From 6e4c39c244a289a54f235cf15a29874fb8885927 Mon Sep 17 00:00:00 2001 From: Trevor Brown Date: Wed, 8 Dec 2021 21:17:49 -0500 Subject: [PATCH] fix: ban grep long flags (#1117) Co-authored-by: James Hegedus --- test/banned_commands.bats | 49 ++++++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 13 deletions(-) diff --git a/test/banned_commands.bats b/test/banned_commands.bats index 9aaf8bcd..cf82cdc1 100644 --- a/test/banned_commands.bats +++ b/test/banned_commands.bats @@ -14,22 +14,27 @@ banned_commands=( # It's best to avoid eval as it makes it easier to accidentally execute # arbitrary strings eval - # grep -y does not work on alpine and should be "grep -i" either way - "grep.* -y" - # grep -P is not a valid option in OSX. - "grep.* -P" # realpath not available by default on OSX. realpath # readlink on OSX behaves differently from readlink on other Unix systems readlink - # sort --sort-version isn't supported everywhere - "sort.*-V" - "sort.*--sort-versions" # source isn't POSIX compliant. . behaves the same and is POSIX compliant # Except in fish, where . is deprecated, and will be removed in the future. source ) +banned_commands_regex=( + # grep -y does not work on alpine and should be "grep -i" either way + "grep.* -y" + # grep -P is not a valid option in OSX. + "grep.* -P" + # Ban grep long commands as they do not work on alpine + "grep[^|]+--\w{2,}" + # sort --sort-version isn't supported everywhere + "sort.*-V" + "sort.*--sort-versions" +) + setup() { setup_asdf_dir } @@ -39,12 +44,12 @@ teardown() { } @test "banned commands are not found in source code" { + # Assert command is not used in the lib and bin dirs + # or expect an explicit comment at end of line, allowing it. + # Also ignore matches that are contained in comments or a string or + # followed by an underscore (indicating it's a variable and not a + # command). for cmd in "${banned_commands[@]}"; do - # Assert command is not used in the lib and bin dirs - # or expect an explicit comment at end of line, allowing it. - # Also ignore matches that are contained in comments or a string or - # followed by an underscore (indicating it's a variable and not a - # command). run bash -c "grep -nHR '$cmd' asdf.* lib bin\ | grep -v '#.*$cmd'\ | grep -v '\".*$cmd.*\"' \ @@ -52,7 +57,25 @@ teardown() { | grep -v '# asdf_allow: $cmd'" # Only print output if we've found a banned command - if [ "$status" -ne 1 ]; then + #if [ "$status" -ne 1 ]; then + if [ "" != "$output" ]; then + echo "banned command $cmd: $output" + fi + + [ "$status" -eq 1 ] + [ "" == "$output" ] + done + + for cmd in "${banned_commands_regex[@]}"; do + run bash -c "grep -nHRE '$cmd' asdf.* lib bin\ + | grep -v '#.*$cmd'\ + | grep -v '\".*$cmd.*\"' \ + | grep -v '${cmd}_'\ + | grep -v '# asdf_allow: $cmd'" + + # Only print output if we've found a banned command + #if [ "$status" -ne 1 ]; then + if [ "" != "$output" ]; then echo "banned command $cmd: $output" fi