Unqouted $pkgdir and $srcdir can lead to errors if the directory name contains spaces. Not quoting these variables is a common mistake. For example, it is often seen in PKGBUILDs that are submitted for review. Add a rule that warns on unquoted $pkgdir and $srcdir. Signed-off-by: Michael Straube <michael.straubej@gmail.com> --- v1 -> v2 Updated my email address. Namcap/rules/__init__.py | 3 +- Namcap/rules/unquoteddirvars.py | 39 ++++++++++++ Namcap/tests/pkgbuild/test_unquoteddirvars.py | 63 +++++++++++++++++++ namcap-tags | 1 + 4 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 Namcap/rules/unquoteddirvars.py create mode 100644 Namcap/tests/pkgbuild/test_unquoteddirvars.py diff --git a/Namcap/rules/__init__.py b/Namcap/rules/__init__.py index 5ca6551..bd348b4 100644 --- a/Namcap/rules/__init__.py +++ b/Namcap/rules/__init__.py @@ -67,7 +67,8 @@ from . import ( pkginfo, pkgnameindesc, sfurl, - splitpkgbuild + splitpkgbuild, + unquoteddirvars ) all_rules = {} diff --git a/Namcap/rules/unquoteddirvars.py b/Namcap/rules/unquoteddirvars.py new file mode 100644 index 0000000..bf303f0 --- /dev/null +++ b/Namcap/rules/unquoteddirvars.py @@ -0,0 +1,39 @@ +# +# namcap rules - unquoteddirvars +# Copyright (C) 2020 Michael Straube <michael.straubej@gmail.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import re +from Namcap.ruleclass import * + +class package(PkgbuildRule): + name = "unquoteddirvars" + description = "Looks for unquoted $pkgdir and $srcdir" + def analyze(self, pkginfo, pkgbuild): + needles = ['$pkgdir', '${pkgdir}', '$srcdir', '${srcdir}'] + hits = set() + for line in pkginfo.pkgbuild: + if not any(n in line for n in needles): + continue + double_quoted_strings = re.findall('"([^"]*)"', line) + for n in needles: + if line.count(n) != sum(n in s for s in double_quoted_strings): + hits.add(n) + for i in hits: + self.warnings.append(("unquoted-dirvar %s", i)) + +# vim: set ts=4 sw=4 noet: diff --git a/Namcap/tests/pkgbuild/test_unquoteddirvars.py b/Namcap/tests/pkgbuild/test_unquoteddirvars.py new file mode 100644 index 0000000..4525744 --- /dev/null +++ b/Namcap/tests/pkgbuild/test_unquoteddirvars.py @@ -0,0 +1,63 @@ +# +# namcap tests - unquoteddirvars +# Copyright (C) 2020 Michael Straube <michael.straubej@gmail.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from Namcap.tests.pkgbuild_test import PkgbuildTest +import Namcap.rules + +class NamcapUnqoutedDirVarsTest(PkgbuildTest): + pkgbuild = """ +# Maintainer: Arch Linux <archlinux at example.com> +# Contributor: Arch Linux <archlinux at example.com> + +pkgname=mypackage +pkgver=1.0 +pkgrel=1 +pkgdesc="A package" +url="http://www.example.com/" +arch=('x86_64') +depends=('glibc') +license=('GPL') +options=('!libtool') +source=(ftp://ftp.example.com/pub/mypackage-0.1.tar.gz) +md5sums=('abcdefabcdef12345678901234567890') + +build() { + cd $srcdir/$pkgname-$pkgver +} + +package() { + make install DESTDIR=$pkgdir/ + install -Dm644 ${srcdir}/LICENSE ${pkgdir}/usr/share/licenses/${pkgname} + install -Dm644 "${srcdir}/example.desktop" "$pkgdir"/usr/share/applications +} +""" + test_valid = PkgbuildTest.valid_tests + + def preSetUp(self): + self.rule = Namcap.rules.unquoteddirvars.package + + def test_example(self): + needles = ['$pkgdir', '${pkgdir}', '$srcdir', '${srcdir}'] + r = self.run_on_pkg(self.pkgbuild) + self.assertEqual(r.errors, []) + self.assertEqual(set(r.warnings), + set(("unquoted-dirvar %s", i) for i in needles)) + self.assertEqual(r.infos, []) + +# vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 1f7bc69..e48f8fe 100644 --- a/namcap-tags +++ b/namcap-tags @@ -85,6 +85,7 @@ specific-sourceforge-mirror :: Attempting to use specific sourceforge mirror, us symlink-found %s points to %s :: Symlink (%s) found that points to %s systemd-location %s :: File %s should be in /usr/lib/systemd/system/ too-many-checksums %s %i needed :: Too many %s: %i needed +unquoted-dirvar %s :: Variable %s is not quoted. unused-sodepend %s %s :: Unused shared library '%s' by file ('%s') use-pkgdir :: Use $pkgdir instead of $startdir/pkg use-srcdir :: Use $srcdir instead of $startdir/src -- 2.28.0