1c91057fab
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
518 lines
19 KiB
Python
Executable file
518 lines
19 KiB
Python
Executable file
#!/usr/bin/env python3
|
||
|
||
# Copyright The Mbed TLS Contributors
|
||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||
|
||
"""
|
||
This script checks the current state of the source code for minor issues,
|
||
including incorrect file permissions, presence of tabs, non-Unix line endings,
|
||
trailing whitespace, and presence of UTF-8 BOM.
|
||
Note: requires python 3, must be run from Mbed TLS root.
|
||
"""
|
||
|
||
import argparse
|
||
import codecs
|
||
import inspect
|
||
import logging
|
||
import os
|
||
import re
|
||
import subprocess
|
||
import sys
|
||
try:
|
||
from typing import FrozenSet, Optional, Pattern # pylint: disable=unused-import
|
||
except ImportError:
|
||
pass
|
||
|
||
import scripts_path # pylint: disable=unused-import
|
||
from mbedtls_dev import build_tree
|
||
|
||
|
||
class FileIssueTracker:
|
||
"""Base class for file-wide issue tracking.
|
||
|
||
To implement a checker that processes a file as a whole, inherit from
|
||
this class and implement `check_file_for_issue` and define ``heading``.
|
||
|
||
``suffix_exemptions``: files whose name ends with a string in this set
|
||
will not be checked.
|
||
|
||
``path_exemptions``: files whose path (relative to the root of the source
|
||
tree) matches this regular expression will not be checked. This can be
|
||
``None`` to match no path. Paths are normalized and converted to ``/``
|
||
separators before matching.
|
||
|
||
``heading``: human-readable description of the issue
|
||
"""
|
||
|
||
suffix_exemptions = frozenset() #type: FrozenSet[str]
|
||
path_exemptions = None #type: Optional[Pattern[str]]
|
||
# heading must be defined in derived classes.
|
||
# pylint: disable=no-member
|
||
|
||
def __init__(self):
|
||
self.files_with_issues = {}
|
||
|
||
@staticmethod
|
||
def normalize_path(filepath):
|
||
"""Normalize ``filepath`` with / as the directory separator."""
|
||
filepath = os.path.normpath(filepath)
|
||
# On Windows, we may have backslashes to separate directories.
|
||
# We need slashes to match exemption lists.
|
||
seps = os.path.sep
|
||
if os.path.altsep is not None:
|
||
seps += os.path.altsep
|
||
return '/'.join(filepath.split(seps))
|
||
|
||
def should_check_file(self, filepath):
|
||
"""Whether the given file name should be checked.
|
||
|
||
Files whose name ends with a string listed in ``self.suffix_exemptions``
|
||
or whose path matches ``self.path_exemptions`` will not be checked.
|
||
"""
|
||
for files_exemption in self.suffix_exemptions:
|
||
if filepath.endswith(files_exemption):
|
||
return False
|
||
if self.path_exemptions and \
|
||
re.match(self.path_exemptions, self.normalize_path(filepath)):
|
||
return False
|
||
return True
|
||
|
||
def check_file_for_issue(self, filepath):
|
||
"""Check the specified file for the issue that this class is for.
|
||
|
||
Subclasses must implement this method.
|
||
"""
|
||
raise NotImplementedError
|
||
|
||
def record_issue(self, filepath, line_number):
|
||
"""Record that an issue was found at the specified location."""
|
||
if filepath not in self.files_with_issues.keys():
|
||
self.files_with_issues[filepath] = []
|
||
self.files_with_issues[filepath].append(line_number)
|
||
|
||
def output_file_issues(self, logger):
|
||
"""Log all the locations where the issue was found."""
|
||
if self.files_with_issues.values():
|
||
logger.info(self.heading)
|
||
for filename, lines in sorted(self.files_with_issues.items()):
|
||
if lines:
|
||
logger.info("{}: {}".format(
|
||
filename, ", ".join(str(x) for x in lines)
|
||
))
|
||
else:
|
||
logger.info(filename)
|
||
logger.info("")
|
||
|
||
BINARY_FILE_PATH_RE_LIST = [
|
||
r'docs/.*\.pdf\Z',
|
||
r'docs/.*\.png\Z',
|
||
r'programs/fuzz/corpuses/[^.]+\Z',
|
||
r'tests/data_files/[^.]+\Z',
|
||
r'tests/data_files/.*\.(crt|csr|db|der|key|pubkey)\Z',
|
||
r'tests/data_files/.*\.req\.[^/]+\Z',
|
||
r'tests/data_files/.*malformed[^/]+\Z',
|
||
r'tests/data_files/format_pkcs12\.fmt\Z',
|
||
r'tests/data_files/.*\.bin\Z',
|
||
]
|
||
BINARY_FILE_PATH_RE = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST))
|
||
|
||
class LineIssueTracker(FileIssueTracker):
|
||
"""Base class for line-by-line issue tracking.
|
||
|
||
To implement a checker that processes files line by line, inherit from
|
||
this class and implement `line_with_issue`.
|
||
"""
|
||
|
||
# Exclude binary files.
|
||
path_exemptions = BINARY_FILE_PATH_RE
|
||
|
||
def issue_with_line(self, line, filepath, line_number):
|
||
"""Check the specified line for the issue that this class is for.
|
||
|
||
Subclasses must implement this method.
|
||
"""
|
||
raise NotImplementedError
|
||
|
||
def check_file_line(self, filepath, line, line_number):
|
||
if self.issue_with_line(line, filepath, line_number):
|
||
self.record_issue(filepath, line_number)
|
||
|
||
def check_file_for_issue(self, filepath):
|
||
"""Check the lines of the specified file.
|
||
|
||
Subclasses must implement the ``issue_with_line`` method.
|
||
"""
|
||
with open(filepath, "rb") as f:
|
||
for i, line in enumerate(iter(f.readline, b"")):
|
||
self.check_file_line(filepath, line, i + 1)
|
||
|
||
|
||
def is_windows_file(filepath):
|
||
_root, ext = os.path.splitext(filepath)
|
||
return ext in ('.bat', '.dsp', '.dsw', '.sln', '.vcxproj')
|
||
|
||
|
||
class ShebangIssueTracker(FileIssueTracker):
|
||
"""Track files with a bad, missing or extraneous shebang line.
|
||
|
||
Executable scripts must start with a valid shebang (#!) line.
|
||
"""
|
||
|
||
heading = "Invalid shebang line:"
|
||
|
||
# Allow either /bin/sh, /bin/bash, or /usr/bin/env.
|
||
# Allow at most one argument (this is a Linux limitation).
|
||
# For sh and bash, the argument if present must be options.
|
||
# For env, the argument must be the base name of the interpreter.
|
||
_shebang_re = re.compile(rb'^#! ?(?:/bin/(bash|sh)(?: -[^\n ]*)?'
|
||
rb'|/usr/bin/env ([^\n /]+))$')
|
||
_extensions = {
|
||
b'bash': 'sh',
|
||
b'perl': 'pl',
|
||
b'python3': 'py',
|
||
b'sh': 'sh',
|
||
}
|
||
|
||
def is_valid_shebang(self, first_line, filepath):
|
||
m = re.match(self._shebang_re, first_line)
|
||
if not m:
|
||
return False
|
||
interpreter = m.group(1) or m.group(2)
|
||
if interpreter not in self._extensions:
|
||
return False
|
||
if not filepath.endswith('.' + self._extensions[interpreter]):
|
||
return False
|
||
return True
|
||
|
||
def check_file_for_issue(self, filepath):
|
||
is_executable = os.access(filepath, os.X_OK)
|
||
with open(filepath, "rb") as f:
|
||
first_line = f.readline()
|
||
if first_line.startswith(b'#!'):
|
||
if not is_executable:
|
||
# Shebang on a non-executable file
|
||
self.files_with_issues[filepath] = None
|
||
elif not self.is_valid_shebang(first_line, filepath):
|
||
self.files_with_issues[filepath] = [1]
|
||
elif is_executable:
|
||
# Executable without a shebang
|
||
self.files_with_issues[filepath] = None
|
||
|
||
|
||
class EndOfFileNewlineIssueTracker(FileIssueTracker):
|
||
"""Track files that end with an incomplete line
|
||
(no newline character at the end of the last line)."""
|
||
|
||
heading = "Missing newline at end of file:"
|
||
|
||
path_exemptions = BINARY_FILE_PATH_RE
|
||
|
||
def check_file_for_issue(self, filepath):
|
||
with open(filepath, "rb") as f:
|
||
try:
|
||
f.seek(-1, 2)
|
||
except OSError:
|
||
# This script only works on regular files. If we can't seek
|
||
# 1 before the end, it means that this position is before
|
||
# the beginning of the file, i.e. that the file is empty.
|
||
return
|
||
if f.read(1) != b"\n":
|
||
self.files_with_issues[filepath] = None
|
||
|
||
|
||
class Utf8BomIssueTracker(FileIssueTracker):
|
||
"""Track files that start with a UTF-8 BOM.
