nasl-pedant 0.0.6 → 0.0.7

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    YTNkZDBhYzc5YzY5MjE1ZGFmMzgxZDViMDg0YmEwNGQyODE2ODlmMA==
+  data.tar.gz: !binary |-
+    MWI3Njg1YzY0ODMyNzJhZWViOGFiMzI3NDg1YjU1ZGI1NjY2NWNkOA==
+SHA512:
+  metadata.gz: !binary |-
+    NTViZDYwZWUxOWRhZWQ3OWZlNmRlZTYwYmVhMDY0ZjkzYmIwZmY5YTg5NWM2
+    NjU1NmEwYmM0YmFlNjkwZjNlMzhjNzFmMmZkMzkzOTU0Nzg3YzA3ZjcwOWM4
+    MWEwZTkwOGExY2IzNDEwOWZmN2JkNjRjNGI4OTI1YzJhNmY2OTI=
+  data.tar.gz: !binary |-
+    OGJlYTZiODkxZWQwZWU2MTk3YTg1NmM1OTdkNTZjNzdkYWQ1YjFkYmNiMzZi
+    YmQxYTI2YTVjNGJhMTQ0OTMxNjZiYjBlZmJkMDAwY2RmMmQ3NDQyNTU4MzBk
+    NTVjZjcyZmJhMTM5OWQ4MDZjYTdiMjAzNDNmNzZlZWUwMDI3MjU=

data/README.md

@@ -8,37 +8,22 @@ If you have Ruby 1.9.3+ and Rubygems installed, you can simply do:
 
 Using
 -----
-To check a script, run this: `pedant check scriptname.nasl`.
-You can check `.inc` files the same way.
+To check a script, run this: `pedant check scriptname.nasl`.  You can check
+`.inc` files the same way. Multiple files can be checked at the same time.
 
 See a `[WARN]` but there's no explanation of the problem? Try adding `-v`.
 
-Checking multiple files together is not currently supported (and has some
-semantics questions to be sorted out first). Currently, using xargs is the best
-way to check multiple files. For example, for checking all the plugins in a
-directory:
-
-    find . -maxdepth 1 -name '*.nasl' | while read fname; do
-      echo $fname
-      pedant check $fname
-      echo
-    done > pedant_results_$(date +%s)
-
 Bugs
 ----
 
-1. Choosing which checks to run does not currently work (`-c` flag)
-1. Checking multiple files together does not currently work
 1. Only works for up to 5.2 code (will not fix, the `nasl`
-  interpreter can now export an AST)
+   interpreter can now export an AST)
 1. Some of the checks have inconsistent titles in terms of "truthiness"
-1. No filename is output per-file, which makes checking multiple files difficult
 
 Todo
 ----
 
 1. Iron out some of the semantics:
-   - What is `test mode` used for?
    - Currently files are all checked independently: what should be done when
      we're given `.inc` and `.nasl` files in one invocation?
 1. Add a control-flow graph?

data/lib/pedant/checks/equality_with_regex.rb

@@ -0,0 +1,65 @@
+################################################################################
+# Copyright (c) 2015, Tenable Network Security
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+################################################################################
+
+module Pedant
+  class CheckEqualityWithRegex < Check
+    def self.requires
+      super + [:trees]
+    end
+
+    def check(file, tree)
+      def walk(node, root)
+        # Recursively descend into the right-hand and left-hand sides of each expression.
+        if node.is_a? Nasl::Expression
+          [:lhs, :rhs].each { |side| walk(node.send(side), root) }
+
+          return unless node.op.is_a?(Nasl::Token)
+          return unless ["==", "!="].include?(node.op.body)
+          return unless node.rhs.is_a?(Nasl::String)
+          str = node.rhs.text
+          return unless str.length > 2
+          return unless str[0] == "^" and str[-1] == "$"
+
+          fail
+          report(:error, "An equality comparison is being made with what appears to be a regex.")
+          report(:error, "This might be a typo in the operator.")
+          report(:error, node.op.context(node))
+        end
+      end
+
+      cond_stmts = [:For, :Repeat, :While, :If].map { |cls| tree.all(cls) }.flatten
+      cond_stmts.each { |cond_stmt| walk(cond_stmt.cond, cond_stmt) }
+    end
+
+    def run
+      # This check will pass by default.
+      pass
+
+      # Run this check on the tree from every file.
+      @kb[:trees].each { |file, tree| check(file, tree) }
+    end
+  end
+end

data/lib/pedant/checks/plugin_type_not_specified.rb

@@ -39,7 +39,7 @@ module Pedant
       tree = @kb[:trees][@kb[:main]]
 
       tree.all(:Call).each do |node|
-        next unless node.name.ident.name == 'script_set_attribute'
+        next unless ((node.name.ident.name == 'script_set_attribute') or (node.name.ident.name == 'xscript_set_attribute'))
         next unless node.name.indexes == []
         next unless node.arg.has_key? 'attribute'
 

