oss-fuzz/infra/presubmit.py

356 lines
11 KiB
Python
Executable File

#!/usr/bin/env python3
# Copyright 2020 Google LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
"""Check code for common issues before submitting."""
import argparse
import os
import subprocess
import sys
import yaml
_SRC_ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
def _is_project_file(actual_path, expected_filename):
"""Returns True if actual_path's name is |expected_filename| and is a file
that exists and is in in projects/."""
if os.path.basename(actual_path) != expected_filename:
return False
if os.path.basename(os.path.dirname(
os.path.dirname(actual_path))) != 'projects':
return False
return os.path.exists(actual_path)
# TODO: Check for -fsanitize=fuzzer in files as well.
def _check_one_lib_fuzzing_engine(build_sh_file):
"""Returns False if |build_sh_file| contains -lFuzzingEngine.
This is deprecated behavior. $LIB_FUZZING_ENGINE should be used instead
so that -fsanitize=fuzzer is used."""
if not _is_project_file(build_sh_file, 'build.sh'):
return True
with open(build_sh_file) as build_sh:
build_sh_lines = build_sh.readlines()
for line_num, line in enumerate(build_sh_lines):
uncommented_code = line.split('#')[0]
if '-lFuzzingEngine' in uncommented_code:
print(
'Error: build.sh contains deprecated "-lFuzzingEngine" on line: {0}. '
'Please use "$LIB_FUZZING_ENGINE" instead.'.format(line_num))
return False
return True
def check_lib_fuzzing_engine(paths):
"""Call _check_one_lib_fuzzing_engine on each path in |paths|. Return True if
the result of every call is True."""
return all([_check_one_lib_fuzzing_engine(path) for path in paths])
class ProjectYamlChecker:
"""Checks for a project.yaml file."""
# Sections in a project.yaml and the constant values that they are allowed
# to have.
SECTIONS_AND_CONSTANTS = {
'sanitizers': {'address', 'none', 'memory', 'undefined', 'dataflow'},
'architectures': {'i386', 'x86_64'},
'fuzzing_engines': {'afl', 'libfuzzer', 'honggfuzz', 'dataflow'},
}
# Note: this list must be updated when we allow new sections.
VALID_SECTION_NAMES = [
'architectures',
'auto_ccs',
'coverage_extra_args',
'disabled',
'fuzzing_engines',
'homepage',
'primary_contact',
'sanitizers',
'vendor_ccs',
'view_restrictions',
'language',
'help_url',
]
LANGUAGES_SUPPORTED = ['c', 'cpp', 'go', 'rust', 'python']
# Note that some projects like boost only have auto-ccs. However, forgetting
# primary contact is probably a mistake.
REQUIRED_SECTIONS = ['primary_contact']
def __init__(self, filename):
self.filename = filename
with open(filename) as file_handle:
self.data = yaml.safe_load(file_handle)
self.success = True
def do_checks(self):
"""Do all project.yaml checks. Return True if they pass."""
if self.is_disabled():
return True
checks = [
self.check_project_yaml_constants,
self.check_required_sections,
self.check_valid_section_names,
self.check_valid_emails,
self.check_valid_language,
]
for check_function in checks:
check_function()
return self.success
def is_disabled(self):
"""Is this project disabled."""
return self.data.get('disabled', False)
def error(self, message):
"""Print an error message and set self.success to False."""
self.success = False
print('Error in {filename}: {message}'.format(filename=self.filename,
message=message))
def check_project_yaml_constants(self):
"""Check that certain sections only have certain constant values."""
for section, allowed_constants in self.SECTIONS_AND_CONSTANTS.items():
if section not in self.data:
continue
actual_constants = self.data[section]
for constant in actual_constants:
if isinstance(constant, str):
if constant not in allowed_constants:
self.error(('{constant} (in {section} section) is not a valid '
'constant ({allowed_constants}).').format(
constant=constant,
section=section,
allowed_constants=', '.join(allowed_constants)))
elif isinstance(constant, dict):
# The only alternative value allowed is the experimental flag, i.e.
# `constant == {'memory': {'experimental': True}}`. Do not check the
# experimental flag, but assert that the sanitizer is a valid one.
if (len(constant.keys()) > 1 or
list(constant.keys())[0] not in allowed_constants):
self.error('Not allowed value in the project.yaml: ' +
str(constant))
else:
self.error('Not allowed value in the project.yaml: ' + str(constant))
def check_valid_section_names(self):
"""Check that only valid sections are included."""
for name in self.data:
if name not in self.VALID_SECTION_NAMES:
self.error('{name} is not a valid section name ({valid_names})'.format(
name=name, valid_names=self.VALID_SECTION_NAMES))
def check_required_sections(self):
"""Check that all required sections are present."""
for section in self.REQUIRED_SECTIONS:
if section not in self.data:
self.error(section + ' section is missing.')
def check_valid_emails(self):
"""Check that emails are valid looking."""
# Get email addresses.
email_addresses = []
primary_contact = self.data.get('primary_contact')
if primary_contact:
email_addresses.append(primary_contact)
auto_ccs = self.data.get('auto_ccs')
if auto_ccs:
email_addresses.extend(auto_ccs)
# Sanity check them.
for email_address in email_addresses:
if '@' not in email_address or '.' not in email_address:
self.error(email_address + ' is an invalid email address.')
def check_valid_language(self):
"""Check that the language specified is valid."""
language = self.data.get('language')
if not language:
return
if language not in self.LANGUAGES_SUPPORTED:
self.error('{language} is not supported ({supported}).'.format(
language=language, supported=self.LANGUAGES_SUPPORTED))
def _check_one_project_yaml(project_yaml_filename):
"""Do checks on the project.yaml file."""
if not _is_project_file(project_yaml_filename, 'project.yaml'):
return True
checker = ProjectYamlChecker(project_yaml_filename)
return checker.do_checks()
def check_project_yaml(paths):
"""Call _check_one_project_yaml on each path in |paths|. Return True if
the result of every call is True."""
return all([_check_one_project_yaml(path) for path in paths])
def do_checks(changed_files):
"""Run all presubmit checks return False if any fails."""
checks = [
check_license, yapf, lint, check_project_yaml, check_lib_fuzzing_engine
]
# Use a list comprehension here and in other cases where we use all() so that
# we don't quit early on failure. This is more user-friendly since the more
# errors we spit out at once, the less frequently the less check-fix-check
# cycles they need to do.
return all([check(changed_files) for check in checks])
_CHECK_LICENSE_FILENAMES = ['Dockerfile']
_CHECK_LICENSE_EXTENSIONS = [
'.bash',
'.c',
'.cc',
'.cpp',
'.css',
'.h',
'.htm',
'.html',
'.js',
'.proto',
'.py',
'.sh',
]
_LICENSE_STRING = 'http://www.apache.org/licenses/LICENSE-2.0'
def check_license(paths):
"""Validate license header."""
if not paths:
return True
success = True
for path in paths:
filename = os.path.basename(path)
extension = os.path.splitext(path)[1]
if (filename not in _CHECK_LICENSE_FILENAMES and
extension not in _CHECK_LICENSE_EXTENSIONS):
continue
with open(path) as file_handle:
if _LICENSE_STRING not in file_handle.read():
print('Missing license header in file %s.' % str(path))
success = False
return success
def bool_to_returncode(success):
"""Return 0 if |success|. Otherwise return 1."""
if success:
print('Success.')
return 0
print('Failed.')
return 1
def is_python(path):
"""Returns True if |path| ends in .py."""
return os.path.splitext(path)[1] == '.py'
def lint(paths):
"""Run python's linter on |paths| if it is a python file. Return False if it
fails linting."""
paths = [path for path in paths if is_python(path)]
if not paths:
return True
command = ['python3', '-m', 'pylint', '-j', '0']
command.extend(paths)
returncode = subprocess.run(command, check=False).returncode
return returncode == 0
def yapf(paths, validate=True):
"""Do yapf on |path| if it is Python file. Only validates format if
|validate| otherwise, formats the file. Returns False if validation
or formatting fails."""
paths = [path for path in paths if is_python(path)]
if not paths:
return True
validate_argument = '-d' if validate else '-i'
command = ['yapf', validate_argument, '-p']
command.extend(paths)
returncode = subprocess.run(command, check=False).returncode
return returncode == 0
def get_changed_files():
"""Return a list of absolute paths of files changed in this git branch."""
# FIXME: This doesn't work if branch is behind master.
diff_command = ['git', 'diff', '--name-only', 'FETCH_HEAD']
return [
os.path.abspath(path)
for path in subprocess.check_output(diff_command).decode().splitlines()
if os.path.isfile(path)
]
def main():
"""Check changes on a branch for common issues before submitting."""
# Get program arguments.
parser = argparse.ArgumentParser(description='Presubmit script for oss-fuzz.')
parser.add_argument('command',
choices=['format', 'lint', 'license'],
nargs='?')
args = parser.parse_args()
changed_files = get_changed_files()
os.chdir(_SRC_ROOT)
# Do one specific check if the user asked for it.
if args.command == 'format':
success = yapf(changed_files, False)
return bool_to_returncode(success)
if args.command == 'lint':
success = lint(changed_files)
return bool_to_returncode(success)
if args.command == 'license':
success = check_license(changed_files)
return bool_to_returncode(success)
# Otherwise, do all of them.
success = do_checks(changed_files)
return bool_to_returncode(success)
if __name__ == '__main__':
sys.exit(main())