nasl-pedant 0.0.3 → 0.0.4

data/lib/pedant/checks/script_id.rb

@@ -0,0 +1,115 @@
+################################################################################
+# Copyright (c) 2012, Mak Kolybabi
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+################################################################################
+
+module Pedant
+  class CheckScriptId < Check
+    def self.requires
+      super + [:main, :trees]
+    end
+
+    def run
+      # This check only applies to plugins.
+      return skip unless @kb[:main].extname == '.nasl'
+
+      si_nodes = []
+      tree = @kb[:trees][@kb[:main]]
+
+      tree.all(:Call).each do |node|
+        next unless node.name.ident.name == 'script_id'
+        next unless node.name.indexes == []
+        si_nodes << node
+      end
+
+      if si_nodes.length == 0
+        report(:error, "Plugin does not call script_id() in the description.")
+        return fail
+      elsif si_nodes.length > 1
+        report(:error, "Plugin specifies multiple script IDs:")
+        si_nodes.each { |call| report(:error, call.context()) }
+        return fail
+      end
+
+      si_node = si_nodes.first
+
+      if si_node.args.empty?
+        report(:error, "script_id() was called with no arguments:\n#{si_node.context()}")
+        return fail
+      end
+
+      if si_node.args.length > 1
+        report(:error, "script_id() was called with too many arguments:\n#{si_node.context()}")
+        return fail
+      end
+        
+      # Pull out argument
+      type = si_node.args.first.type
+      arg = si_node.args.first.expr
+
+      if type != :anonymous
+        report(
+          :error,
+          "script_id() was called using a named parameter.  It requires using one positional parameter.\n" +
+          arg.context(si_node)
+        )
+        return fail
+      end
+       
+      unless arg.is_a? Nasl::Integer
+        report(
+          :error,
+          "script_id() was called with the wrong type of argument.\n" +
+          "An integer literal between 10001 and 999999 inclusive is required:\n" +
+          arg.context(si_node)
+        )
+        return fail
+      end
+
+      # Ensure that the script id is valid.
+      if arg.value < 10001 or arg.value > 999999
+        report(
+          :error,
+          "script_id() was called with an invalid argument.\n" +
+          "An integer literal between 10001 and 999999 inclusive is required:\n" +
+          arg.context(si_node)
+        )
+        return fail
+      end
+
+      # Ensure that the script id is valid.
+      if arg.value >= 900001 and arg.value <= 999999
+        report(
+          :warn,
+          "Uses a script id reserved for custom plugins / plugins in development.\n" +
+          arg.context(si_node)
+        )
+        return warn
+      end
+
+      report(:info, "Plugin has script id #{arg.value}:\n#{arg.context(si_node)}")
+      pass
+    end
+  end
+end

data/lib/pedant/checks/script_name.rb

@@ -0,0 +1,133 @@
+################################################################################
+# Copyright (c) 2012, Mak Kolybabi
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+################################################################################
+
+module Pedant
+  class CheckScriptName < Check
+    def self.requires
+      super + [:main, :trees]
+    end
+
+    def run
+      # This check only applies to plugins.
+      return skip unless @kb[:main].extname == '.nasl'
+
+      sn_nodes = []
+      tree = @kb[:trees][@kb[:main]]
+
+      tree.all(:Call).each do |node|
+        next unless node.name.ident.name == 'script_name'
+        next unless node.name.indexes == []
+        sn_nodes << node
+      end
+
+      if sn_nodes.length == 0
+        report(:error, "Plugin does not call script_name() in the description.")
+        return fail
+      elsif sn_nodes.length > 1
+        report(:error, "Plugin calls script_name() multiple times:")
+        sn_nodes.each { |call| report(:error, call.context()) }
+        return fail
+      end
+
+      sn_node = sn_nodes.first
+
+      if sn_node.args.empty?
+        report(:error, "script_name() was called with no arguments:\n#{sn_node.context()}")
+        return fail
+      end
+
+      if sn_node.args.length > 1
+        report(:error, "script_name() was called with too many arguments:\n#{sn_node.context()}")
+        return fail
+      end
+        
+      # Pull out argument
+      type = sn_node.args.first.type
+      param = sn_node.args.first.name
+      arg = sn_node.args.first.expr
+
+      if type == :anonymous
+        report(
+          :error,
+          "script_name() was called using a positional parameter.\n" +
+          "It requires using an argument to the 'english' named parameter.\n" +
+          arg.context(sn_node)
+        )
+        return fail
+      end
+
+      if param.name != "english"
+        report(
+          :error,
+          "script_name() was called using an invalid named parameter.\n" +
+          "The 'english' named parameter must be used.\n" +
+          param.context(sn_node)
+        )
+        return fail
+      end
+       
+      unless arg.is_a? Nasl::String
+        report(
+          :error,
+          "script_name() was called with the wrong type of argument. A string is required.\n" +
+          arg.context(sn_node)
+        )
+        return fail
+      end
+
+      if arg.text.length == 0
+        report(
+          :error,
+          "script_name() was called with an empty string.\n" +
+          arg.context(sn_node)
+        )
+        return fail
+      end
+
+      if arg.text.slice(0) == " " && arg.text.slice(-1) == " "
+        ws_error = "Script name has leading and trailing whitespace:\n"
+      elsif arg.text.slice(0) == " "
+        ws_error = "Script name has leading whitespace:\n"
+      elsif arg.text.slice(-1) == " "
+        ws_error = "Script name has trailing whitespace:\n"
+      else
+        ws_error = nil
+      end
+ 
+      unless ws_error.nil?
+        report(
+          :error,
+          ws_error +
+          arg.context(sn_node)
+        )
+        return fail
+      end
+
+      report(:info, "Plugin has a script name of '#{arg.text}':\n#{arg.context(sn_node)}")
+      pass
+    end
+  end
+end

data/lib/pedant/checks/script_summary.rb

@@ -0,0 +1,142 @@
+################################################################################
+# Copyright (c) 2012, Mak Kolybabi
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+################################################################################
+
+module Pedant
+  class CheckScriptSummary < Check
+    def self.requires
+      super + [:main, :trees]
+    end
+
+    def run
+      # This check only applies to plugins.
+      return skip unless @kb[:main].extname == '.nasl'
+
+      ss_nodes = []
+      tree = @kb[:trees][@kb[:main]]
+
+      tree.all(:Call).each do |node|
+        next unless node.name.ident.name == 'script_summary'
+        next unless node.name.indexes == []
+        ss_nodes << node
+      end
+
+      if ss_nodes.length == 0
+        report(:error, "Plugin does not call script_summary() in the description.")
+        return fail
+      elsif ss_nodes.length > 1
+        report(:error, "Plugin calls script_summary() multiple times:")
+        ss_nodes.each { |call| report(:error, call.context()) }
+        return fail
+      end
+
+      ss_node = ss_nodes.first
+
+      if ss_node.args.empty?
+        report(:error, "script_summary() was called with no arguments:\n#{ss_node.context()}")
+        return fail
+      end
+
+      if ss_node.args.length > 1
+        report(:error, "script_summary() was called with too many arguments:\n#{ss_node.context()}")
+        return fail
+      end
+        
+      # Pull out argument
+      type = ss_node.args.first.type
+      param = ss_node.args.first.name
+      arg = ss_node.args.first.expr
+
+      if type == :anonymous
+        report(
+          :error,
+          "script_summary() was called using a positional parameter.\n" +
+          "It requires using an argument to the 'english' named parameter.\n" +
+          arg.context(ss_node)
+        )
+        return fail
+      end
+
+      if param.name != "english"
+        report(
+          :error,
+          "script_summary() was called using an invalid named parameter.\n" +
+          "The 'english' named parameter must be used.\n" +
+          param.context(ss_node)
+        )
+        return fail
+      end
+       
+      unless arg.is_a? Nasl::String
+        report(
+          :error,
+          "script_summary() was called with the wrong type of argument. A string is required.\n" +
+          arg.context(ss_node)
+        )
+        return fail
+      end
+
+      if arg.text.length == 0
+        report(
+          :error,
+          "script_summary() was called with an empty string.\n" +
+          arg.context(ss_node)
+        )
+        return fail
+      end
+
+      if arg.text.slice(0) == " " && arg.text.slice(-1) == " "
+        ws_error = "Script summary has leading and trailing whitespace:\n"
+      elsif arg.text.slice(0) == " "
+        ws_error = "Script summary has leading whitespace:\n"
+      elsif arg.text.slice(-1) == " "
+        ws_error = "Script summary has trailing whitespace:\n"
+      else
+        ws_error = nil
+      end
+ 
+      unless ws_error.nil?
+        report(
+          :error,
+          ws_error +
+          arg.context(ss_node)
+        )
+        return fail
+      end
+
+      if arg.text.include? "\n"
+        report(
+          :error,
+          "Script summary includes newline characters:\n" +
+          arg.context(ss_node)
+        )
+        return fail
+      end
+
+      report(:info, "Plugin has a script summary of '#{arg.text}':\n#{arg.context(ss_node)}")
+      pass
+    end
+  end
+end

data/lib/pedant/cli.rb

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright (c) 2011, Mak Kolybabi
+# Copyright (c) 2011-2014, Tenable Network Security
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -28,53 +28,63 @@ require 'optparse'
 
 module Pedant
   class Cli
+    @@optparse = nil
+
     def self.run
-      cfg = {}
+      options = {
+        input_mode: :filesystem,
+        output_mode: :terminal,
+        verbosity: 0
+      }
 
       Command.initialize!
 
-      optparse = OptionParser.new do |opts|
-        opts.banner = "Usage: pedant [options] [command [args]]"
+      @@optparse = OptionParser.new do |opts|
+        opts.banner = "Usage: pedant [global-options] [command [command-options] [args]]"
+
+        opts.separator ""
+        opts.separator "Global settings:"
 
-        cfg[:verbose] = 0
-        opts.on('-v', '--verbose', 'Output more information') do
-          cfg[:verbose] += 1
+        opts.on('-v', '--verbose', 'Output more information, use multiple time to increase verbosity.') do
+          options[:verbosity] += 1
         end
-      end
 
-      optparse.parse!
+        opts.separator ""
+        opts.separator "Common operations:"
 
-      # Sanity check the command line arguments.
-      if ARGV.empty?
-        puts "No command was specified."
-        puts
-        usage
-        exit 1
+        opts.on('-h', '--help', 'Display this help screen.') do
+          puts opts
+          exit 1
+        end
+
+        opts.on('-l', '--list', 'Display the list of available commands.') do
+          puts Command.list
+          exit 1
+        end
+
+        opts.on('-V', '--version', 'Display the version of Pedant.') do
+          puts "#{Pedant::VERSION}"
+          exit
+        end
       end
 
+      @@optparse.order!
+
+      # Sanity check the command.
+      usage("No command was specified.") if ARGV.empty?
       cmd = ARGV.shift
       cls = Command.find(cmd)
-      if cls.nil? then
-        puts "Command '#{cmd}' not supported."
-        puts
-        usage
-        exit 1
-      end
+      usage("Command '#{cmd}' not supported.") if cls.nil?
 
       # Run the command.
-      cls.run(cfg, ARGV)
+      cls.run(options, ARGV)
     end
 
-    def self.usage
-      puts "pedant [flags] [command] [filename ...]"
-      puts
-      puts "Flags:"
-      puts "    -v       Display more verbose (warning) messages. "
-      puts "    -vv      Display more verbose (informational) messages. "
+    def self.usage(msg)
+      puts Rainbow(msg).color(:red)
       puts
-      puts "Commands:"
-      puts "    check    Runs all included checks against the specified plugin(s)."
-      puts "    test     Runs the specified unit tests, all are selected by default."
+      puts @@optparse
+      exit 1
     end
   end
 end