data/lib/pedant/version.rb

@@ -1,3 +1,3 @@
 module Pedant
-  VERSION = '0.0.6'
+  VERSION = '0.0.7'
 end

data/test/unit/checks/test_equality_with_regex.rb

@@ -0,0 +1,53 @@
+################################################################################
+# Copyright (c) 2015, Tenable Network Security
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+################################################################################
+
+class TestEqualityWithRegex < Test::Unit::TestCase
+  include Pedant::Test
+
+  def test_none
+    check(
+      :pass,
+      :CheckEqualityWithRegex,
+      %q||
+    )
+  end
+
+  def test_simple_not_equal
+    check(
+      :fail,
+      :CheckEqualityWithRegex,
+      %q|if (a != "^pattern$") exit(0);|
+    )
+  end
+
+  def test_complex_equal
+    check(
+      :fail,
+      :CheckEqualityWithRegex,
+      %q|if ('woo' >< a && a == '^pattern$') exit(0);|
+    )
+  end
+end

data/test/unit/checks/test_plugin_type_not_specified.rb

@@ -77,4 +77,47 @@ class TestPluginTypeNotSpecified < Test::Unit::TestCase
       %q|script_set_attribute.foo(attribute:"plugin_type", value:"foo");|
     )
   end
+
+  def test_nbin_one
+    check(
+      :pass,
+      :CheckPluginTypeNotSpecified,
+      %q|xscript_set_attribute(attribute:"plugin_type", value:"local");|
+    )
+  end
+
+  def test_nbin_many
+    check(
+      :fail,
+      :CheckPluginTypeNotSpecified,
+      %q|xscript_set_attribute(attribute:"plugin_type", value:"local");| +
+      %q|xscript_set_attribute(attribute:"plugin_type", value:"remote");|
+    )
+  end
+
+  def test_nbin_valid
+    ['combined', 'local', 'reputation', 'remote', 'settings', 'thirdparty'].each do |type|
+      check(
+        :pass,
+        :CheckPluginTypeNotSpecified,
+        %Q|xscript_set_attribute(attribute:"plugin_type", value:"#{type}");|
+      )
+    end
+  end
+
+  def test_nbin_invalid
+    check(
+      :fail,
+      :CheckPluginTypeNotSpecified,
+      %q|xscript_set_attribute(attribute:"plugin_type", value:"foo");|
+    )
+  end
+
+  def test_nbin_indexed
+    check(
+      :fail,
+      :CheckPluginTypeNotSpecified,
+      %q|xscript_set_attribute.foo(attribute:"plugin_type", value:"foo");|
+    )
+  end
 end

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nasl-pedant
 version: !ruby/object:Gem::Version
-  version: 0.0.6
-  prerelease: 
+  version: 0.0.7
 platform: ruby
 authors:
 - Mak Kolybabi
@@ -11,12 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-05 00:00:00.000000000 Z
+date: 2015-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -24,7 +22,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -32,7 +29,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rainbow
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -40,7 +36,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -48,7 +43,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: nasl
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -59,7 +53,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -93,6 +86,7 @@ files:
 - lib/pedant/checks/contains_registration_section.rb
 - lib/pedant/checks/contains_unreachable_code.rb
 - lib/pedant/checks/ends_with_newline.rb
+- lib/pedant/checks/equality_with_regex.rb
 - lib/pedant/checks/files_parse_without_errors.rb
 - lib/pedant/checks/flipped_operands_on_match_or_substring.rb
 - lib/pedant/checks/local_variable_unused.rb
@@ -121,33 +115,33 @@ files:
 - test/unit/checks/test_contains_registration_section.rb
 - test/unit/checks/test_contains_unreachable_code.rb
 - test/unit/checks/test_ends_with_newline.rb
+- test/unit/checks/test_equality_with_regex.rb
 - test/unit/checks/test_flipped_operands_on_match_or_substring.rb
 - test/unit/checks/test_plugin_type_not_specified.rb
 - test/unit/checks/test_script_family_not_specified.rb
 homepage: http://github.com/tenable/pedant
 licenses:
 - BSD
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: nasl-pedant
-rubygems_version: 1.8.23
+rubygems_version: 2.4.6
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A framework for the Nessus Attack Scripting Language.
 test_files:
 - test/test_helper.rb
@@ -160,7 +154,7 @@ test_files:
 - test/unit/checks/test_contains_registration_section.rb
 - test/unit/checks/test_contains_unreachable_code.rb
 - test/unit/checks/test_ends_with_newline.rb
+- test/unit/checks/test_equality_with_regex.rb
 - test/unit/checks/test_flipped_operands_on_match_or_substring.rb
 - test/unit/checks/test_plugin_type_not_specified.rb
 - test/unit/checks/test_script_family_not_specified.rb
-has_rdoc: