banalize 0.0.1

data/lib/banalize/runner.rb

@@ -0,0 +1,101 @@
+module Banalize
+
+  ##
+  # Run policy check and return result of it.
+  #
+  # @param [String] bash Bash file for analisys
+  #
+  # @param [String, Hash] search Name of a policy to check against or
+  #     hash having :severity and/or :policy keys
+  #
+  # @see Policy.search
+  #
+  # @return [Array of Hashes] each element of array is { :name => result }
+  #
+  def self.run bash, search
+
+    run_list = Policy.search search
+
+    if run_list.empty?
+      raise Banalize::Runner::Error, "No policy satisfying criteria: #{search.inspect}"
+    end
+
+    res = { }
+    run_list.each do |policy|
+      res[policy[:policy]] = Banalize::Runner.new(bash, policy).result
+    end
+    res
+  end
+
+  ##
+  # Executing policy checks against bash file(s). Class instance is
+  # single bach file to check and single policy. Result of the check
+  # is returned in `@result` instance variable (and attr_accessor).
+  #
+  # Instance attributes
+  # ----------------------
+  # - `@bash` - PATH to bash file
+  #
+  # - `@policy` - [Hash] Policy configuration hash, key :klass contains
+  #           name of the class for Ruby policy. If Hash does not have
+  #           :klass key, it's not a Ruby, execute it as shell policy.
+  #
+  # - `@result` - Currenty returns only Boolean (true - check OK/false
+  #    check fail). This can change later.
+  class Runner
+
+    ##
+    # Create new instance of policy check runner and execute
+    # it. Result of the check is returned in @result attribute.
+    #
+    # @param [String] bash
+    # @param [Hash] policy Policy configuration hash.
+    #
+    # @see Runner
+    #
+    def initialize bash,policy
+      @bash, @policy, @result = bash, policy, nil
+
+      if @policy.has_key? :klass
+        ruby
+      else
+        shell
+      end
+    end
+
+    attr_accessor :policy, :bash, :result
+
+    ##
+    # Execute ruby check
+    #
+    def ruby
+      object = policy[:klass].constantize.new(bash)
+      res = object.run
+      @result = {
+        :status => res ? true : false,
+        :messages => Errors.to_s(object.errors.messages)
+      }
+    end
+
+    ##
+    # Execute shell check
+    #
+    def shell
+      err = %x{ #{policy[:path]} #{bash} }
+      @result = {
+        :status => ($?.exitstatus == 0),
+        :messages => err
+      }
+    end
+
+    # systemu is very slow
+#     def shell_
+#       stat, out, err = systemu  "#{policy[:path]} #{bash} "
+#       @result = {
+#         :status => ($?.exitstatus == 0),
+#         :messages => err
+#       }
+#     end
+
+  end
+end

data/lib/commands/describe.rb

@@ -0,0 +1,58 @@
+desc 'Give a description of terms used here'
+arg_name 'Describe arguments to analyze here'
+command [:describe,:desc] do |c|
+
+
+  c.desc 'Print help for the specified policy'
+  c.command [:policy, :pol, :p] do |p|
+    p.desc 'Policy name'
+    p.arg_name 'policy_name'
+
+    p.action do |global_options, options, args|
+      raise "Need a policy name to see description" if args.empty?
+      p = args.first.to_sym
+      print "\n#{p}: #{Banalize::Policy.synopsis(p)}\n\n"
+      print Banalize::Policy.description(p) + "\n\n"
+    end
+
+  end
+  
+
+  ##
+  # Policies
+  #
+  c.desc 'List and describe available policy groups'
+  c.command [:styles, :style] do |p|
+    p.action do
+      puts <<-EOP
+Theme        Description
+-----        ----------- 
+core         All policies
+bugs         Policies that that prevent or reveal bugs
+maintenance  Policies that affect the long-term health of the code
+cosmetic     Policies that only have a superficial effect
+complexity   Policies that specifically relate to code complexity
+security     Policies that relate to security issues
+tests        Policies that are specific to test programs
+
+EOP
+    end
+  end
+
+
+
+  ##
+  # Severity
+  #
+  c.desc 'Print out names of severity levels and their numeric value'
+  c.command [:severity, :sev] do |a|
+    a.action do 
+      puts "Name                Value"
+      puts "------              ------"
+      print Banalize::Policy::Severity.to_s
+
+      puts "\n\nDefault severity: " << Banalize::Policy::Severity.default.to_s
+    end
+  end
+
+end

data/lib/commands/dir.rb

@@ -0,0 +1,39 @@
+desc 'Banalize file(s) from single or multiple directories. Can use wildcards and mix files/directories.'
+
+arg_name 'dir', :multiple
+command [:directory, :dir] do |c|
+
+  c.desc "Show all results, by default only failures shown (only for long format)"
+  c.switch [:a,:all]
+
+  c.desc "Short dotted output format"
+  c.switch [:s, :short, :dots]
+
+  c.desc "Recursive scan directories for files"
+  c.switch [:recursive, :recur, :r]
+
+  c.switch [:allow_files, :f], :desc => "Allow use of file paths together with directory paths"
+
+  c.desc "Wildcard for file lists"
+  c.default_value "*"
+  c.flag [:wildcard, :w]
+
+  c.desc "With 'no-' do not show errors, only name of failed check"
+  c.default_value true
+  c.switch [:errors, :err, :e]
+
+  c.action do |global, options, args|
+    files = []
+    args.each { |dir|
+      dir = File.expand_path dir
+      if options[:allow_files] && File.file?(dir)
+        files << dir
+      else
+        files += Dir.glob("#{dir}/#{ options[:r] ? '**/' : ''}#{options[:wildcard]}").select { |x| File.file? x}
+      end
+    }
+    files.each { |file| $res[file] = Banalize.run(file, $search) }
+  end
+end
+
+

data/lib/commands/file.rb

@@ -0,0 +1,22 @@
+desc 'Run banalize on a single file or multiple files'
+
+arg_name 'filename', :multiple
+command [:file, :fl] do |c|
+  
+  c.desc "Show all results, by default only failures shown (only for long format)"
+  c.switch [:a,:all]
+
+  c.desc "Short dotted output format"
+  c.switch [:s, :short, :dots]
+
+  c.desc "With 'no-' do not show errors, only name of failed check"
+  c.default_value true
+  c.switch [:errors, :err, :e]
+
+
+  c.action do |global, options, args|
+    args.each { |file| $res[file] = Banalize.run(file, $search) }
+  end
+end
+
+

data/lib/commands/list.rb

@@ -0,0 +1,25 @@
+desc 'List available policies'
+
+command [:list, :ls] do |c|
+
+  c.desc 'Only names of policies without description'
+  c.switch [:short, :s]
+  c.default_value true
+
+  c.action do |global, options, args|
+
+    
+    printf "\n%40s   %s\n\n", "Policy name".color(:bold), "Synopsis, style, severity".color(:bold)
+
+    $policies.each do |x|
+      if options[:short]
+        printf "%40s : %s, %s\n", x[:policy].to_s.color(:yellow), x[:style], x[:severity]
+      else
+        printf "%40s : %s [%s, %s]\n", x[:policy].to_s.color(:yellow), x[:synopsis], x[:style], x[:severity]
+      end
+    end
+    require 'pp'
+#     pp $policies
+#     pp Banalize::Files.policies
+  end
+end

data/lib/core_extensions/string.rb

@@ -0,0 +1,15 @@
+##
+# Extend class String with color codes
+class String
+  def color type
+    return self unless $color
+    color_code = case type
+                 when :bold             then 1
+                 when :white, :file     then 37
+                 when :error, :red      then 31
+                 when :green            then 32
+                 when :policy, :yellow  then 33
+                 end
+    "\e[#{color_code}m#{self}\e[0m"
+  end
+end

data/lib/helpers/beautify.rb

@@ -0,0 +1,43 @@
+module Banalize
+  ##
+  # Make ouput text indented and apply colors to it if this is required
+  # 
+  # @param [Hash] hash check result hash
+  # @param [String] indent Default indent 4 spaces for each level
+  #
+  def self.beautify hash, indent='    '
+    out = ''
+    l1 = "\n"+indent
+    l2 = "\n" << indent*2
+    l3 = "\n" << indent*2 << "## "
+
+    hash.each do |file,results|
+      out << "\n\n#{file.color(:file)}"
+
+      results.each do |f_or_s, checks|
+
+        
+        out << l1 << f_or_s << l1 << '-'*10
+
+        checks.each do |policy, string|
+          out << l1 << policy.to_s.color(f_or_s == 'Fail' ? :red : :yellow)
+          if string
+            lines = case string
+                    when String
+                      string.split("\n")
+                    when Array
+                      string
+                    end
+            lines.each do |line| 
+              line.gsub!(/(line \d+:)(.*)/, '\1' +"#{l3}    "+ '\2' )
+              out << l3 << line
+            end
+
+          end
+        end
+      end
+      
+    end
+    out
+  end
+end

data/lib/policies/consistent_indents.rb

@@ -0,0 +1,34 @@
+banalizer File.basename(__FILE__, '.rb').to_sym do
+
+  synopsis 'All lines must be indented consistenly' 
+  severity :harsh
+  style    :cosmetic
+
+  description <<EOF
+
+When indenting the code all leading line indents should use the same
+character: either all spaces or all tabs, but not mixed.
+
+EOF
+
+
+  def run
+    ret = true
+
+    has_tabs  = code.has?(/^\s*\t/)
+    tab_lines = code.lines
+
+    has_spcs  = code.has?(/^\s* /)
+    spc_lines = code.lines
+
+    if has_tabs && has_spcs
+      errors.add "Code indented inconsistently: TABS and SPACES mixed"
+      errors.add "    TAB indented: #{tab_lines}"
+      errors.add "    SPC indented: #{spc_lines}"
+      
+    end
+    
+    return errors.empty?
+  end
+
+end

data/lib/policies/define_path.rb

@@ -0,0 +1,53 @@
+banalizer :explicitly_define_path_variable do
+  
+  style :security
+  severity :gentle
+
+  description <<-EOF
+
+PATH varaible should be defined explicitly in the script. It should *only* list absolute path names and does not have $PATH variable. 
+
+Quote from http://hub.opensolaris.org/bin/view/Community+Group+on/shellstyle#HPathnames
+
+It is always a good idea to be careful about $PATH settings and
+pathnames when writing shell scripts. This allows them to function
+correctly even when the user invoking your script has some strange
+$PATH set in their environment.
+
+ There are two acceptable ways to do this:
+
+ (1) make *all* command references in your script use explicit pathnames:
+
+/usr/bin/chown root bar
+/usr/bin/chgrp sys bar
+ or (2) explicitly reset $PATH in your script:
+
+PATH=/usr/bin; export PATH
+
+chown root bar
+chgrp sys bar
+
+DO NOT use a mixture of (1) and (2) in the same script. Pick one method and use it consistently.
+
+
+EOF
+
+  
+
+  parser :bash
+
+  def run
+    if code.dont_have?(/^\s*PATH=/)
+      errors.add "PATH variable is not defined in the script"
+    end
+
+    if code.has?(/PATH=.*\$\{?PATH\}?/)
+      errors.add "PATH variable defined by extending existing $PATH variable at: #{code.lines}"
+      errors.add "    #{code.search.inspect}"
+      errors.add code
+    end
+
+    return errors.empty?
+  end
+  
+end

data/lib/policies/exit_on_error.rb

@@ -0,0 +1,46 @@
+banalizer :exit_on_error do
+
+  synopsis 'Script should be run with -e option or `set -o errexit`'
+  
+  description <<EOF
+Using this option forces bash script to exit on first error.
+  
+man bash:
+
+         -e      Exit immediately if a simple command (see SHELL GRAMMAR above)
+                 exits with a non-zero status.  The shell does not exit if  the
+                 command  that  fails  is  part of the command list immediately
+                 following a while or until keyword, part of the test in an  if
+                 statement, part of a && or || list, or if the command's return
+                 value is being inverted via !.  A trap on ERR, if set, is exe-
+                 cuted before the shell exits.
+
+
+`set -o errexit` is the same as `set -e`.
+
+EOF
+
+  severity :gentle
+
+  def run
+    ret = true
+    #
+    # Prohibit using set +e option
+    #
+    errors.add "Setting +e option in shebang: #{shebang}" if (shebang.has? /\+e/)
+
+    if code.has? /set\s+\+e/
+      errors.add "Use of +e to unset -e option. Lines: #{code.lines}"
+    end
+
+    
+    if ( code.dont_have?(/set\s+-e/) || 
+         code.dont_have?(/set\s+-o\s+errexit/)
+         ) &&
+        shebang.dont_have?(/\s-e/)
+      errors.add "Can not find option -e or -o errexit anywhere in the script"
+    end
+    return errors.empty?
+  end
+
+end