./debian/*/usr/lib/lib*.so* ./debian/*/usr/lib/*/lib*.so* +types = application/x-executable +flags = perl-bug-588017 +command = hardening-check --quiet {files} + +[leaktracer] +flags = dangerous modify manual +comment = + Please check any installed C++ programs for memory leaks + Please note that it creates/updates the leak.out file + Dangerous because it executes binaries +files = + ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* + *.cc *.cxx *.cpp +types = application/x-executable text/x-c++ +command = LeakCheck ./command && leak-analyze ./command ; rm -f leak.out + +[tmperamental] +flags = dangerous manual +comment = + Please check any installed programs respect TMPDIR + Dangerous because it executes binaries +files = ./debian/*/bin/* ./debian/*/usr/bin/* ./debian/*/sbin/* ./debian/*/usr/sbin/* ./debian/*/usr/games/* +types = application/x-executable +command = tmperamental command args + # TODO: abigail-tools # TODO: icheck # TODO: abicheck # TODO: valgrind -# TODO: leaktracer # TODO: electric-fence -# TODO: tmperamental (dangerous) # TODO: https://www.gnu.org/software/libc/manual/html_node/Heap-Consistency-Checking.html # TODO: http://udrepper.livejournal.com/11429.html # TODO: MALLOC_CHECK_=2 MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) +# TODO: fuzz +# TODO: https://github.com/vmware/chap +# TODO: http://search.cpan.org/~gnb/Devel-Plumber/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/encoding check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/encoding --- check-all-the-things-2015.12.10ubuntu2/data/encoding 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/encoding 2017-05-20 11:33:18.000000000 +0200 @@ -1,4 +1,6 @@ [uu-test] apt = sharutils -match = *.uue *.uu *.enc -command = uudecode -o /dev/null +files = *.uue *.uu *.enc +command = uudecode -o /dev/null {file} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/english check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/english --- check-all-the-things-2015.12.10ubuntu2/data/english 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/english 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,47 @@ +[codespell] +flags = spelling fixme +apt = codespell +command = codespell --quiet-level=3 +comment = + Additional codespell dictionaries need packaging: + https://github.com/orbitcowboy/codespell_dictionary + +[sourcecode-spellchecker] +flags = todo spelling +comment = CPAN Sourcecode::Spellchecker + +[spellintian] +flags = spelling perl-bug-588017 +apt = lintian +not-dirs = + .bzr .git .hg .svn CVS RCS SCCS _MTN _darcs .pc + .cabal-sandbox .cdv .metadata CMakeFiles _build + _sgbak autom4te.cache blib cover_db node_modules + ~.dep ~.dot ~.nib ~.plst +not-files = + *.bak *.swp #.* #*# core.* *~ + *.gif *.jpg *.jpeg *.png + *.min.js *.js.map *.js.min + *.min.css *.css.map *.css.min + *.wav +types = text/plain +command = spellintian --picky {files} + +[proselint] +flags = style +apt = python3-proselint +# TODO: update it before releases: +# cat $(python3 -c 'import proselint.command_line as c; print(c.__file__)') | sed -n -e 's/^ *legal_extensions *= *//p' | sed -e 's/^\["/*/; s/"\]$//; s/", *"/ */g' +files = *.md *.txt *.rtf *.html *.tex *.markdown +command = proselint . + +# TODO: diction +# TODO: https://jwilk.net/software/mwic +# TODO: https://www.cs.umd.edu/~nspring/software/style-check-readme.html +# TODO: https://github.com/btford/write-good +# TODO: https://www.languagetool.org/ #403619 +# TODO: http://jwilk.net/software/anorack +# TODO: https://github.com/decagon/pedant +# TODO: https://github.com/atpaino/deep-text-corrector + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/epub check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/epub --- check-all-the-things-2015.12.10ubuntu2/data/epub 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/epub 2017-05-20 11:33:18.000000000 +0200 @@ -1,8 +1,14 @@ [epubcheck] +flags = fixme fixme-silent run-in-tmp-dir apt = epubcheck -match = *.epub +files = *.epub +types = application/epub+zip command = epubcheck --quiet {file} | egrep -v '^(Check finished with warnings or errors| *)$' -# TODO: flightcrew +[flightcrew] +apt = flightcrew +files = *.epub +types = application/epub+zip +command = flightcrew-cli {files} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/erlang check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/erlang --- check-all-the-things-2015.12.10ubuntu2/data/erlang 2015-11-08 16:13:49.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/erlang 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,17 @@ -# TODO: shell metacharacter injection: os:cmd erlang:open_port +[erlang-shell-inject] +files = *.erl +comment = These calls are potentially vulnerable to shell metacharacter injection +command = grep -nHEC2 'cmd|open_port' {files} + +[erl-tidy] +flags = run-in-tmp-dir +apt = erlang-syntax-tools, erlang-base +files = *.erl +command = erl -noshell -eval 'erl_tidy:dir(".", [{{test, true}}, {{verbose, false}}]).' -s init stop + +[erlang-elvis] +flags = todo +files = *.erl +comment = https://github.com/inaka/elvis + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/fhs check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/fhs --- check-all-the-things-2015.12.10ubuntu2/data/fhs 2014-04-22 11:01:44.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/fhs 2017-05-20 11:33:18.000000000 +0200 @@ -1,4 +1,4 @@ [fhs] -command = grep -Er '/(home|srv|opt)(\W|$)' . +command = grep -nHEr '/(home|srv|opt)(\W|$)' . # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/fits check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/fits --- check-all-the-things-2015.12.10ubuntu2/data/fits 2014-06-10 04:08:25.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/fits 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,21 @@ -# TODO: pyfits-utils +[fitscheck] +apt = astropy-utils | pyfits-utils (<< 1:3.3-4~) | fitscheck (<< 1:3.1.2-1~) +files = *.fits *.fts +types = application/fits image/fits +command = fitscheck --checksum=either {files} + +[wcslint] +flags = fixme fixme-silent +apt = astropy-utils +files = *.fits *.fts +types = application/fits image/fits +command = wcslint {file} + +[volint] +flags = fixme +apt = astropy-utils +files = *.vot *.votable.xml +types = application/x-votable+xml +command = volint {file} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/fonts check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/fonts --- check-all-the-things-2015.12.10ubuntu2/data/fonts 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/fonts 2017-05-20 11:33:18.000000000 +0200 @@ -1,27 +1,38 @@ [fontlint] -apt = fontforge-nox -match = *.ttf *.otf *.sfd *.pfa *.pfb *.bdf *.pk *.ttc *.pcf +apt = fontforge-nox | fontforge +files = *.ttf *.otf *.woff *.sfd *.pfa *.pfb *.bdf *.pk *.ttc *.pcf +types = application/x-font-ttf application/vnd.ms-opentype command = fontlint {file} [ftvalid] apt = freetype2-demos -match = *.ttf *.otf +files = *.ttf *.otf +types = application/x-font-ttf application/vnd.ms-opentype command = ftvalid {file} [ftlint] +flags = fixme fixme-silent apt = freetype2-demos -match = *.ttf *.otf +files = *.ttf *.otf +types = application/x-font-ttf application/vnd.ms-opentype command = ftlint 16 {files} | grep -v ': OK\.$' -[embedding-restrictions] -flags = todo -apt = python-fontforge -comment = - Fonts in main should not have embedding restriction bits: - python -c '0 != fontforge.open(f).os2_fstype' +[font-embedding-restrictions] +apt = python, python-fontforge, python-debian +files = *.ttf *.otf *.sfd *.pfa *.pfb *.bdf *.pk *.ttc *.pcf +command = check-font-embedding-restrictions {files} [font-validator] flags = todo comment = https://github.com/Microsoft/Font-Validator +[opentype-sanitiser] +flags = todo +comment = opentype-sanitiser RFP #817031 https://github.com/khaledhosny/ots + +[t1lint] +apt = lcdf-typetools +files = *.pfa *.pfb +command = t1lint {files} + # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/gettext check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/gettext --- check-all-the-things-2015.12.10ubuntu2/data/gettext 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/gettext 2017-05-20 11:33:18.000000000 +0200 @@ -1,22 +1,28 @@ [msgfmt-check] apt = gettext -match = *.po *.pot +files = *.po *.pot +types = text/x-po command = msgfmt --check --check-compatibility --check-accelerators --output-file=/dev/null {file} [gettext-lint-checker] +flags = fixme fixme-silent apt = gettext-lint -match = *.po *.pot +files = *.po *.pot +types = text/x-po command = POFileChecker {files} [gettext-lint-spell] -apt = gettext-lint -match = *.po *.pot -command = POFileSpell {files} +flags = spelling fixme fixme-silent manual +apt = gettext-lint, aspell +files = *.po +types = text/x-po +command = POFileSpell --command='aspell --encoding=UTF-8 --lang= list' [i18nspector] apt = i18nspector -match = *.po *.pot *.mo *.gmo -command = i18nspector {files} +files = *.po *.pot *.mo *.gmo +types = text/x-po +command = i18nspector --jobs {njobs} {files} [acheck] flags = todo diff -Nru check-all-the-things-2015.12.10ubuntu2/data/gif check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/gif --- check-all-the-things-2015.12.10ubuntu2/data/gif 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/gif 2017-05-15 04:20:52.000000000 +0200 @@ -0,0 +1,11 @@ +[giffix] +flags = todo fixme images +comment = + Needs an option to not dump images to stdout + Needs an option to check but not modify files +apt = giflib-tools +files = *.gif +types = image/gif +command = giffix {file} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/go check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/go --- check-all-the-things-2015.12.10ubuntu2/data/go 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/go 2017-05-20 11:33:18.000000000 +0200 @@ -1,14 +1,30 @@ [gofmt] apt = golang-go -match = *.go +files = *.go command = gofmt -l {files} +[goimports] +apt = golang-golang-x-tools +files = *.go +command = goimports -l {files} + +[golint] +apt = golint +files = *.go +command = golint {file} + +[govet] +apt = golang-go +files = *.go +command = go tool vet {files} + [go-generate] comment = Please ensure that the files generated by go