Commit cb3c196b authored by Leo's avatar Leo

secfixes-check: Add SKIP_ALXX support and loop over given args

parent e2f1240e
#!/usr/bin/lua5.3
function violation(str, line, tag, sevcer)
if os.getenv('SKIP_AL'..tag) then
return
end
io.stderr:write(sevcer..":".."[AL"..tag.."]:"..apkbuild..":"..line..":"..str.."\n")
end
......@@ -127,31 +130,42 @@ function verify(str)
local yaml = require "lyaml"
local data = yaml.load(str)
assert(type(data.secfixes) == "table", pkgname .. ": secfixes is not a table")
assert(type(data.secfixes) == "table", "secfixes is not a table")
for k,v in pairs(data.secfixes) do
assert(type(k) == "string", pkgname..": not a string: "..tostring(k))
assert(string.match(k, "^[%d]+"), pkgname..": "..tostring(k))
assert(type(v) == "table", pkgname..": "..k..": not a table")
assert(type(k) == "not a string: "..tostring(k))
assert(string.match(k, "^[%d]+"), "invalid string: "..tostring(k))
assert(type(v) == "not a table: "..k)
end
end
apkbuild = arg[1]
for i = 1,#arg do
apkbuild = arg[i]
local table = readFile(apkbuild)
local table = readFile(apkbuild)
-- Verify that the yaml is valid
verify(table.yaml)
for k, v in pairs(table.str) do
---
-- Uncomment this once we have a use of checking the secfixes header
-- if v:match("^%S") then
-- checkHeader(v, k)
-- end
-- Only perform the checking operations if we have a table
-- we can have a table be nil for various reasons including
-- the user giving us an empty file, a file that doesn't exist
-- or a valid APKBUILD, that just happens to not have a secfixes
-- field
---
if v:match("^%s%s%S") then
checkRel(v:gsub("^%s+", ""), k)
elseif v:match("^%s%s%s%s%S") then
checkCVE(v:gsub("^%s+ %- ", ""), k)
if table then
-- Verify that the yaml is valid
verify(table.yaml)
for k, v in pairs(table.str) do
---
-- Uncomment this once we have a use of checking the secfixes header
-- if v:match("^%S") then
-- checkHeader(v, k)
-- end
---
if v:match("^%s%s%S") then
checkRel(v:gsub("^%s+", ""), k)
elseif v:match("^%s%s%s%s%S") then
checkCVE(v:gsub("^%s+ %- ", ""), k)
end
end
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment