Commit e8f7e383 authored by Leo's avatar Leo
Browse files

refactor(secfixes-check): fix most warnings pointed out by luacheck

parent 436d5e67
Pipeline #9785 passed with stage
in 39 seconds
#!/usr/bin/lua5.3
function violation(str, line, tag, sevcer)
local function violation(str, line, tag, sevcer)
if os.getenv('SKIP_AL'..tag) then
return
end
......@@ -8,14 +8,14 @@ function violation(str, line, tag, sevcer)
io.stderr:write(sevcer..":".."[AL"..tag.."]:"..apkbuild..":"..line..":"..str.."\n")
end
function readFile(file)
local function readFile(file)
local linenum = 0
local f = io.open(file)
if f == nil then
return
end
while true do
line = f:read("*line")
local line = f:read("*line")
if line == nil then
break
end
......@@ -62,7 +62,7 @@ function readFile(file)
-- actually writen with a valid pkgver and pkgrel
---
if (not l:match("^%s%s") or l:match("^%s%s%s")) then
le = l:gsub("^%s+", "")
local le = l:gsub("^%s+", "")
if le:match("^%d%S*%-r") then
violation("pkgver-pkgrel indentation is 3 whitespaces", linenum, "48", "SC")
......@@ -87,7 +87,7 @@ function readFile(file)
-- not an whitespace
---
if (not l:match("^%s%s%s%s") or l:match("^%s%s%s%s%s")) then
le = l:gsub("^%s+", "")
local le = l:gsub("^%s+", "")
---
-- Check if they begin with '- ' that means they have the correct mapping
......@@ -140,7 +140,7 @@ function readFile(file)
end
-- Check a release key of secfixes, e.g. 1.0.0-r0
function checkRel(str, line)
local function checkRel(str, line)
-- Check if the pkgrel value is made up of only digits
if not str:match("%-r[%d]+:$") then
violation("invalid pkgrel", line, "40", "SC")
......@@ -152,7 +152,7 @@ function checkRel(str, line)
end
--- Check the CVE identifier for validity
function checkCVE(str, line)
local function checkCVE(str, line)
-- Check if we have the CVE- prefix
if not str:match("^CVE%-") then
violation("missing CVE- prefix", line, "42", "SC")
......@@ -177,7 +177,7 @@ function checkCVE(str, line)
end
end
function verify(str)
local function verify(str)
local yaml = require "lyaml"
local data = yaml.load(str)
......@@ -194,37 +194,41 @@ end
-- we found policy violations, the value is incremented by 1
-- with each policy violation
---
ret = 0
for i = 1,#arg do
apkbuild = arg[i]
local table = readFile(apkbuild)
---
-- Only perform the checking operations if we have a table
-- we can have a table be nil for various reasons including
-- the user giving us an empty file, a file that doesn't exist
-- or a valid APKBUILD, that just happens to not have a secfixes
-- field
---
if table then
-- Verify that the yaml is valid
verify(table.yaml)
for k, v in pairs(table.str) do
---
-- Uncomment this once we have a use of checking the secfixes header
-- if v:match("^%S") then
-- checkHeader(v, k)
-- end
---
if v:match("^%s%s%S") then
checkRel(v:gsub("^%s+", ""), k)
elseif v:match("^%s%s%s%s%S") then
checkCVE(v:gsub("^%s+ %- ", ""), k)
local function main(arg)
local ret = 0
for i = 1,#arg do
local apkbuild = arg[i]
local table = readFile(apkbuild)
---
-- Only perform the checking operations if we have a table
-- we can have a table be nil for various reasons including
-- the user giving us an empty file, a file that doesn't exist
-- or a valid APKBUILD, that just happens to not have a secfixes
-- field
---
if table then
-- Verify that the yaml is valid
verify(table.yaml)
for k, v in pairs(table.str) do
---
-- Uncomment this once we have a use of checking the secfixes header
-- if v:match("^%S") then
-- checkHeader(v, k)
-- end
---
if v:match("^%s%s%S") then
checkRel(v:gsub("^%s+", ""), k)
elseif v:match("^%s%s%s%s%S") then
checkCVE(v:gsub("^%s+ %- ", ""), k)
end
end
end
end
return ret
end
os.exit(ret)
os.exit(main(arg))
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment