From 7b1951b5a7c874f4997485a331f47e96f6fd4836 Mon Sep 17 00:00:00 2001 From: Arthur Zamarin Date: Mon, 21 Oct 2024 20:17:21 +0300 Subject: [PATCH] NonConsistentTarUsage: check tar without -f The ``tar`` command defaults to reading from stdin, unless this default is changed at compile time or the ``TAPE`` environment variable is set. To ensure consistent behavior, the ``-f`` or ``--file`` option should always be given to ensure the input device is chosen explicitly. Resolves: https://github.com/pkgcore/pkgcheck/issues/704 Signed-off-by: Arthur Zamarin --- src/pkgcheck/checks/codingstyle.py | 29 ++++++++++++++++++- .../NonConsistentTarUsage/expected.json | 2 ++ .../NonConsistentTarUsage/fix.patch | 13 +++++++++ .../NonConsistentTarUsage-0.ebuild | 15 ++++++++++ 4 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 testdata/data/repos/standalone/NonPosixCheck/NonConsistentTarUsage/expected.json create mode 100644 testdata/data/repos/standalone/NonPosixCheck/NonConsistentTarUsage/fix.patch create mode 100644 testdata/repos/standalone/NonPosixCheck/NonConsistentTarUsage/NonConsistentTarUsage-0.ebuild diff --git a/src/pkgcheck/checks/codingstyle.py b/src/pkgcheck/checks/codingstyle.py index 20628481b..4d735828c 100644 --- a/src/pkgcheck/checks/codingstyle.py +++ b/src/pkgcheck/checks/codingstyle.py @@ -1422,11 +1422,26 @@ def desc(self): return f"line {self.lineno}: non-posix usage of {self.command!r}: {self.line!r}" +class NonConsistentTarUsage(results.LineResult, results.Warning): + """Using of non-consistent compliant ``tar``. + + The ``tar`` command defaults to reading from stdin, unless this default is + changed at compile time or the ``TAPE`` environment variable is set. + + To ensure consistent behavior, the ``-f`` or ``--file`` option should + always be given to ensure the input device is chosen explicitly. + """ + + @property + def desc(self): + return f"line {self.lineno}: non-consistent usage of tar without '-f' or '--file': {self.line!r}" + + class NonPosixCheck(Check): """Scan ebuild for non-posix usage, code which might be not portable.""" _source = sources.EbuildParseRepoSource - known_results = frozenset([NonPosixHeadTailUsage]) + known_results = frozenset({NonPosixHeadTailUsage, NonConsistentTarUsage}) def __init__(self, options, **kwargs): super().__init__(options, **kwargs) @@ -1445,11 +1460,23 @@ def check_head_tail(self, pkg, call_node, call_name): break prev_arg = arg + def check_tar(self, pkg, call_node): + for idx, arg in enumerate(map(pkg.node_str, call_node.children[1:])): + if idx == 0 or (arg[:1] == "-" and arg[1:2] != "-"): + if "f" in arg: + return + elif arg == "--file": + return + lineno, _ = call_node.start_point + yield NonConsistentTarUsage(lineno=lineno + 1, line=pkg.node_str(call_node), pkg=pkg) + def feed(self, pkg): for call_node in bash.cmd_query.captures(pkg.tree.root_node).get("call", ()): call_name = pkg.node_str(call_node.child_by_field_name("name")) if call_name in ("head", "tail"): yield from self.check_head_tail(pkg, call_node, call_name) + elif call_name == "tar": + yield from self.check_tar(pkg, call_node) class GlobDistdir(results.LineResult, results.Warning): diff --git a/testdata/data/repos/standalone/NonPosixCheck/NonConsistentTarUsage/expected.json b/testdata/data/repos/standalone/NonPosixCheck/NonConsistentTarUsage/expected.json new file mode 100644 index 000000000..cdccb5ada --- /dev/null +++ b/testdata/data/repos/standalone/NonPosixCheck/NonConsistentTarUsage/expected.json @@ -0,0 +1,2 @@ +{"__class__": "NonConsistentTarUsage", "category": "NonPosixCheck", "package": "NonConsistentTarUsage", "version": "0", "line": "tar -zx \"${A}\"", "lineno": 7} +{"__class__": "NonConsistentTarUsage", "category": "NonPosixCheck", "package": "NonConsistentTarUsage", "version": "0", "line": "tar c \\\n\t\t--owner=0 \\\n\t\t--group=0 \\\n\t\t--numeric-owner \\\n\t\t-C \"${S}\" .", "lineno": 8} diff --git a/testdata/data/repos/standalone/NonPosixCheck/NonConsistentTarUsage/fix.patch b/testdata/data/repos/standalone/NonPosixCheck/NonConsistentTarUsage/fix.patch new file mode 100644 index 000000000..831101b27 --- /dev/null +++ b/testdata/data/repos/standalone/NonPosixCheck/NonConsistentTarUsage/fix.patch @@ -0,0 +1,13 @@ +--- standalone/NonPosixCheck/NonConsistentTarUsage/NonConsistentTarUsage-0.ebuild ++++ fixed/NonPosixCheck/NonConsistentTarUsage/NonConsistentTarUsage-0.ebuild +@@ -4,8 +4,8 @@ LICENSE="BSD" + SLOT="0" + + src_prepare() { +- tar -zx "${A}" +- tar c \ ++ tar -zx -f - "${A}" ++ tar cf - \ + --owner=0 \ + --group=0 \ + --numeric-owner \ diff --git a/testdata/repos/standalone/NonPosixCheck/NonConsistentTarUsage/NonConsistentTarUsage-0.ebuild b/testdata/repos/standalone/NonPosixCheck/NonConsistentTarUsage/NonConsistentTarUsage-0.ebuild new file mode 100644 index 000000000..fbb579271 --- /dev/null +++ b/testdata/repos/standalone/NonPosixCheck/NonConsistentTarUsage/NonConsistentTarUsage-0.ebuild @@ -0,0 +1,15 @@ +DESCRIPTION="Ebuild with non posix tar usage" +HOMEPAGE="https://github.com/pkgcore/pkgcheck" +LICENSE="BSD" +SLOT="0" + +src_prepare() { + tar -zx "${A}" + tar c \ + --owner=0 \ + --group=0 \ + --numeric-owner \ + -C "${S}" . | something + tar -c -f - -C "${S}" . | something + tar -c --file - -C "${S}" . | something +}