1#!/usr/bin/env python3 2 3# Copyright The Mbed TLS Contributors 4# SPDX-License-Identifier: Apache-2.0 5# 6# Licensed under the Apache License, Version 2.0 (the "License"); you may 7# not use this file except in compliance with the License. 8# You may obtain a copy of the License at 9# 10# http://www.apache.org/licenses/LICENSE-2.0 11# 12# Unless required by applicable law or agreed to in writing, software 13# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 14# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15# See the License for the specific language governing permissions and 16# limitations under the License. 17 18""" 19This script checks the current state of the source code for minor issues, 20including incorrect file permissions, presence of tabs, non-Unix line endings, 21trailing whitespace, and presence of UTF-8 BOM. 22Note: requires python 3, must be run from Mbed TLS root. 23""" 24 25import os 26import argparse 27import logging 28import codecs 29import re 30import subprocess 31import sys 32try: 33 from typing import FrozenSet, Optional, Pattern # pylint: disable=unused-import 34except ImportError: 35 pass 36 37 38class FileIssueTracker: 39 """Base class for file-wide issue tracking. 40 41 To implement a checker that processes a file as a whole, inherit from 42 this class and implement `check_file_for_issue` and define ``heading``. 43 44 ``suffix_exemptions``: files whose name ends with a string in this set 45 will not be checked. 46 47 ``path_exemptions``: files whose path (relative to the root of the source 48 tree) matches this regular expression will not be checked. This can be 49 ``None`` to match no path. Paths are normalized and converted to ``/`` 50 separators before matching. 51 52 ``heading``: human-readable description of the issue 53 """ 54 55 suffix_exemptions = frozenset() #type: FrozenSet[str] 56 path_exemptions = None #type: Optional[Pattern[str]] 57 # heading must be defined in derived classes. 58 # pylint: disable=no-member 59 60 def __init__(self): 61 self.files_with_issues = {} 62 63 @staticmethod 64 def normalize_path(filepath): 65 """Normalize ``filepath`` with / as the directory separator.""" 66 filepath = os.path.normpath(filepath) 67 # On Windows, we may have backslashes to separate directories. 68 # We need slashes to match exemption lists. 69 seps = os.path.sep 70 if os.path.altsep is not None: 71 seps += os.path.altsep 72 return '/'.join(filepath.split(seps)) 73 74 def should_check_file(self, filepath): 75 """Whether the given file name should be checked. 76 77 Files whose name ends with a string listed in ``self.suffix_exemptions`` 78 or whose path matches ``self.path_exemptions`` will not be checked. 79 """ 80 for files_exemption in self.suffix_exemptions: 81 if filepath.endswith(files_exemption): 82 return False 83 if self.path_exemptions and \ 84 re.match(self.path_exemptions, self.normalize_path(filepath)): 85 return False 86 return True 87 88 def check_file_for_issue(self, filepath): 89 """Check the specified file for the issue that this class is for. 90 91 Subclasses must implement this method. 92 """ 93 raise NotImplementedError 94 95 def record_issue(self, filepath, line_number): 96 """Record that an issue was found at the specified location.""" 97 if filepath not in self.files_with_issues.keys(): 98 self.files_with_issues[filepath] = [] 99 self.files_with_issues[filepath].append(line_number) 100 101 def output_file_issues(self, logger): 102 """Log all the locations where the issue was found.""" 103 if self.files_with_issues.values(): 104 logger.info(self.heading) 105 for filename, lines in sorted(self.files_with_issues.items()): 106 if lines: 107 logger.info("{}: {}".format( 108 filename, ", ".join(str(x) for x in lines) 109 )) 110 else: 111 logger.info(filename) 112 logger.info("") 113 114BINARY_FILE_PATH_RE_LIST = [ 115 r'docs/.*\.pdf\Z', 116 r'programs/fuzz/corpuses/[^.]+\Z', 117 r'tests/data_files/[^.]+\Z', 118 r'tests/data_files/.*\.(crt|csr|db|der|key|pubkey)\Z', 119 r'tests/data_files/.*\.req\.[^/]+\Z', 120 r'tests/data_files/.*malformed[^/]+\Z', 121 r'tests/data_files/format_pkcs12\.fmt\Z', 122] 123BINARY_FILE_PATH_RE = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST)) 124 125class LineIssueTracker(FileIssueTracker): 126 """Base class for line-by-line issue tracking. 127 128 To implement a checker that processes files line by line, inherit from 129 this class and implement `line_with_issue`. 130 """ 131 132 # Exclude binary files. 133 path_exemptions = BINARY_FILE_PATH_RE 134 135 def issue_with_line(self, line, filepath): 136 """Check the specified line for the issue that this class is for. 137 138 Subclasses must implement this method. 139 """ 140 raise NotImplementedError 141 142 def check_file_line(self, filepath, line, line_number): 143 if self.issue_with_line(line, filepath): 144 self.record_issue(filepath, line_number) 145 146 def check_file_for_issue(self, filepath): 147 """Check the lines of the specified file. 148 149 Subclasses must implement the ``issue_with_line`` method. 150 """ 151 with open(filepath, "rb") as f: 152 for i, line in enumerate(iter(f.readline, b"")): 153 self.check_file_line(filepath, line, i + 1) 154 155 156def is_windows_file(filepath): 157 _root, ext = os.path.splitext(filepath) 158 return ext in ('.bat', '.dsp', '.dsw', '.sln', '.vcxproj') 159 160 161class PermissionIssueTracker(FileIssueTracker): 162 """Track files with bad permissions. 163 164 Files that are not executable scripts must not be executable.""" 165 166 heading = "Incorrect permissions:" 167 168 # .py files can be either full scripts or modules, so they may or may 169 # not be executable. 170 suffix_exemptions = frozenset({".py"}) 171 172 def check_file_for_issue(self, filepath): 173 is_executable = os.access(filepath, os.X_OK) 174 should_be_executable = filepath.endswith((".sh", ".pl")) 175 if is_executable != should_be_executable: 176 self.files_with_issues[filepath] = None 177 178 179class ShebangIssueTracker(FileIssueTracker): 180 """Track files with a bad, missing or extraneous shebang line. 181 182 Executable scripts must start with a valid shebang (#!) line. 183 """ 184 185 heading = "Invalid shebang line:" 186 187 # Allow either /bin/sh, /bin/bash, or /usr/bin/env. 188 # Allow at most one argument (this is a Linux limitation). 189 # For sh and bash, the argument if present must be options. 190 # For env, the argument must be the base name of the interpeter. 191 _shebang_re = re.compile(rb'^#! ?(?:/bin/(bash|sh)(?: -[^\n ]*)?' 192 rb'|/usr/bin/env ([^\n /]+))$') 193 _extensions = { 194 b'bash': 'sh', 195 b'perl': 'pl', 196 b'python3': 'py', 197 b'sh': 'sh', 198 } 199 200 def is_valid_shebang(self, first_line, filepath): 201 m = re.match(self._shebang_re, first_line) 202 if not m: 203 return False 204 interpreter = m.group(1) or m.group(2) 205 if interpreter not in self._extensions: 206 return False 207 if not filepath.endswith('.' + self._extensions[interpreter]): 208 return False 209 return True 210 211 def check_file_for_issue(self, filepath): 212 is_executable = os.access(filepath, os.X_OK) 213 with open(filepath, "rb") as f: 214 first_line = f.readline() 215 if first_line.startswith(b'#!'): 216 if not is_executable: 217 # Shebang on a non-executable file 218 self.files_with_issues[filepath] = None 219 elif not self.is_valid_shebang(first_line, filepath): 220 self.files_with_issues[filepath] = [1] 221 elif is_executable: 222 # Executable without a shebang 223 self.files_with_issues[filepath] = None 224 225 226class EndOfFileNewlineIssueTracker(FileIssueTracker): 227 """Track files that end with an incomplete line 228 (no newline character at the end of the last line).""" 229 230 heading = "Missing newline at end of file:" 231 232 path_exemptions = BINARY_FILE_PATH_RE 233 234 def check_file_for_issue(self, filepath): 235 with open(filepath, "rb") as f: 236 try: 237 f.seek(-1, 2) 238 except OSError: 239 # This script only works on regular files. If we can't seek 240 # 1 before the end, it means that this position is before 241 # the beginning of the file, i.e. that the file is empty. 242 return 243 if f.read(1) != b"\n": 244 self.files_with_issues[filepath] = None 245 246 247class Utf8BomIssueTracker(FileIssueTracker): 248 """Track files that start with a UTF-8 BOM. 249 Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM.""" 250 251 heading = "UTF-8 BOM present:" 252 253 suffix_exemptions = frozenset([".vcxproj", ".sln"]) 254 path_exemptions = BINARY_FILE_PATH_RE 255 256 def check_file_for_issue(self, filepath): 257 with open(filepath, "rb") as f: 258 if f.read().startswith(codecs.BOM_UTF8): 259 self.files_with_issues[filepath] = None 260 261 262class UnixLineEndingIssueTracker(LineIssueTracker): 263 """Track files with non-Unix line endings (i.e. files with CR).""" 264 265 heading = "Non-Unix line endings:" 266 267 def should_check_file(self, filepath): 268 if not super().should_check_file(filepath): 269 return False 270 return not is_windows_file(filepath) 271 272 def issue_with_line(self, line, _filepath): 273 return b"\r" in line 274 275 276class WindowsLineEndingIssueTracker(LineIssueTracker): 277 """Track files with non-Windows line endings (i.e. CR or LF not in CRLF).""" 278 279 heading = "Non-Windows line endings:" 280 281 def should_check_file(self, filepath): 282 if not super().should_check_file(filepath): 283 return False 284 return is_windows_file(filepath) 285 286 def issue_with_line(self, line, _filepath): 287 return not line.endswith(b"\r\n") or b"\r" in line[:-2] 288 289 290class TrailingWhitespaceIssueTracker(LineIssueTracker): 291 """Track lines with trailing whitespace.""" 292 293 heading = "Trailing whitespace:" 294 suffix_exemptions = frozenset([".dsp", ".md"]) 295 296 def issue_with_line(self, line, _filepath): 297 return line.rstrip(b"\r\n") != line.rstrip() 298 299 300class TabIssueTracker(LineIssueTracker): 301 """Track lines with tabs.""" 302 303 heading = "Tabs present:" 304 suffix_exemptions = frozenset([ 305 ".pem", # some openssl dumps have tabs 306 ".sln", 307 "/Makefile", 308 "/Makefile.inc", 309 "/generate_visualc_files.pl", 310 ]) 311 312 def issue_with_line(self, line, _filepath): 313 return b"\t" in line 314 315 316class MergeArtifactIssueTracker(LineIssueTracker): 317 """Track lines with merge artifacts. 318 These are leftovers from a ``git merge`` that wasn't fully edited.""" 319 320 heading = "Merge artifact:" 321 322 def issue_with_line(self, line, _filepath): 323 # Detect leftover git conflict markers. 324 if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '): 325 return True 326 if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3 327 return True 328 if line.rstrip(b'\r\n') == b'=======' and \ 329 not _filepath.endswith('.md'): 330 return True 331 return False 332 333 334class IntegrityChecker: 335 """Sanity-check files under the current directory.""" 336 337 def __init__(self, log_file): 338 """Instantiate the sanity checker. 339 Check files under the current directory. 340 Write a report of issues to log_file.""" 341 self.check_repo_path() 342 self.logger = None 343 self.setup_logger(log_file) 344 self.issues_to_check = [ 345 PermissionIssueTracker(), 346 ShebangIssueTracker(), 347 EndOfFileNewlineIssueTracker(), 348 Utf8BomIssueTracker(), 349 UnixLineEndingIssueTracker(), 350 WindowsLineEndingIssueTracker(), 351 TrailingWhitespaceIssueTracker(), 352 TabIssueTracker(), 353 MergeArtifactIssueTracker(), 354 ] 355 356 @staticmethod 357 def check_repo_path(): 358 if not all(os.path.isdir(d) for d in ["include", "library", "tests"]): 359 raise Exception("Must be run from Mbed TLS root") 360 361 def setup_logger(self, log_file, level=logging.INFO): 362 self.logger = logging.getLogger() 363 self.logger.setLevel(level) 364 if log_file: 365 handler = logging.FileHandler(log_file) 366 self.logger.addHandler(handler) 367 else: 368 console = logging.StreamHandler() 369 self.logger.addHandler(console) 370 371 @staticmethod 372 def collect_files(): 373 bytes_output = subprocess.check_output(['git', 'ls-files', '-z']) 374 bytes_filepaths = bytes_output.split(b'\0')[:-1] 375 ascii_filepaths = map(lambda fp: fp.decode('ascii'), bytes_filepaths) 376 # Prepend './' to files in the top-level directory so that 377 # something like `'/Makefile' in fp` matches in the top-level 378 # directory as well as in subdirectories. 379 return [fp if os.path.dirname(fp) else os.path.join(os.curdir, fp) 380 for fp in ascii_filepaths] 381 382 def check_files(self): 383 for issue_to_check in self.issues_to_check: 384 for filepath in self.collect_files(): 385 if issue_to_check.should_check_file(filepath): 386 issue_to_check.check_file_for_issue(filepath) 387 388 def output_issues(self): 389 integrity_return_code = 0 390 for issue_to_check in self.issues_to_check: 391 if issue_to_check.files_with_issues: 392 integrity_return_code = 1 393 issue_to_check.output_file_issues(self.logger) 394 return integrity_return_code 395 396 397def run_main(): 398 parser = argparse.ArgumentParser(description=__doc__) 399 parser.add_argument( 400 "-l", "--log_file", type=str, help="path to optional output log", 401 ) 402 check_args = parser.parse_args() 403 integrity_check = IntegrityChecker(check_args.log_file) 404 integrity_check.check_files() 405 return_code = integrity_check.output_issues() 406 sys.exit(return_code) 407 408 409if __name__ == "__main__": 410 run_main() 411