|
||
Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM."""
|
||
|
||
heading = "UTF-8 BOM present:"
|
||
|
||
suffix_exemptions = frozenset([".vcxproj", ".sln"])
|
||
path_exemptions = BINARY_FILE_PATH_RE
|
||
|
||
def check_file_for_issue(self, filepath):
|
||
with open(filepath, "rb") as f:
|
||
if f.read().startswith(codecs.BOM_UTF8):
|
||
self.files_with_issues[filepath] = None
|
||
|
||
|
||
class UnicodeIssueTracker(LineIssueTracker):
|
||
"""Track lines with invalid characters or invalid text encoding."""
|
||
|
||
heading = "Invalid UTF-8 or forbidden character:"
|
||
|
||
# Only allow valid UTF-8, and only other explicitly allowed characters.
|
||
# We deliberately exclude all characters that aren't a simple non-blank,
|
||
# non-zero-width glyph, apart from a very small set (tab, ordinary space,
|
||
# line breaks, "basic" no-break space and soft hyphen). In particular,
|
||
# non-ASCII control characters, combinig characters, and Unicode state
|
||
# changes (e.g. right-to-left text) are forbidden.
|
||
# Note that we do allow some characters with a risk of visual confusion,
|
||
# for example '-' (U+002D HYPHEN-MINUS) vs '' (U+00AD SOFT HYPHEN) vs
|
||
# '‐' (U+2010 HYPHEN), or 'A' (U+0041 LATIN CAPITAL LETTER A) vs
|
||
# 'Α' (U+0391 GREEK CAPITAL LETTER ALPHA).
|
||
GOOD_CHARACTERS = ''.join([
|
||
'\t\n\r -~', # ASCII (tabs and line endings are checked separately)
|
||
'\u00A0-\u00FF', # Latin-1 Supplement (for NO-BREAK SPACE and punctuation)
|
||
'\u2010-\u2027\u2030-\u205E', # General Punctuation (printable)
|
||
'\u2070\u2071\u2074-\u208E\u2090-\u209C', # Superscripts and Subscripts
|
||
'\u2190-\u21FF', # Arrows
|
||
'\u2200-\u22FF', # Mathematical Symbols
|
||
'\u2500-\u257F' # Box Drawings characters used in markdown trees
|
||
])
|
||
# Allow any of the characters and ranges above, and anything classified
|
||
# as a word constituent.
|
||
GOOD_CHARACTERS_RE = re.compile(r'[\w{}]+\Z'.format(GOOD_CHARACTERS))
|
||
|
||
def issue_with_line(self, line, _filepath, line_number):
|
||
try:
|
||
text = line.decode('utf-8')
|
||
except UnicodeDecodeError:
|
||
return True
|
||
if line_number == 1 and text.startswith('\uFEFF'):
|
||
# Strip BOM (U+FEFF ZERO WIDTH NO-BREAK SPACE) at the beginning.
|
||
# Which files are allowed to have a BOM is handled in
|
||
# Utf8BomIssueTracker.
|
||
text = text[1:]
|
||
return not self.GOOD_CHARACTERS_RE.match(text)
|
||
|
||
class UnixLineEndingIssueTracker(LineIssueTracker):
|
||
"""Track files with non-Unix line endings (i.e. files with CR)."""
|
||
|
||
heading = "Non-Unix line endings:"
|
||
|
||
def should_check_file(self, filepath):
|
||
if not super().should_check_file(filepath):
|
||
return False
|
||
return not is_windows_file(filepath)
|
||
|
||
def issue_with_line(self, line, _filepath, _line_number):
|
||
return b"\r" in line
|
||
|
||
|
||
class WindowsLineEndingIssueTracker(LineIssueTracker):
|
||
"""Track files with non-Windows line endings (i.e. CR or LF not in CRLF)."""
|
||
|
||
heading = "Non-Windows line endings:"
|
||
|
||
def should_check_file(self, filepath):
|
||
if not super().should_check_file(filepath):
|
||
return False
|
||
return is_windows_file(filepath)
|
||
|
||
def issue_with_line(self, line, _filepath, _line_number):
|
||
return not line.endswith(b"\r\n") or b"\r" in line[:-2]
|
||
|
||
|
||
class TrailingWhitespaceIssueTracker(LineIssueTracker):
|
||
"""Track lines with trailing whitespace."""
