NonConsistentTarUsage: check tar without -f

The ``tar`` command defaults to reading from stdin, unless this default is
changed at compile time or the ``TAPE`` environment variable is set.

To ensure consistent behavior, the ``-f`` or ``--file`` option should
always be given to ensure the input device is chosen explicitly.

Resolves: #704
Signed-off-by: Arthur Zamarin <[email protected]>

src/pkgcheck/checks/codingstyle.py

@@ -1422,11 +1422,26 @@ def desc(self):
         return f"line {self.lineno}: non-posix usage of {self.command!r}: {self.line!r}"
 
 
+class NonConsistentTarUsage(results.LineResult, results.Warning):
+    """Using of non-consistent compliant ``tar``.
+
+    The ``tar`` command defaults to reading from stdin, unless this default is
+    changed at compile time or the ``TAPE`` environment variable is set.
+
+    To ensure consistent behavior, the ``-f`` or ``--file`` option should
+    always be given to ensure the input device is chosen explicitly.
+    """
+
+    @property
+    def desc(self):
+        return f"line {self.lineno}: non-consistent usage of tar without '-f' or '--file': {self.line!r}"
+
+
 class NonPosixCheck(Check):
     """Scan ebuild for non-posix usage, code which might be not portable."""
 
     _source = sources.EbuildParseRepoSource
-    known_results = frozenset([NonPosixHeadTailUsage])
+    known_results = frozenset({NonPosixHeadTailUsage, NonConsistentTarUsage})
 
     def __init__(self, options, **kwargs):
         super().__init__(options, **kwargs)
@@ -1445,11 +1460,23 @@ def check_head_tail(self, pkg, call_node, call_name):
                 break
             prev_arg = arg
 
+    def check_tar(self, pkg, call_node):
+        for idx, arg in enumerate(map(pkg.node_str, call_node.children[1:])):
+            if idx == 0 or (arg[:1] == "-" and arg[1:2] != "-"):
+                if "f" in arg:
+                    return
+            elif arg == "--file":
+                return
+        lineno, _ = call_node.start_point
+        yield NonConsistentTarUsage(lineno=lineno + 1, line=pkg.node_str(call_node), pkg=pkg)
+
     def feed(self, pkg):
         for call_node in bash.cmd_query.captures(pkg.tree.root_node).get("call", ()):
             call_name = pkg.node_str(call_node.child_by_field_name("name"))
             if call_name in ("head", "tail"):
                 yield from self.check_head_tail(pkg, call_node, call_name)
+            elif call_name == "tar":
+                yield from self.check_tar(pkg, call_node)
 
 
 class GlobDistdir(results.LineResult, results.Warning):

testdata/data/repos/standalone/NonPosixCheck/NonConsistentTarUsage/expected.json

@@ -0,0 +1,2 @@
+{"__class__": "NonConsistentTarUsage", "category": "NonPosixCheck", "package": "NonConsistentTarUsage", "version": "0", "line": "tar -zx \"${A}\"", "lineno": 7}
+{"__class__": "NonConsistentTarUsage", "category": "NonPosixCheck", "package": "NonConsistentTarUsage", "version": "0", "line": "tar c \\\n\t\t--owner=0 \\\n\t\t--group=0 \\\n\t\t--numeric-owner \\\n\t\t-C \"${S}\" .", "lineno": 8}

testdata/data/repos/standalone/NonPosixCheck/NonConsistentTarUsage/fix.patch

@@ -0,0 +1,13 @@
+--- standalone/NonPosixCheck/NonConsistentTarUsage/NonConsistentTarUsage-0.ebuild
++++ fixed/NonPosixCheck/NonConsistentTarUsage/NonConsistentTarUsage-0.ebuild
+@@ -4,8 +4,8 @@ LICENSE="BSD"
+ SLOT="0"
+
+ src_prepare() {
+-	tar -zx "${A}"
+-	tar c \
++	tar -zx -f - "${A}"
++	tar cf - \
+ 		--owner=0 \
+ 		--group=0 \
+ 		--numeric-owner \

testdata/repos/standalone/NonPosixCheck/NonConsistentTarUsage/NonConsistentTarUsage-0.ebuild

@@ -0,0 +1,15 @@
+DESCRIPTION="Ebuild with non posix tar usage"
+HOMEPAGE="https://github.com/pkgcore/pkgcheck"
+LICENSE="BSD"
+SLOT="0"
+
+src_prepare() {
+	tar -zx "${A}"
+	tar c \
+		--owner=0 \
+		--group=0 \
+		--numeric-owner \
+		-C "${S}" . | something
+	tar -c -f - -C "${S}" . | something
+	tar -c --file - -C "${S}" . | something
+}