generate are rebuilt at build time. -match = *.go -command = grep go:generate {files} +files = *.go +command = grep -nH go:generate {files} -# TODO: govet -# TODO: golint #799169 # TODO: https://github.com/dvyukov/go-fuzz#go-fuzz-randomized-testing-for-go # TODO: http://0xdabbad00.com/2015/04/12/looking_for_security_trouble_spots_in_go_code/ +# TODO: https://golang.org/cmd/fix/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/haskell check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/haskell --- check-all-the-things-2015.12.10ubuntu2/data/haskell 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/haskell 2017-05-20 11:33:18.000000000 +0200 @@ -1,19 +1,23 @@ [hlint] apt = hlint +files = *.hs command = hlint . +flags = fixme fixme-silent [cabal] apt = cabal-install -match = *.cabal +files = *.cabal command = cabal check -[ghc-mod-lint] -apt = ghc-mod -match = *.hs -not-match = HLint.hs Setup.hs -command = ghc-mod lint {file} +[stylish-haskell] +flags = modify fixme style +apt = stylish-haskell +files = *.hs +command = stylish-haskell --inplace {files} +comment = + A dry-run option is needed to not modify files: + https://github.com/jaspervdj/stylish-haskell/issues/107 # TODO: shell metacharacter injection: createProcess shell system runCommand runInteractiveCommand from System.Process/System.Cmd -# TODO: https://hackage.haskell.org/package/stylish-haskell # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/haxe check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/haxe --- check-all-the-things-2015.12.10ubuntu2/data/haxe 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/haxe 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,4 @@ +# TODO: https://github.com/HaxeCheckstyle/haxe-checkstyle +# TODO: https://github.com/mcheshkov/haxelint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/html check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/html --- check-all-the-things-2015.12.10ubuntu2/data/html 2014-06-10 04:08:25.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/html 2017-05-20 11:33:18.000000000 +0200 @@ -5,3 +5,7 @@ # TODO: w3c-linkchecker # TODO: wdg-html-validator # TODO: tidy +# TODO: linklint +# TODO: webcheck + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/http check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/http --- check-all-the-things-2015.12.10ubuntu2/data/http 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/http 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,7 @@ +[httpolice] +flags = todo +comment = https://github.com/vfaronov/httpolice +files = *.har +command = httpolice -i har {file} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/java check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/java --- check-all-the-things-2015.12.10ubuntu2/data/java 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/java 2017-05-20 11:33:18.000000000 +0200 @@ -1,4 +1,6 @@ [jlint] +flags = apt-suggests fixme fixme-silent +comment = remove suggests tag if it enters Debian again (#811366) apt = jlint command = jlint.sh 2>&1 | fgrep -v 'Verification completed: 0 reported messages.' @@ -6,8 +8,14 @@ # TODO: findbugs # TODO: pmd # TODO: https://sable.github.io/soot/ -# TODO: https://code.google.com/p/error-prone/ +# TODO: https://github.com/google/error-prone # TODO: japi-compliance-checker +# TODO: http://www.opal-project.de/tools/bugpicker/ +# TODO: http://javalib.gforge.inria.fr/Nit.html # TODO: shell metacharacter injection: Runtime.getRuntime().exec() +# TODO: doctorj +# TODO: https://github.com/amaembo/huntbugs +# TODO: https://spotbugs.github.io/ +# TODO: https://find-sec-bugs.github.io/ # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/javascript check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/javascript --- check-all-the-things-2015.12.10ubuntu2/data/javascript 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/javascript 2017-05-20 11:33:18.000000000 +0200 @@ -1,26 +1,35 @@ [js-standard] -flags = todo -match = *.js +flags = todo style +files = *.js comment = https://github.com/feross/standard [js-modern-standard] -flags = todo -match = *.js +flags = todo style +files = *.js comment = https://github.com/modern-standard/modern-standard +[librejs-cli] +flags = todo copyright +comment = librejs-cli is not yet packaged (#820166) +apt = librejs-cli +files = *.js +command = librejs-cli {files} + # TODO: coffeelint # TODO: pylama #779449 -# TODO: https://github.com/jscs-dev/node-jscs +# TODO: https://github.com/jscs-dev/node-jscs (deprecated) # TODO: https://www.airpair.com/node.js/posts/top-10-mistakes-node-developers-make # TODO: https://github.com/rdio/jsfmt -# TODO: https://github.com/mozilla/scanjs +# TODO: https://github.com/mozilla/scanjs (deprecated) # TODO: https://github.com/eslint/eslint # TODO: https://github.com/es-analysis/plato # TODO: https://github.com/abuiles/ember-watson # TODO: http://www.coffeelint.org/ # TODO: http://www.jslint.com/ # TODO: http://jshint.com/ -# TODO: http://flowtype.org/ +# TODO: https://flow.org/ # TODO: closure-linter # TODO: shell metacharacter injection: child_process.exec() # TODO: https://github.com/MozillaSecurity/funfuzz/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/jpeg check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/jpeg --- check-all-the-things-2015.12.10ubuntu2/data/jpeg 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/jpeg 2017-05-20 11:33:18.000000000 +0200 @@ -1,9 +1,11 @@ [jpeginfo] -groups = images +flags = images fixme fixme-silent apt = jpeginfo -match = *.jpg *.jpeg +files = *.jpg *.jpeg +types = image/jpeg command = jpeginfo --check --quiet {files} | fgrep -v '[OK]' # TODO: identify -verbose {file} | grep -i copyright && echo {file} +# TODO: jpegoptim # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/jpeg2000 check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/jpeg2000 --- check-all-the-things-2015.12.10ubuntu2/data/jpeg2000 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/jpeg2000 2017-05-20 11:33:18.000000000 +0200 @@ -1,7 +1,8 @@ [jpylyzer] -groups = images +flags = images apt = python-jpylyzer, libxml2-utils -match = *.jp2 *.j2k *.jpf *.jpx *.jpm *.mj2 +files = *.jp2 *.j2k *.jpf *.jpx *.jpm *.mj2 +types = image/jp2 command = jpylyzer --wrapper {files} | xmllint --format - | egrep 'fileName|isValid' | tr -d \\n | sed 's__&\n_g;s_ *__g;s_ *__g;s__ _g;s_False_is an invalid JPEG2000 file_g' | sed '/True *$/d' # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/json check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/json --- check-all-the-things-2015.12.10ubuntu2/data/json 2015-08-11 11:38:52.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/json 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,13 @@ -# TODO: jsonlint/python-demjson +[jsonlint-py3] +flags = fixme fixme-silent +apt = python3-demjson +files = *.json +command = jsonlint-py3 {files} | grep -v ': ok$' + +[jsonlint-php] +flags = fixme fixme-silent +apt = jsonlint +files = *.json +command = jsonlint-php {file} | grep -v '^Valid JSON$' + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/lisp check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/lisp --- check-all-the-things-2015.12.10ubuntu2/data/lisp 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/lisp 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,7 @@ -# TODO: any checks? +[lisp-critic] +flags = todo +comment = https://github.com/g000001/lisp-critic + +# TODO: https://github.com/fukamachi/sblint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/lua check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/lua --- check-all-the-things-2015.12.10ubuntu2/data/lua 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/lua 2017-05-20 11:33:18.000000000 +0200 @@ -1,6 +1,9 @@ [luacheck] apt = lua-check -match = *.lua -command = luacheck -q . +files = *.lua +flags = fixme fixme-silent run-in-tmp-dir +command = luacheck -q {cwd} # TODO: http://lua-users.org/wiki/ProgramAnalysis + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/make check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/make --- check-all-the-things-2015.12.10ubuntu2/data/make 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/make 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,15 @@ +[make] +apt = make +files = GNUmakefile Makefile *.make *.mk ./debian/rules +types = text/x-makefile +command = make --question --makefile {file} +comment = Dangerous, executes code from $(shell) in ":=" assignments. +flags = dangerous + +[make-phony] +files = GNUmakefile Makefile *.make *.mk ./debian/rules +types = text/x-makefile +comment = common misspelling of .PHONY +command = grep -nHEw '[.]PHONEY?' {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/malware check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/malware --- check-all-the-things-2015.12.10ubuntu2/data/malware 2014-06-10 04:08:25.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/malware 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,3 @@ # TODO: clamav clamscan + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/markdown check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/markdown --- check-all-the-things-2015.12.10ubuntu2/data/markdown 2014-06-10 04:08:25.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/markdown 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,4 @@ # TODO: https://github.com/shurcooL/markdownfmt +# TODO: https://github.com/mivok/markdownlint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/misc check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/misc --- check-all-the-things-2015.12.10ubuntu2/data/misc 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/misc 2017-05-20 11:33:18.000000000 +0200 @@ -1,103 +1,171 @@ [licensecheck] -apt = devscripts +flags = copyright +apt = licensecheck | devscripts (<< 2.16.6~) command = licensecheck --check=. --recursive --copyright . # TODO: is --check=. reasonable? [suspicious-source] -apt = devscripts, python3-magic | python-magic +# We need: +# devscripts (<< 2.13.1~), python-magic +# or +# devscripts (>= 2.13.1~), python3-magic +apt = devscripts, devscripts (>= 2.13.1~) | python-magic, devscripts (<< 2.13.1~) | python3-magic command = suspicious-source [licensecheck-generated-files] -apt = devscripts -command = licensecheck --check=. --recursive --copyright . | grep -F 'GENERATED FILE' +apt = licensecheck | devscripts (<< 2.16.6~) +command = licensecheck --check=. --recursive --copyright . | grep -aF 'GENERATED FILE' [licensecheck-incorrect-fsf-address] -apt = devscripts -command = licensecheck --check=. --recursive --copyright . | grep -F 'with incorrect FSF address' - -[codespell] -apt = codespell -command = codespell --quiet-level=3 - -[sourcecode-spellchecker] -flags = todo -comment = CPAN Sourcecode::Spellchecker +apt = licensecheck | devscripts (<< 2.16.6~) +command = licensecheck --check=. --recursive --copyright . | grep -aF 'with incorrect FSF address' [fdupes] +flags = fixme fixme-ignore apt = fdupes -command = fdupes -q -r . | grep -vE '/(\.(git|svn|bzr|hg|sgdrawer)|_(darcs|FOSSIL_)|CVS)(/|$)' | cat -s +command = fdupes -q -r . | grep -vE '/(\.(git|svn|bzr|hg|sgdrawer|pc)|_(darcs|FOSSIL_)|CVS)(/|$)' | cat -s -[bitmap-multilayer] -groups = images +[bitmap-gimp] +flags = images comment = Check with upstream where the GIMP XCF source files are. -match = *.png *.gif *.jpg *.jpeg -command = grep -iF gimp {files} +files = *.png *.gif *.jpg *.jpeg +types = image/* +command = grep -nHiF gimp {files} -[bitmap-vector] -groups = images +[bitmap-inkscape] +flags = images comment = Check with upstream where the Inkscape SVG source files are. -match = *.png *.gif *.jpg *.jpeg -command = grep -iF inkscape {files} +files = *.png *.gif *.jpg *.jpeg +types = image/* +command = grep -nHiF inkscape {files} + +[bitmap-synfig] +flags = images +comment = Check with upstream where the Synfig SIF source files are. +files = *.png *.gif *.jpg *.jpeg +types = image/* +command = grep -nHi 'SINFG|SYNFIG' {files} + +[bitmap-povray] +flags = images +comment = Check with upstream where the POV-Ray POV source files are. +files = *.png *.gif *.jpg *.jpeg +types = image/* +command = grep -nHiF 'POV-Ray' {files} + +[bitmap-gnuplot] +flags = images +comment = Check with upstream where the gnuplot scripts are. +files = *.png *.gif *.jpg *.jpeg +types = image/* +command = grep -nHiF 'gnuplot' {files} + +[bitmap-base64] +flags = images +files = *.xml *.html *.xhtml *.svg +comment = Check with upstream why they are storing binary data in plain text form. +command = grep -nHoP 'data:image/[a-z0-9]*;base64,.{{20}}' {files} [cpuinfo] comment = Parsing /proc/cpuinfo is not portable at all, use /sys instead. -command = grep -rF /proc/cpuinfo . +command = grep -nHrF /proc/cpuinfo . [readme-install] comment = Users of binary packages do not need install instructions. -match = *README* -not-match = README.md README.install -command = grep --ignore-case --fixed-strings --with-filename install {files} - -# TODO: not yet possible (#776559) -#[autoupdate] -#apt = autoconf, diffutils, diffstat -#match = configure.ac configure.in -#command = autoupdate --check +files = *README* +not-files = README.md README.rst README.install +command = grep -nHiF install {files} + +[autoupdate] +flags = modify +apt = autoconf +files = configure.ac configure.in +command = autoupdate +comment = Overwrites configure.ac (#776559) + +[autoscan] +flags = modify +apt = autoconf +files = configure.ac configure.in +command = autoscan +comment = Overwrites autom4te.cache/ autoscan.log configure.scan (#818572) [empty] -command = find \( -name .git -o -name .svn -o -name .bzr -o -name CVS -o -name .hg -o -name _darcs -o -name _FOSSIL_ -o -name .sgdrawer \) -prune -o -empty -print +types = inode/x-empty +command = find . \( -name .git -o -name .svn -o -name .bzr -o -name CVS -o -name .hg -o -name _darcs -o -name _FOSSIL_ -o -name .sgdrawer -o -name .pc \) -prune -o -empty -print [todo] -command = grep -riE 'fixme|todo|hack|xxx' . +command = grep -nHriE 'fixme|todo|hack|xxx+|broken' . [isutf8] apt = moreutils -# TODO: replace prune with --ignore option -prune = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer -# TODO: replace not-match with recursive option (#780197) -not-match = +not-dirs = .git .svn .bzr CVS .hg _darcs _FOSSIL_ .sgdrawer .pc +flags = fixme fixme-ignore +comment = A recursive option needs to be implemented (#780197) +not-files = *.blend - *.icns *.bmp *.ico *.png *.gif *.jpg *.jpeg *.tga *.xcf + *.icns *.bmp *.ico *.png *.gif *.jpg *.jpeg *.tga *.xcf *.tif *.tiff *.mo *.gmo *.gz *.bz2 *.xz *.lz *.zip *.tar *.deb *.pdf *.odt *.docx *.doc + *.chm *.torrent *.pyc *.pyo *.o *.so *.so.* *.debug - *.wav *.ogg *.oga *.ogv *.mid + *.wav *.ogg *.oga *.ogv *.mid *.mp3 *.flac *.ttf *.otf *.fon *.pgp *.gpg + *.dat +types = text/* command = isutf8 {files} [disabled-tests] -command = grep -riEC1 '((check|test) *\|\| *true|-dh_auto_test)' . +command = grep -nHriEC1 '((check|test) *\|\| *true|-dh_auto_test)' . + +[timeless] +comment = Prevents reproducible builds: https://reproducible-builds.org/ +command = grep -nHrE '__DATE__|__TIME__|__TIMESTAMP__' . + +[project-flint] +flags = todo +comment = #809042 https://github.com/pengwynn/flint + +[http] +comment = check if these can be switched to https:// +command = grep -nHrF http: . + +[embed-readme] +flags = embed +files = *README* +comment = Please check if these README files belong to embedded code/data copies. +command = find . -mindepth 2 -iname '*README*' + +[embed-dirs] +flags = embed +comment = Please check if these directories contain embedded code/data copies. +command = find . -type d -name 'vendor*' -o -iname '*rd*party' -o -iname 3rdp -o -name contrib -o -name imports -o -name node_modules -o -iname external -o -iname deps -o -name inc + +[mailto] +comment = As per RFC 6068, there should be no slashes after "mailto:". +command = grep -nHrF mailto:/ . # TODO: EC2_SECRET_KEY # TODO: curl -k --insecure # TODO: wget --no-check-certificate # TODO: svn --trust-server-cert # TODO: bogomips -# TODO: diction -# TODO: ripper #796920 +# TODO: ripper # TODO: similarity-tester sim_text -# TODO: http://jwilk.net/software/mwic -# TODO: https://bitbucket.org/jwilk/spellintian -# TODO: https://www.cs.umd.edu/~nspring/software/style-check-readme.html -# TODO: https://github.com/coala-analyzer/coala +# TODO: https://github.com/coala/coala # TODO: https://github.com/nexB/scancode-toolkit/ # TODO: https://github.com/jeremylong/DependencyCheck/ # TODO: http://www.coding-guidelines.com/numbers/ # TODO: ebnflint # TODO: http://fbinfer.com/ #789059 +# TODO: https://github.com/facebook/pfff/wiki/Scheck +# TODO: http://jwilk.net/software/urlycue +# TODO: https://github.com/dlenski/wtf +# TODO: https://marc-stevens.nl/research/software/download.php?file=libdetectcoll-0.2.zip +# TODO: https://github.com/cr-marcstevens/sha1collisiondetection +# TODO: https://github.com/dxa4481/truffleHog # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/mp3 check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/mp3 --- check-all-the-things-2015.12.10ubuntu2/data/mp3 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/mp3 2017-05-20 11:33:18.000000000 +0200 @@ -1,20 +1,23 @@ [mp3check] -groups = audio +flags = audio apt = mp3check -match = *.mp3 +files = *.mp3 +types = audio/mpeg command = mp3check --error-check --anomaly-check {files} -# TODO: re-enable if it enters Debian again (#673319) -#[checkmp3] -#groups = audio -#apt = checkmp3 -#match = *.mp3 -#command = checkmp3 {files} +[checkmp3] +flags = apt-suggests audio +comment = remove suggests tag if it enters Debian again (#673319) +apt = checkmp3 +files = *.mp3 +types = audio/mpeg +command = checkmp3 {files} [mp3val] -groups = audio +flags = audio apt = mp3val -match = *.mp3 +files = *.mp3 +types = audio/mpeg command = mp3val {files} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/objc check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/objc --- check-all-the-things-2015.12.10ubuntu2/data/objc 2015-11-08 16:13:49.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/objc 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,3 @@ # TODO: any checks? + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/ocaml check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/ocaml --- check-all-the-things-2015.12.10ubuntu2/data/ocaml 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/ocaml 2017-05-20 11:33:18.000000000 +0200 @@ -1,6 +1,22 @@ [ocaml-lintian] +flags = perl-bug-588017 dangerous +comment = Dangerous because it executes shell commands in filenames apt = dh-ocaml, ocaml-nox -match = *.cma +files = *.cma command = ocaml-lintian {files} -# TODO: shell metacharacter injection: system open_process open_process_in open_process_out open_process_full +[ocaml-shell-injection] +files = *.ml +comment = These calls are potentially vulnerable to shell metacharacter injection +command = grep -nHE 'Unix\.(system|open_process(|_in|_out|_full))' {files} + +[ocaml-unsafe-features] +apt = ocaml-nox +files = *.cmi *.cmo *.cma *.cmx *.cmxa *.cmxs +command = ocamlobjinfo {file} | grep -E '^(File |Uses unsafe features: YES)' | perl -nle 'print "$prev\n$_" if /^Uses / and $prev =~ /^File /; $prev=$_' + +# TODO: unsafe language features: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702349#24 +# asked about on #ocaml and here: <1452740997.2807.5.camel@debian.org> +# TODO: http://mascot.x9c.fr/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/ogg check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/ogg --- check-all-the-things-2015.12.10ubuntu2/data/ogg 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/ogg 2017-05-20 11:33:18.000000000 +0200 @@ -1,13 +1,15 @@ [ogginfo] -groups = audio +flags = audio fixme fixme-silent apt = vorbis-tools -match = *.ogg *.oga *.ogv +files = *.ogg *.oga *.ogv +types = audio/ogg video/ogg command = ogginfo -q {files} | grep -v '^Processing file ' | cat -s [oggz-validate] -groups = audio +flags = audio apt = oggz-tools -match = *.ogg *.oga *.ogv +files = *.ogg *.oga *.ogv +types = audio/ogg video/ogg command = oggz-validate {files} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/openpgp check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/openpgp --- check-all-the-things-2015.12.10ubuntu2/data/openpgp 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/openpgp 2017-05-20 11:33:18.000000000 +0200 @@ -1,15 +1,29 @@ [hokey-lint] -groups = keys +flags = keys apt = hopenpgp-tools -match = *.pgp *.gpg +files = *.pgp *.gpg +types = application/x-pgp-keyring command = cat {files} | hokey lint +comment = + If you contact the owners of these keys, please point out OpenPGP best practices: + https://help.riseup.net/en/security/message-security/openpgp/best-practices [hokey-lint-asc] -groups = keys +flags = keys apt = hopenpgp-tools -match = *.asc +files = *.asc command = cat {files} | hot dearmor | hokey lint +comment = + If you contact the owners of these keys, please point out OpenPGP best practices: + https://help.riseup.net/en/security/message-security/openpgp/best-practices [pgp-private-key] -groups = keys -command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN PGP PRIVATE KEY BLOCK-----.*-----END PGP PRIVATE KEY BLOCK-----' . +flags = keys +command = grep -rPzl '(?s)-----BEGIN PGP PRIVATE KEY BLOCK-----.*-----END PGP PRIVATE KEY BLOCK-----' . + +[insecure-recv-keys] +flags = keys +comment = Only ever use the full fingerprint when downloading keys +command = grep -nHrP '\b(?:apt-key|gpg2?)\b.*--recv(-keys?)?\s+(0x)?[0-9a-fA-F]{{1,31}}\b' . + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/opus check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/opus --- check-all-the-things-2015.12.10ubuntu2/data/opus 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/opus 2017-05-20 11:33:18.000000000 +0200 @@ -1,4 +1,6 @@ [opusinfo] apt = opus-tools -match = *.opus +files = *.opus command = opusinfo -q {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/overlay/debian/jessie/c check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/overlay/debian/jessie/c --- check-all-the-things-2015.12.10ubuntu2/data/overlay/debian/jessie/c 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/overlay/debian/jessie/c 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,13 @@ +[clang-modernize] +flags = modify +apt = clang-modernize-3.5 +files = + *.cc *.cxx *.cpp + *.hh *.hxx *.hpp +types = text/x-c text/x-c++ +comment = + Please consider modernizing your C++ code with clang-modernize: + http://clang.llvm.org/extra/clang-modernize.html +command = clang-modernize {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/overlay/debian/jessie/gettext check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/overlay/debian/jessie/gettext --- check-all-the-things-2015.12.10ubuntu2/data/overlay/debian/jessie/gettext 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/overlay/debian/jessie/gettext 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,6 @@ +[i18nspector] +# Drop --jobs from the arguments since it gives an error: +# i18nspector: error: unrecognized arguments: --jobs=2 +command = i18nspector {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/overlay/debian/jessie/python check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/overlay/debian/jessie/python --- check-all-the-things-2015.12.10ubuntu2/data/overlay/debian/jessie/python 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/overlay/debian/jessie/python 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,7 @@ +[pep8] +flags = style +apt = pep8 +files = *.py +types = text/x-python +command = pep8 --ignore W191 {files} + diff -Nru check-all-the-things-2015.12.10ubuntu2/data/pascal check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/pascal --- check-all-the-things-2015.12.10ubuntu2/data/pascal 2015-11-08 16:13:49.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/pascal 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,3 @@ # TODO: any checks? + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/pcap check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/pcap --- check-all-the-things-2015.12.10ubuntu2/data/pcap 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/pcap 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,6 @@ +[dsniff] +flags = network-dump fixme fixme-silent +files = *.pcap +command = /usr/sbin/dsniff -p {file} | grep -v 'dsniff: using ' + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/pdf check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/pdf --- check-all-the-things-2015.12.10ubuntu2/data/pdf 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/pdf 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,6 @@ # TODO: http://slidelint.net/ +# TODO: http://multivalent.sourceforge.net/Tools/pdf/Validate.html +# TODO: http://jhove.sourceforge.net/pdf-hul.html +# TODO: https://pdfbox.apache.org/1.8/cookbook/pdfavalidation.html + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/pe check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/pe --- check-all-the-things-2015.12.10ubuntu2/data/pe 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/pe 2017-05-09 03:20:42.000000000 +0200 @@ -0,0 +1 @@ +# TODO: https://github.com/Microsoft/binskim diff -Nru check-all-the-things-2015.12.10ubuntu2/data/perl check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/perl --- check-all-the-things-2015.12.10ubuntu2/data/perl 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/perl 2017-05-20 11:33:18.000000000 +0200 @@ -1,30 +1,54 @@ [perl-syntax-check] apt = perl -match = *.pl *.pm +files = *.pl *.pm +types = text/x-perl command = perl -wc {file} | grep -v ' syntax OK$' comment = Dangerous because it executes code in use statements and BEGIN, UNITCHECK and CHECK blocks -flags = dangerous +flags = dangerous fixme fixme-silent [perl-b-lint] apt = perl, libb-lint-perl -match = *.pl *.pm -prereq = perl -MO=Lint /dev/null +files = *.pl *.pm +types = text/x-perl +prereq = perl -t -MO=Lint /dev/null command = perl -MO=Lint {file} | grep -v ' syntax OK$' comment = Dangerous because it executes code in use statements and BEGIN, UNITCHECK and CHECK blocks -flags = dangerous +flags = dangerous fixme fixme-silent [perlcritic] +flags = perl-bug-588017 fixme fixme-silent apt = libperl-critic-perl -command = perlcritic -1 . 2>&1 | grep -vF 'No perl files were found.' +# TODO: update it before releases: +# see _is_perl in Perl::Critic::Utils +files = *.pl *.pm *.t +types = text/x-perl +comment = + May create/overwrite a perltidy.ERR file in the current dir (#834213) + To see full descriptions of each issue, add %d to the --verbose option value +command = perlcritic --noprofile -1 --verbose '%f:%l:%c: %m. %e. Near `%r` (Severity: %s)\n' . 2>&1 | grep -vF 'No perl files were found.' [perllib] -command = grep -rw PERLLIB . +command = grep -nHrw PERLLIB . [podlint] apt = libpod-pom-perl -match = *.pl *.pm +files = *.pl *.pm +types = text/x-perl command = podlint {file} +[podchecker] +apt = perl +files = *.pl *.pm *.pod +types = text/x-perl +command = podchecker {files} +flags = fixme fixme-silent + +[cpants-lint] +flags = todo perl-bug-588017 +apt = cpants-lint +comment = It is not able to use the current dir instead of tarball (#823299) +command = cpants_lint + # TODO: pkg-perl-tools dpt-packagecheck check-build # TODO: perltidy # TODO: libperl-metrics-simple-perl diff -Nru check-all-the-things-2015.12.10ubuntu2/data/php check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/php --- check-all-the-things-2015.12.10ubuntu2/data/php 2016-03-23 02:18:56.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/php 2017-05-20 11:33:18.000000000 +0200 @@ -1,19 +1,23 @@ [php-syntax-check] -apt = php-cli -match = *.php* -command = php -l -f {file} +apt = php-cli | php5-cli +files = *.php* +types = text/x-php +command = php -l -f {file} | grep -v '^No syntax errors detected in ' [php-grinder] -match = *.php* +files = *.php* +types = text/x-php comment = You may want to submit your PHP code to http://php-grinder.com/ # TODO: pkg-php-tools pkgtools # TODO: php-codesniffer # TODO: pdepend # TODO: phpmd +# TODO: php7cc # TODO: https://github.com/wayfair/hussar # TODO: https://github.com/rlerdorf/phan # TODO: https://github.com/sebastianbergmann/phpcpd +# TODO: https://github.com/wsdookadr/mdetect https://blog.garage-coding.com/2016/09/01/detecting-potentially-malicious-php-code-using-parsers-and-heuristics.html # TODO: shell metacharacter injection: backticks exec system passthru shell_exec popen proc_open # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/pkg-config check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/pkg-config --- check-all-the-things-2015.12.10ubuntu2/data/pkg-config 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/pkg-config 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,6 @@ +[pkg-config] +apt = pkg-config +files = *.pc +command = pkg-config --validate {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/png check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/png --- check-all-the-things-2015.12.10ubuntu2/data/png 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/png 2017-05-20 11:33:18.000000000 +0200 @@ -1,9 +1,11 @@ [pngcheck] -groups = images +flags = images apt = pngcheck -match = *.png +files = *.png +types = image/png command = pngcheck -q {files} # TODO: identify -verbose {file} | grep -i copyright && echo {file} +# TODO: pngcrush/optipng/advpng # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/puppet check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/puppet --- check-all-the-things-2015.12.10ubuntu2/data/puppet 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/puppet 2017-05-20 11:33:18.000000000 +0200 @@ -1,19 +1,18 @@ [puppet-lint] -groups = cfg-mgmt +flags = cfg-mgmt run-in-tmp-dir apt = puppet-lint -match = *.pp +files = *.pp command = puppet-lint {files} [puppet] -groups = cfg-mgmt +flags = cfg-mgmt apt = puppet -match = *.pp +files = *.pp command = puppet parser validate {files} [puppet-syntax] -groups = cfg-mgmt -flags = todo -comment = ruby-puppet-syntax ITP #800400 +flags = todo cfg-mgmt +comment = ruby-puppet-syntax # TODO: erb files? # erb -x -T '-' {files} | ruby -c diff -Nru check-all-the-things-2015.12.10ubuntu2/data/python check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/python --- check-all-the-things-2015.12.10ubuntu2/data/python 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/python 2017-05-20 11:33:18.000000000 +0200 @@ -1,51 +1,126 @@ [pyflakes] apt = pyflakes -command = pyflakes . +files = *.py +types = text/x-python +command = pyflakes {files} [pyflakes3] -apt = pyflakes -command = pyflakes3 . - -[pep8] -apt = pep8 -command = pep8 --ignore W191 . +apt = pyflakes3 | pyflakes (<< 1.1.0-1) +files = *.py +types = text/x-python +command = pyflakes3 {files} + +[pycodestyle] +flags = style +apt = pycodestyle +files = *.py +types = text/x-python +command = pycodestyle --ignore W191 {files} + +[pydocstyle] +flags = style +apt = pydocstyle +files = *.py +types = text/x-python +command = pydocstyle . [site-packages] -command = grep -rw site-packages . +command = grep -nHrw site-packages . [pythonpath] -command = grep -rw PYTHONPATH . +command = grep -nHrw PYTHONPATH . [environ-home] -match = *.py -command = grep 'environ *\[.HOME.\]' {files} +files = *.py +types = text/x-python +command = grep -nH 'environ *\[.HOME.\]' {files} [yaml-load] -match = *.py -command = grep -F 'yaml.load' {files} +files = *.py +types = text/x-python +comment = These calls are potentially vulnerable to Python code injection +command = grep -nHF 'yaml.load' {files} + +[pylint] +apt = pylint +files = *.py +types = text/x-python +command = pylint --rcfile=/dev/null --msg-template='{{path}}:{{line}}:{{column}}: [{{category}}:{{symbol}}] {{obj}}: {{msg}}' --reports=n {files} + +[pylint3] +apt = pylint3 +files = *.py +types = text/x-python +command = pylint3 --rcfile=/dev/null --msg-template='{{path}}:{{line}}:{{column}}: [{{category}}:{{symbol}}] {{obj}}: {{msg}}' --reports=n {files} + +[mypy] +apt = mypy +files = *.py +types = text/x-python +command = mypy --fast-parser {files} + +[pyroma] +flags = dangerous fixme fixme-silent +apt = python-pyroma +files = ./setup.py +command = pyroma -d . + +[pyroma3] +flags = dangerous fixme fixme-silent +apt = python3-pyroma +files = ./setup.py +command = pyroma3 -d . + +[python2-bandit] +flags = fixme fixme-silent +apt = python-bandit +files = *.py +types = text/x-python +command = python2-bandit -r . + +[python3-bandit] +flags = fixme fixme-silent +apt = python3-bandit +files = *.py +types = text/x-python +command = python3-bandit -r . + +[dodgy] +flags = fixme fixme-silent +apt = dodgy +types = text/* +command = dodgy + +[vulture] +apt = vulture +files = *.py +command = vulture . # TODO: hacking # TODO: flake8 -# TODO: pep257 -# TODO: pylint +# TDOO: https://github.com/PyCQA/flake8-import-order +# TODO: https://github.com/PyCQA/flake8-bugbear +# TODO: https://github.com/stephenfin/flake8-asserts +# TODO: pylint-celery # TODO: pylint-django +# TODO: pylint-flask # TODO: frosted -# TODO: pychecker +# TODO: pychecker (dangerous) # TODO: twistedchecker # TODO: pymetrics -# TODO: dodgy -# TODO: prospector #781165 -# TODO: pyroma #734121 +# TODO: prospector # TODO: pylama #779449 -# TODO: dodgy #788206 -# TODO: vulture #788222 -# TODO: bandit #793007 # TODO: python-debtcollector -# TODO: python-afl #792317 -# TODO: https://github.com/stackforge/bandit +# TODO: python-afl +# TODO: python3-requirements-detector # TODO: https://github.com/jlachowski/clonedigger # TODO: https://github.com/rubik/xenon -# TODO: https://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html +# TODO: https://gcc-python-plugin.readthedocs.io/en/latest/cpychecker.html +# TODO: http://jwilk.net/software/pydiatra # TODO: shell metacharacter injection: subprocess shell=True os.system os.popen popen2 commands +# TODO: https://github.com/google/pytype +# TODO: pep8-naming +# TODO: https://github.com/mgedmin/check-manifest (dangerous) +# TODO: https://github.com/python-security/pyt # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/rdf check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/rdf --- check-all-the-things-2015.12.10ubuntu2/data/rdf 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/rdf 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,3 @@ # TODO: raptor-utils/raptor2-utils rapper + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/rpm check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/rpm --- check-all-the-things-2015.12.10ubuntu2/data/rpm 2014-06-10 04:08:25.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/rpm 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,9 @@ -# TODO: rpmlint +[rpmlint] +comment = Dangerous because parsing RPM spec files executes arbitrary code +flags = package dangerous +apt = rpmlint +files = *.rpm *.spec +types = application/x-rpm +command = rpmlint . + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/ruby check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/ruby --- check-all-the-things-2015.12.10ubuntu2/data/ruby 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/ruby 2017-05-20 11:33:18.000000000 +0200 @@ -1,8 +1,32 @@ -# TODO: roodi +[rubocop] +flags = fixme fixme-silent +apt = rubocop +# TODO: update it before releases: +# to_inspect function in TargetFinder class +# in target_finder.rb file in rubocop +files = *.rb +types = text/x-ruby +command = rubocop --config /dev/null + +[roodi] +flags = fixme fixme-silent +apt = roodi +# TODO: update it before releases: +# collect_files function in Runner class +# in runner.rb file in roodi +files = *.rb +command = roodi + # TODO: ruby-lint https://github.com/YorickPeterse/ruby-lint -# TODO: rubocop #745423 +# TODO: ruby-reek +# TODO: http://ruby.sadi.st/ # TODO: bundler audit # TODO: https://github.com/presidentbeef/brakeman # TODO: disabling SSL: verify_mode = OpenSSL::SSL::VERIFY_NONE # TODO: shell metacharacter injection: exec system backticks IO.popen Open3.popen3 Open4.popen4 # TODO: http://guides.rubyonrails.org/security.html +# TODO: https://people.eecs.berkeley.edu/~jnear/derailer/ +# TODO: https://people.eecs.berkeley.edu/~jnear/space/ +# TODO: https://github.com/seattlerb/flay + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/rust check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/rust --- check-all-the-things-2015.12.10ubuntu2/data/rust 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/rust 2017-05-20 11:33:18.000000000 +0200 @@ -1,6 +1,8 @@ [rust-unsafe] -match = *.rs -command = grep unsafe {files} +files = *.rs +command = grep -nHw unsafe {files} # TODO: https://github.com/Manishearth/rust-clippy # TODO: https://github.com/Manishearth/rust-tenacious + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/sass check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/sass --- check-all-the-things-2015.12.10ubuntu2/data/sass 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/sass 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,3 @@ -# TODO: sass-spec #779636 +# TODO: sass-spec + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/scala check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/scala --- check-all-the-things-2015.12.10ubuntu2/data/scala 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/scala 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,3 @@ # TODO: https://github.com/scalastyle/scalastyle + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/security check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/security --- check-all-the-things-2015.12.10ubuntu2/data/security 2014-04-22 11:01:44.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/security 2017-05-20 11:33:18.000000000 +0200 @@ -1,4 +1,4 @@ [tmp] -command = grep -r '/tmp/' . +command = grep -nHr '/tmp/' . # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/sh check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/sh --- check-all-the-things-2015.12.10ubuntu2/data/sh 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/sh 2017-05-20 11:33:18.000000000 +0200 @@ -1,22 +1,31 @@ [sh-syntax-check] -match = *.sh +files = *.sh +types = text/x-shellscript command = sh -n {file} [checkbashisms] apt = devscripts -match = *.sh +files = *.sh +types = text/x-shellscript command = checkbashisms {files} [shellcheck] apt = shellcheck -match = *.sh *.bash *.zsh +files = *.sh *.bash *.zsh +types = text/x-shellscript command = shellcheck {files} [bashate] apt = python3-bashate | python-bashate -match = *.sh *.bash -command = bashate --ignore E002 {files} +files = *.sh *.bash +types = text/x-shellscript +command = bashate --ignore E002,E003 {files} +flags = style -# TODO: wget | sudo (ba|z|)sh +[web-to-shell] +command = grep -nHrE '(wget|curl).*\|( *sudo)? *(ba|z|)sh' . + +[web-to-apt-key] +command = grep -nHrE '(wget|curl).*\|( *sudo)? *apt-key' . # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/ssh check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/ssh --- check-all-the-things-2015.12.10ubuntu2/data/ssh 2015-11-07 15:21:33.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/ssh 2017-05-20 11:33:18.000000000 +0200 @@ -1,11 +1,21 @@ [openssh-private-key] -groups = keys -command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN OPENSSH PRIVATE KEY-----.*-----END OPENSSH PRIVATE KEY-----' . +flags = keys +command = grep -rPzl '(?s)-----BEGIN OPENSSH PRIVATE KEY-----.*-----END OPENSSH PRIVATE KEY-----' . [ssh2-private-key] -groups = keys -command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----.*---- END SSH2 ENCRYPTED PRIVATE KEY ----' . +flags = keys +command = grep -rPzl '(?s)---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----.*---- END SSH2 ENCRYPTED PRIVATE KEY ----' . [ec-private-key] -groups = keys -command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN EC PRIVATE KEY-----.*-----END EC PRIVATE KEY-----' . +flags = keys +command = grep -rPzl '(?s)-----BEGIN EC PRIVATE KEY-----.*-----END EC PRIVATE KEY-----' . + +[putty-private-key] +flags = keys +command = grep -rPzl '(?s)PuTTY-User-Key-File-[0-9]+: .*Private-Lines: ' . + +[openssh-private-key-rsa1] +flags = keys +command = grep -rl '^SSH PRIVATE KEY FILE FORMAT ' . + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/swift check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/swift --- check-all-the-things-2015.12.10ubuntu2/data/swift 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/swift 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,4 @@ # TODO: https://tailor.sh/ +# TODO: https://github.com/realm/SwiftLint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/tex check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/tex --- check-all-the-things-2015.12.10ubuntu2/data/tex 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/tex 2017-05-20 11:33:18.000000000 +0200 @@ -1,13 +1,18 @@ [lacheck] apt = lacheck -match = *.tex +files = *.tex +types = text/x-tex command = lacheck {files} [lintex] apt = lintex -match = *.aux *.bbl *.blg *.dvi *.idx *.ilg *.ind *.lof *.log *.lot *.nav *.out *.pdf *.ps *.snm *.thm *.toc *.toc.old *.synctex.gz *.xyc +files = *.aux *.bbl *.blg *.dvi *.idx *.ilg *.ind *.lof *.log *.lot *.nav *.out *.pdf *.ps *.snm *.thm *.toc *.toc.old *.synctex.gz *.xyc command = lintex -r -o -p -# TODO: chktex +[chktex] +apt = chktex +files = *.tex +types = text/x-tex +command = chktex --quiet {files} # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/text check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/text --- check-all-the-things-2015.12.10ubuntu2/data/text 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/text 2017-05-20 11:33:18.000000000 +0200 @@ -1,11 +1,15 @@ [rst-lint] flags = todo apt = python3-restructuredtext-lint | python-restructuredtext-lint -match = *.rst +files = *.rst comment = rst-lint {files} [doc8] flags = todo apt = python3-doc8 | python-doc8 -match = *.txt *.text *.rst +files = *.txt *.text *.rst comment = doc8 {files} + +# TODO: https://github.com/myint/rstcheck + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/tiff check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/tiff --- check-all-the-things-2015.12.10ubuntu2/data/tiff 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/tiff 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,3 @@ +# TODO: https://github.com/SLUB-digitalpreservation/checkit_tiff #830293 + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/vala check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/vala --- check-all-the-things-2015.12.10ubuntu2/data/vala 2015-11-08 16:13:49.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/vala 2017-05-20 11:33:18.000000000 +0200 @@ -1 +1,3 @@ # TODO: any checks? + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/vcs check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/vcs --- check-all-the-things-2015.12.10ubuntu2/data/vcs 2015-10-22 03:45:21.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/vcs 2017-05-20 11:33:18.000000000 +0200 @@ -1,7 +1,9 @@ -# TODO: vcs-lint #677792 http://jmtd.net/software/vcs-lint/ https://lists.debian.org/20150310102557.GA32220@chew.redmars.org +# TODO: vcs-lint #677792 https://jmtd.net/software/vcs-lint/ https://lists.debian.org/20150310102557.GA32220@chew.redmars.org # TODO: git tags not pushed to all remotes # for remote in $(git remote) ; do comm -23 <(git tag | sort) <(git ls-remote --tags $remote | sed -n '/{}$/d; s:.*refs/tags/::p' | sort) ; done -# TODO: git commit/tag signing http://mikegerwitz.com/papers/git-horror-story +# TODO: git commit/tag signing https://mikegerwitz.com/papers/git-horror-story # TODO: git/etc fsck # TODO: mr status # TODO: gitrob https://github.com/michenriksen/gitrob + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/vim check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/vim --- check-all-the-things-2015.12.10ubuntu2/data/vim 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/vim 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,3 @@ +# TODO: https://github.com/Kuniwak/vint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/web check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/web --- check-all-the-things-2015.12.10ubuntu2/data/web 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/web 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,4 @@ +# TODO: https://github.com/GoogleChrome/lighthouse +# TODO: https://kryogenix.org/days/2016/06/02/programmatic-progressiveness/ + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/x509 check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/x509 --- check-all-the-things-2015.12.10ubuntu2/data/x509 2015-11-07 15:21:33.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/x509 2017-05-20 11:33:18.000000000 +0200 @@ -1,9 +1,18 @@ [rsa-private-key] -groups = keys -command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN RSA PRIVATE KEY-----.*-----END RSA PRIVATE KEY-----' . +flags = keys +command = grep -rPzl '(?s)-----BEGIN RSA PRIVATE KEY-----.*-----END RSA PRIVATE KEY-----' . [dsa-private-key] -groups = keys -command = grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN DSA PRIVATE KEY-----.*-----END DSA PRIVATE KEY-----' . +flags = keys +command = grep -rPzl '(?s)-----BEGIN DSA PRIVATE KEY-----.*-----END DSA PRIVATE KEY-----' . -# TODO: ssl-cert-check +[ssl-cert-check] +flags = keys fixme fixme-silent +apt = ssl-cert-check +files = *.pem *.cert +command = ssl-cert-check -b -c {file} | grep -vw Valid + +# TODO: https://github.com/kroeckx/x509lint +# TODO: https://github.com/awslabs/certlint + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/xapian check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/xapian --- check-all-the-things-2015.12.10ubuntu2/data/xapian 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/xapian 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,7 @@ +[xapian-check] +flags = todo +comment = needs a way to find which dirs to check +apt = xapian-tools +command = xapian-check + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/xml check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/xml --- check-all-the-things-2015.12.10ubuntu2/data/xml 2015-12-10 05:00:16.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/xml 2017-05-20 11:33:18.000000000 +0200 @@ -1,6 +1,10 @@ [xmllint] apt = libxml2-utils -match = *.xml +files = *.xml +types = application/xml command = xmllint --noout --nonet {files} +# TODO: xmlwf (part of expat) +# TODO: rxp + # vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/xpi check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/xpi --- check-all-the-things-2015.12.10ubuntu2/data/xpi 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/xpi 2017-05-15 04:20:53.000000000 +0200 @@ -0,0 +1,3 @@ +# TODO: https://github.com/mozilla/addons-linter + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/data/yaml check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/yaml --- check-all-the-things-2015.12.10ubuntu2/data/yaml 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/data/yaml 2017-05-20 11:33:18.000000000 +0200 @@ -0,0 +1,6 @@ +[yamllint] +apt = yamllint +files = *.yaml *.yml ./debian/upstream/metadata ./debian/upstream/edam +command = yamllint {files} + +# vim:ft=dosini diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/changelog check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/changelog --- check-all-the-things-2015.12.10ubuntu2/debian/changelog 2016-03-23 02:18:56.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/changelog 2017-06-06 19:20:58.000000000 +0200 @@ -1,3 +1,242 @@ +check-all-the-things (2015.12.10ubuntu3.is.2017.05.20) xenial; urgency=medium + + * SRU to Ubuntu 16.04, from Ubuntu artful, + fixing security issues (LP: #1597245) + + -- Gianfranco Costamagna Tue, 06 Jun 2017 19:19:16 +0200 + +check-all-the-things (2017.05.20) unstable; urgency=medium + + * New release. + - The "Check Things Securely Yet Again" release + - Support BSD versions of the find command + - Support running in more types of terminals/places + - Support running commands in other dirs for safety + - Support properly disabling flags/checks + - Disable remarks about already disabled checks + - Update documentation, TODO items and URLs + - Print remarks more nicely in certain situations + - Print filenames and line numbers where possible + - Flag checks: + + dangerous - rpmlint ocaml-lintian + + run-in-tmp-dir - luacheck puppet-lint epubcheck erl-tidy + + fixme-silent - flawfinder gettext-lint-* luacheck hlint + + network - cme-check-dpkg + + manual - gettext-lint-spell + - Fix complexity - prevent arbitrary code execution + - Fix perlcritic - disable code execution, only run when perl present, + increase verbosity to be more useful + - Fix clang-tidy regression from version 2016.06.29 + - Fix zzuf - incorrect path matches + - Fix yamllint - incorrect find argument grouping + - Fix ELF & Perl checks - add MIME types + - Fix grep checks - use short options for portability + - Fix xapian-check - crash due to use of format strings + - Fix uudecode - include filenames in command-line + - Fix insecure-recv-keys - typo in regex + - Fix appstreamcli - unknown command-line option + - Fix m64-m32 - reduce false positives + - Fix gettext-lint-spell - add missing dependency, drop *.pot + - Fix afl - check it is installed properly + - Fix embed-dirs - add inc/ dirs for Perl packages + - Add podchecker - check Perl POD documentation + - Add pscan - check C printf format strings + - Add leaktracer - check programs for memory leaks + - Add tmperamental - check programs for tmpfile issues + - Add govet - report suspicious Go source code + - Add golint - report Go source code lint + - Add goimports - check missing/unused Go import lines + - Add rubocop - check Ruby code against Ruby Style Guide + - Add roodi - check Ruby code for design issues + - Add gendarme - check Mono/.NET ECMA CIL files + - Add make-phony - find misspelled .PHONY targets + - Add mypy - check Python static typing hints + - Add pyroma - check Python packaging quality + - Add bandit - check Python security quality + - Add dodgy - check dodgy lines in Python code + - Add vulture - check for dead Python code + - Add pycodestyle - check Python code style + - Add pydocstyle - check Python documentation style + - Add proselint - check for English prose issues + - Add chktex - check typographic errors in LaTeX docs + - Add fitscheck/wcslint/volint - FITS/VOTable files + - Add putty-private-key & openssh-private-key-rsa1 + - Remove ghc-mod - just a wrapper for hlint + - TODO items for wtf flake8-plugins xpi-addons-linter + go-fix libdetectcoll sha1collisiondetection giffix + haxelint dockerlint dockerfile_lint dockerfile_checker + truffleHog pyt chap Devel::Plumber + + -- Paul Wise Sat, 20 May 2017 17:33:18 +0800 + +check-all-the-things (2017.01.15) unstable; urgency=high + + * New release. + - The "Check Things Securely Not Portably" release + - Reset terminal modes after commands to avoid colour spew + - Improve compatibility with Python 3.6 + - Update python checks to not work on other distros + because the `python -m` command is insecure + - Update checkers removed from Debian - allow to run if installed + - Update lrzip-test/zstd-test - add MIME types + - Add lz4-test - check lz4 compressed files + - Add path-max - check for non-portable path size macros + - TODO items for deep-text-correcter sblint decopy + + -- Paul Wise Sun, 15 Jan 2017 10:37:30 +0800 + +check-all-the-things (2016.12.25) unstable; urgency=medium + + * New release. + - The "Check Everywhere For Tangerines" release + - Improve the 'no specific checks' remark + - Update php-syntax-check - ignore no files warning + - Update empty - never print inode/x-empty as unchecked + - Update pylint - check text/x-python files too + - Update python checks to work on other distros + - Add make - check Makefiles with GNU make + - Add pkg-config - check pkg-config .pc files + - Add t1lint - check Type 1 font files + - Add zstd-test - check zstd compressed files validity + - TODO items for urlycue multivalent pdf-hul pdfavalidation + huntbugs spotbugs find-sec-bugs binskim + + -- Paul Wise Sun, 25 Dec 2016 08:02:09 +0800 + +check-all-the-things (2016.09.03) unstable; urgency=medium + + * New release. + - The "Reproducibly Depend On Thing Checkers" release + - Fixes reproducible builds by sorting Recommends/Suggests (Closes: #829297) + - Rename an option in line with final 'Remarks' section rename + - Allow autocompletion with alias cats=check-all-the-things + - Ignore quilt .pc directories in all the places VCSen are ignored + - Eliminate terminal crunk for certain situations + - Update spellintian - ignore *.wav files too + - Update unzip-test - check *.zhfst files too + - Update embed-dirs - warn about deps and 3rdp dirs too + - Update cppcheck - check *.hxx *.hh files too + - Add cypher-lint - check Cypher Query Language files + - Add bitmap-synfig - ask where Synfig SIF source files are + - Add bitmap-povray - ask where POV-Ray POV source files are + - Add bitmap-gnuplot - ask where gnuplot scripts are + - Add bitmap-base64 - check files for embedded base64 images + - Add dsniff - check for passwords in packet capture files + - Add web-to-apt-key - check for blindly installing gpg keys + - Add insecure-recv-keys - check for insecure downloads of gpg keys + - TODO items for rstcheck anorack fuzz linklint webcheck doctorj xmlwf + checkit_tiff pylint-celery pylint-flask pep8-naming vint flay mdetect + markdownlint haxe-checkstyle cmake-lint stylelint httpolice pedant + check-manifest rxp + + -- Paul Wise Sat, 03 Sep 2016 12:14:15 +0800 + +check-all-the-things (2016.06.29.1) unstable; urgency=medium + + * New release. + - The "Check A Few More Things Slightly More Securely" release + - More mitigations for Debian perl bug #588017 + - Fix dependencies for uscan based checks + + -- Paul Wise Wed, 29 Jun 2016 13:06:12 +0200 + +check-all-the-things (2016.06.29) unstable; urgency=medium + + * Upload to unstable + * New release. + - The "Check Some Things Slightly More Securely" release + - Warn that running cats in untrusted dirs could have consequences + - Does not enable checks with disabled flags unless choosing those flags + This prevents running dangerous checks with -f perl (Closes: #826089) + - Mitigate Debian perl bug #588017 by passing -m-lib=. to perl-based checks + This prevents perl-based commands from running code from the current dir + - Fix MIME support: disable MIME in commands when MIME is turned off + - Give an error with checks/flags options without check names + - Fixes crash when interrupting the first command that is run + - Fix checking prerequisites for "cat ... | foo" command-lines + - Update dependencies for licensecheck-based checks (see #828830, #828872) + - Disable KWStyle - should only be run manually + - Add clang-tidy - tidy C++ code using LLVM + - Add clang-check - check C++ code using LLVM + - Add clang-modernize (jessie-only) - modernize C++ code + - Add ocaml-unsafe-features - check compiled OCaml for unsafe features + + -- Paul Wise Wed, 29 Jun 2016 10:43:04 +0200 + +check-all-the-things (2016.06.25) experimental; urgency=medium + + * New release. + - The "Check A Bunch Of Things" release + - The official abbreviation is now cats. Meow! + - Bump Standards-Version, no changes needed + - Use https for Vcs-Git and other URLs + - Warn away the busy, lazy or noise intolerant + - Drop the separation between groups/flags + - Drop todo item deps down to Suggests + - Fix file matching in a number of cases + - Add argument completion for bash + - Add an indicator of the currently running command + - Add (slow) support for matching files based on MIME type (Closes: #791722) + - Add better advice for style/complexity/other checks + - Disable network checks when there is no default gateway + - Trim check output to 10 lines by default + - Support overlays for older distros + - Add 'modify' flag for commands that modify files and + thus should not be run by default + - Add 'manual' flag for commands that must be manually run + - Handle 'todo' flagged checks properly + - Show list of found file extensions that were not checked + - Rename final section to 'Remarks' since the name grew long + - Give an error when choosing unknown checks/flags + - Report when help is needed for some existing checks + - Match more ZIP-based files for the unzip-test check + - Document the use of usertags for this package + - Document places where more check tools can be found + - Add appstreamcli validate - check AppStream files + - Add appstream-util validate - check AppStream files + - Add bls-standalone - check build logs for issues + - Add build-log-static-library - warn against static linking + - Add complexity - check C code for function complexity + - Add kwstyle - check C code for style conformance + - Add opencolladavalidator - check COLLADA files + - Add csslint-0.6 - check CSS files + - Add wrap-and-sort - wrap and sort various debian/ files + - Add license-reconcile - check debian/copyright files + - Add debmake-k - check debian/copyright files + - Add autodep8 - check if DEP-8 tests can be created + - Add lockdep - check pthread-using programs + - Add zzuf - fuzz program input + - Add afl - intelligently fuzz program input + - Add hardening-check - check programs for hardening + - Add spellintian - check spelling using lintian dictionaries + - Add flightcrew - check epub e-book files + - Add erlang-shell-inject - check for Erlang shell metachar injection + - Add erl-tidy - check Erlang code + - Add font-embedding-restrictions - check TTF embedding restrictions + - Add two jsonlints - check JSON files + - Add autoupdate - update autotools files + - Add autoscan - check completeness of configure.ac + - Add timeless - check for macros that break reproducible builds + - Add http - check for http URLs to switch to https + - Add embed checks - heuristics for embedded code copies + - Add mailto - check mailto: links + - Add ocaml-shell-injection - check for OCaml shell metachar injection + - Add pylint - check Python code for various issues + - Add rpmlint - check RPM files + - Add web-to-shell - check for `curl | sudo sh` antipattern + - Add ssl-cert-check - check SSL key/cert files + - Add yamllint - check YAML files + - TODO items for android-lint smatch rzip-test lrzip-test + csslint scan-copyrights licensecheck2dep5 debian-tracker + erlang-elvis opentype-sanitiser bugpicker nit librejs-cli + jpegoptim lisp-critic project-flint scheck ocaml-unsafe + ocaml-mascot cpants-lint php7cc pngcrush optipng advpng + mypy pycodestyle pydocstyle python3-requirements-detector + pydiatra pytype ruby-reek ruby-sadist ruby-derailer + ruby-space swiftlint x509lint certlint + + -- Paul Wise Sat, 25 Jun 2016 12:08:10 +0200 + check-all-the-things (2015.12.10ubuntu2) xenial; urgency=medium * Update to PHP7.0 dependencies (LP: #1544352). diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/clean check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/clean --- check-all-the-things-2015.12.10ubuntu2/debian/clean 1970-01-01 01:00:00.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/clean 2017-05-09 03:20:41.000000000 +0200 @@ -0,0 +1,2 @@ +check-all-the-things.1 +debian/check-all-the-things.bash-completion diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/control check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/control --- check-all-the-things-2015.12.10ubuntu2/debian/control 2016-03-23 02:18:56.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/control 2017-05-20 11:33:18.000000000 +0200 @@ -1,24 +1,31 @@ Source: check-all-the-things -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Paul Wise -Standards-Version: 3.9.6 +Maintainer: Paul Wise +Standards-Version: 3.9.8 Section: devel Priority: optional Build-Depends: + bash-completion, debhelper (>= 9), help2man, - python3 -Vcs-Git: git://anonscm.debian.org/collab-maint/check-all-the-things.git + python-argcomplete, + python3, + python3-apt, +Vcs-Git: https://anonscm.debian.org/git/collab-maint/check-all-the-things.git Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/check-all-the-things.git Package: check-all-the-things Architecture: all Depends: python3, - ${misc:Depends} + ${misc:Depends}, Recommends: + python3-argcomplete, + python3-magic, + python3-netifaces, python3-ptyprocess, - ${catt:Recommends} + ${cats:Recommends}, +Suggests: + ${cats:Suggests}, Description: check all of the things! This package will help you check all of the things. . @@ -28,6 +35,10 @@ To find out what kind of things it checks, take a look at the package recommends and data directory. . + WARNING: At this time it is probably not suitable + for running against untrusted directories. + . WARNING: since it checks so many things the output can be very verbose so don't use it if you don't have time to go through the output to find problems. + It is not for the busy, lazy or noise intolerant. diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/copyright check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/copyright --- check-all-the-things-2015.12.10ubuntu2/debian/copyright 2015-11-05 10:42:44.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/copyright 2017-05-09 03:20:41.000000000 +0200 @@ -1,8 +1,8 @@ -Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Files: * Copyright: 2014 Jakub Wilk , - 2015 Paul Wise , + 2015-2016 Paul Wise , License: Expat Files: debian/* diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/install check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/install --- check-all-the-things-2015.12.10ubuntu2/debian/install 2015-12-10 05:00:15.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/install 2017-05-09 03:20:41.000000000 +0200 @@ -1,2 +1,3 @@ check-all-the-things usr/bin +check-font-embedding-restrictions usr/bin data usr/share/check-all-the-things diff -Nru check-all-the-things-2015.12.10ubuntu2/debian/rules check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/rules --- check-all-the-things-2015.12.10ubuntu2/debian/rules 2015-09-24 11:11:10.000000000 +0200 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/debian/rules 2017-05-09 03:20:41.000000000 +0200 @@ -4,10 +4,11 @@ P = check-all-the-things %: - dh $@ --parallel + dh $@ --parallel --with bash-completion override_dh_gencontrol: - dh_gencontrol -- -Vcatt:Recommends="$$(sed -n 's/$$/, /;s/^ *apt *= *//p' data/* | tr -d \\n)" + ./check-all-the-things --set-debian-substvars + dh_gencontrol override_dh_auto_build: help2man \ @@ -16,3 +17,6 @@ --name="Check all of the things!" \ ./$P \ > $P.1 + register-python-argcomplete check-all-the-things > debian/$P.bash-completion + sed -i s/_python_argcomplete/_check_all_the_things_argcomplete/ debian/$P.bash-completion + sed -i 's/$$1/check-all-the-things/' debian/$P.bash-completion diff -Nru check-all-the-things-2015.12.10ubuntu2/doc/README check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/doc/README --- check-all-the-things-2015.12.10ubuntu2/doc/README 2015-12-10 05:00:15.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/doc/README 2017-05-20 11:33:18.000000000 +0200 @@ -1,6 +1,9 @@ # check-all-the-things This is a tool to run many tools that can check various things. +It is probably not suitable for running in untrusted directories +since there could be unknown interactions leading to code execution +or commands that do code execution but are not yet known to do that. ## Philosophy @@ -37,29 +40,108 @@ When adding support for new checkers, please ensure that you add the 'dangerous' flag for checks that execute package code. +When adding support for new checkers that are dangerous when run in +untrusted directories, please make sure that you mitigate this issue +to ensure that the check does *not* execute package code. If there is +no option for this, you can flag the check 'run-in-tmp-dir' and then +cats will automatically update the command to execute in a subshell +and change to a safe temporary directory first. Anything that directly +or indirectly uses the commands or software listed below needs flagging. +The check can refer to the current directory using the {cwd} variable. +Please also verify that the check does not execute package code. + +* Lua +* Python with `-c`, `-m` or `-` options. + +You can also flag the check 'run-in-root-dir' and then cats will +automatically update the command to execute in a subshell and +change to the root directory first. This flag can be used instead +of 'run-in-tmp-dir' to create a simpler shell command when the +tools used by the check are safe when in the root directory. + +When adding support for new checkers that are written in perl, please +make sure that you mitigate the effects of Debian perl bug #588017 to +ensure that the check does *not* execute package code. If you flag +the check perl-bug-588017 then cats will automatically prefix the +command with `env PERL5OPT=-m-lib=.`, which usually mitigates this. +Please also verify that the check does not execute package code. + When adding support for new checkers, please ensure that you use {file} for checkers that take only one argument and that you use {files} for checkers that take more than one argument. +When the support for a check is suboptimal, you can add fixme to the flags +field and add a comment with info about what needs to be fixed. + +Some common comments for fixme flags are available with additional flags: + +fixme-silent: when commands need an option to be more silent +fixme-ignore: when commands need an option to ignore some paths + When adding TODO entries, please add a new check config but set the flags field to todo and add any known hints in the apt/comment/command fields. When adding TODO entries for packages not in Debian, please either add the ITP bug number or a URL to upstream in the comment field. +For ITP bugs or when reporting bugs on other tools that show up in +check-all-the-things, please mark the bug as affecting check-all-the-things +and please usertag the bugs as mentioned in the bugs section below. + For more involved changes to the code you might want to file a bug to discuss the changes with people who are interested. For low-latency discussion you can join the Debian QA IRC channel: -ircs://irc.debian.org/debian-qa +ircs://irc.oftc.net/debian-qa https://webchat.oftc.net/?channels=debian-qa -Please sign all of your commits, tags and pushes with OpenPGP: +Please sign all of your commits and tags with OpenPGP: -http://mikegerwitz.com/papers/git-horror-story +https://mikegerwitz.com/papers/git-horror-story + +Before releases, update lists of extensions copied from elsewhere: + +git grep -C1 TODO.*releases + +Every release should proclaim to be the "Check all the things" release, +but the phrase needs to be mutated for each release to a similar phrase. Tags should be created using this command and the tag annotation should be the release notes for this version, usually stuff from debian/changelog. git tag -a -s check-all-the-things-$(date -u --iso-8601 | tr - .) + +You can use 'cats' as the abbreviation of check-all-the-things. Meow! + +## Bugs + +ITP bugs and bugs filed against other packages should be marked as +affecting check-all-the-things and usertagged as below. + +The user for usertags is check-all-the-things@packages.debian.org + +These usertags should be used: + +new-check: for ITPs or bugs that block the addition of new checks +new-issues: for requests to check new issues in particular checker tools +noise: for bugs in particular checkers that make unnecessary noise +false-positive: for false positives in particular checker tools +file-detection: for issues related to choice of files to check +rm-check: for bugs related to the removal of tools used by checks + +Please feel free to add new usertags and document them here. + +For example: + +To: submit@bugs.debian.org + +User: check-all-the-things@packages.debian.org +Usertags: new-check +Control: affects -1 check-all-the-things + +To: control@bugs.debian.org + +user check-all-the-things@packages.debian.org +usertags 123456 + new-check +affects 123456 + check-all-the-things diff -Nru check-all-the-things-2015.12.10ubuntu2/doc/TODO check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/doc/TODO --- check-all-the-things-2015.12.10ubuntu2/doc/TODO 2015-12-10 05:00:17.000000000 +0100 +++ check-all-the-things-2015.12.10ubuntu3.is.2017.05.20/doc/TODO 2017-05-20 11:33:18.000000000 +0200 @@ -2,27 +2,55 @@ but not included here yet:: - find ! -type d | xargs file | grep ': *ELF ' | sed 's/: +*.*//' | xargs --no-run-if-empty eu-elflint --quiet --gnu-ld --strict + find ! -type d -print0 | xargs -0 file | grep ': *ELF ' | sed 's/: +*.*//' | xargs -d'\n' --no-run-if-empty eu-elflint --quiet --gnu-ld --strict grep -r 'PATH' . grep -r 'x86_64-linux-gnu' . -Add syntax checkers from the syntastic vim plugin: +Places to find new checks: -https://github.com/scrooloose/syntastic/tree/master/syntax_checkers +apt-file search --regex 'bin/.*(lint|check|valid|tidy|detect)' +apt-cache search --names-only '(lint|check|valid|tidy|detect)' +https://github.com/vim-syntastic/syntastic/tree/master/syntax_checkers +https://pagure.io/FedoraReview +https://github.com/michenriksen/gitrob/blob/master/signatures.json +https://docs.codeclimate.com/docs/list-of-engines +https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis#C.2FC.2B.2B +https://github.com/mcandre/linters +https://gitlab.com/linted/linted/tree/master/scripts +https://support.codacy.com/hc/en-us/articles/207995005-Special-Thanks +https://github.com/linuxfoundation/cii-best-practices-badge/blob/master/doc/criteria.md#user-content-analysis +https://github.com/simplymeasured/ruby-appraiser +https://bazaar.launchpad.net/~ubuntu-security/ubuntu-security-tools/trunk/files/head:/audits/ +https://github.com/sk-/git-lint +https://prospector.readthedocs.io/en/master/supported_tools.html +http://www.flycheck.org/en/latest/languages.html +https://atomlinter.github.io/ +https://github.com/coala/coala-bears/tree/master/bears +https://github.com/coala/bear-docs +https://github.com/alecthomas/gometalinter -Add checkers from the fedora-review tool: +A mechanisms for filtering output is needed. -https://git.fedorahosted.org/cgit/FedoraReview.git +Only inform about a skipped check if there were actually matching files. -Some (all?) wildcards should be case-insensitive. +A mechanism to specify the amount/pedanticness of the output. -Wildcards is not always an adequate mechanisms for detecting file types. Think -of Python or Perl scripts without extensions, or ELF binaries. +Support commands that must be run with `find -print0 | xargs -0` instead of `find -exec` -A mechanisms for filtering output is needed. +Sandboxing with kvmtool/bubblewrap/firejail/etc: -Only inform about a skipped check if there were actually matching files. +Files in cwd to read-only unless modify flag +Files in cwd to no-exec unless dangerous flag +All other files to read-only +All processes to cgroup, kill after each command -A mechanism to specify the amount/pedanticness of the output. +Add more types of deps for general and language-specific package managers + +Add the ability to suggest command-lines for installing missing tools + +Check if any tests contain dangerous commands: + +python -m +python -c .. vim:ts=3 sw=3 et ft=rst