|
||
|
||
heading = "Trailing whitespace:"
|
||
suffix_exemptions = frozenset([".dsp", ".md"])
|
||
|
||
def issue_with_line(self, line, _filepath, _line_number):
|
||
return line.rstrip(b"\r\n") != line.rstrip()
|
||
|
||
|
||
class TabIssueTracker(LineIssueTracker):
|
||
"""Track lines with tabs."""
|
||
|
||
heading = "Tabs present:"
|
||
suffix_exemptions = frozenset([
|
||
".make",
|
||
".pem", # some openssl dumps have tabs
|
||
".sln",
|
||
"/Makefile",
|
||
"/Makefile.inc",
|
||
"/generate_visualc_files.pl",
|
||
])
|
||
|
||
def issue_with_line(self, line, _filepath, _line_number):
|
||
return b"\t" in line
|
||
|
||
|
||
class MergeArtifactIssueTracker(LineIssueTracker):
|
||
"""Track lines with merge artifacts.
|
||
These are leftovers from a ``git merge`` that wasn't fully edited."""
|
||
|
||
heading = "Merge artifact:"
|
||
|
||
def issue_with_line(self, line, _filepath, _line_number):
|
||
# Detect leftover git conflict markers.
|
||
if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '):
|
||
return True
|
||
if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3
|
||
return True
|
||
if line.rstrip(b'\r\n') == b'=======' and \
|
||
not _filepath.endswith('.md'):
|
||
return True
|
||
return False
|
||
|
||
|
||
def this_location():
|
||
frame = inspect.currentframe()
|
||
assert frame is not None
|
||
info = inspect.getframeinfo(frame)
|
||
return os.path.basename(info.filename), info.lineno
|
||
THIS_FILE_BASE_NAME, LINE_NUMBER_BEFORE_LICENSE_ISSUE_TRACKER = this_location()
|
||
|
||
class LicenseIssueTracker(LineIssueTracker):
|
||
"""Check copyright statements and license indications.
|
||
|
||
This class only checks that statements are correct if present. It does
|
||
not enforce the presence of statements in each file.
|
||
"""
|
||
|
||
heading = "License issue:"
|
||
|
||
LICENSE_EXEMPTION_RE_LIST = [
|
||
# Third-party code, other than whitelisted third-party modules,
|
||
# may be under a different license.
|
||
r'3rdparty/(?!(p256-m)/.*)',
|
||
# Documentation explaining the license may have accidental
|
||
# false positives.
|
||
r'(ChangeLog|LICENSE|[-0-9A-Z_a-z]+\.md)\Z',
|
||
# Files imported from TF-M, and not used except in test builds,
|
||
# may be under a different license.
|
||
r'configs/ext/crypto_config_profile_medium\.h\Z',
|
||
r'configs/ext/tfm_mbedcrypto_config_profile_medium\.h\Z',
|
||
r'configs/ext/README\.md\Z',
|
||
# Third-party file.
|
||
r'dco\.txt\Z',
|
||
]
|
||
path_exemptions = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST +
|
||
LICENSE_EXEMPTION_RE_LIST))
|
||
|
||
COPYRIGHT_HOLDER = rb'The Mbed TLS Contributors'
|
||
# Catch "Copyright foo", "Copyright (C) foo", "Copyright © foo", etc.
|
||
COPYRIGHT_RE = re.compile(rb'.*\bcopyright\s+((?:\w|\s|[()]|[^ -~])*\w)', re.I)
|
||
|
||
SPDX_HEADER_KEY = b'SPDX-License-Identifier'
|
||
LICENSE_IDENTIFIER = b'Apache-2.0 OR GPL-2.0-or-later'
|
||
SPDX_RE = re.compile(br'.*?(' +
|
||
re.escape(SPDX_HEADER_KEY) +
|
||
br')(:\s*(.*?)\W*\Z|.*)', re.I)
|
||
|
||
LICENSE_MENTION_RE = re.compile(rb'.*(?:' + rb'|'.join([
|
||
rb'Apache License',
|
||
rb'General Public License',
|
||
]) + rb')', re.I)
|
||
|
||
def __init__(self):
|
||
super().__init__()
|
||
# Record what problem was caused. We can't easily report it due to
|
||
# the structure of the script. To be fixed after
|
||
# https://github.com/Mbed-TLS/mbedtls/pull/2506
|
||
self.problem = None
|
||
|
||
def issue_with_line(self, line, filepath, line_number):
|
||
#pylint: disable=too-many-return-statements
|
||
|
||
# Use endswith() rather than the more correct os.path.basename()
|
||
# because experimentally, it makes a significant difference to
|
||
# the running time.
|
||
if filepath.endswith(THIS_FILE_BASE_NAME) and \
|
||
line_number > LINE_NUMBER_BEFORE_LICENSE_ISSUE_TRACKER:
|
||
# Avoid false positives from the code in this class.
|
||
# Also skip the rest of this file, which is highly unlikely to
|
||
# contain any problematic statements since we put those near the
|
||
# top of files.
|
||
return False
|
||
|
||
m = self.COPYRIGHT_RE.match(line)
|
||
if m and m.group(1) != self.COPYRIGHT_HOLDER:
|
||
self.problem = 'Invalid copyright line'
|
||
return True
|
||
|
||
m = self.SPDX_RE.match(line)
|
||
if m:
|
||
if m.group(1) != self.SPDX_HEADER_KEY:
|
||
self.problem = 'Misspelled ' + self.SPDX_HEADER_KEY.decode()
|
||
return True
|
||
if not m.group(3):
|
||
self.problem = 'Improperly formatted SPDX license identifier'
|
||
return True
|
||
if m.group(3) != self.LICENSE_IDENTIFIER:
|
||
self.problem = 'Wrong SPDX license identifier'
|
||
return True
|
||
|
||
m = self.LICENSE_MENTION_RE.match(line)
|
||
if m:
|
||
self.problem = 'Suspicious license mention'
|
||
return True
|
||
|
||
return False
|
||
|
||
|
||
class IntegrityChecker:
|
||
"""Sanity-check files under the current directory."""
|
||
|
||
def __init__(self, log_file):
|
||
"""Instantiate the sanity checker.
|
||
Check files under the current directory.
|
||
Write a report of issues to log_file."""
|
||
build_tree.check_repo_path()
|
||
self.logger = None
|
||
self.setup_logger(log_file)
|
||
self.issues_to_check = [
|
||
ShebangIssueTracker(),
|
||
EndOfFileNewlineIssueTracker(),
|
||
Utf8BomIssueTracker(),
|
||
UnicodeIssueTracker(),
|
||
UnixLineEndingIssueTracker(),
|
||
WindowsLineEndingIssueTracker(),
|
||
TrailingWhitespaceIssueTracker(),
|
||
TabIssueTracker(),
|
||
MergeArtifactIssueTracker(),
|
||
LicenseIssueTracker(),
|
||
]
|
||
|
||
def setup_logger(self, log_file, level=logging.INFO):
|
||
self.logger = logging.getLogger()
|
||
self.logger.setLevel(level)
|
||
if log_file:
|
||
handler = logging.FileHandler(log_file)
|
||
self.logger.addHandler(handler)
|
||
else:
|
||
console = logging.StreamHandler()
|
||
self.logger.addHandler(console)
|
||
|
||
@staticmethod
|
||
def collect_files():
|
||
bytes_output = subprocess.check_output(['git', 'ls-files', '-z'])
|
||
bytes_filepaths = bytes_output.split(b'\0')[:-1]
|
||
ascii_filepaths = map(lambda fp: fp.decode('ascii'), bytes_filepaths)
|
||
# Prepend './' to files in the top-level directory so that
|
||
# something like `'/Makefile' in fp` matches in the top-level
|
||
# directory as well as in subdirectories.
|
||
return [fp if os.path.dirname(fp) else os.path.join(os.curdir, fp)
|
||
for fp in ascii_filepaths]
|
||
|
||
def check_files(self):
|
||
for issue_to_check in self.issues_to_check:
|
||
for filepath in self.collect_files():
|
||
if issue_to_check.should_check_file(filepath):
|
||
issue_to_check.check_file_for_issue(filepath)
|
||
|
||
def output_issues(self):
|
||
integrity_return_code = 0
|
||
for issue_to_check in self.issues_to_check:
|
||
if issue_to_check.files_with_issues:
|
||
integrity_return_code = 1
|
||
issue_to_check.output_file_issues(self.logger)
|
||
return integrity_return_code
|
||
|
||
|
||
def run_main():
|
||
parser = argparse.ArgumentParser(description=__doc__)
|
||
parser.add_argument(
|
||
"-l", "--log_file", type=str, help="path to optional output log",
|
||
)
|
||
check_args = parser.parse_args()
|
||
integrity_check = IntegrityChecker(check_args.log_file)
|
||
integrity_check.check_files()
|
||
return_code = integrity_check.output_issues()
|
||
sys.exit(return_code)
|
||
|
||
|
||
if __name__ == "__main__":
|
||
run_main()
|