nasl-pedant 0.1.5 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c89304bdba6963cc2f97f76b1ebd0c3a2711966c
-  data.tar.gz: 93ac35fac25ec9d64bc099dbc0babbdc05e2a074
+  metadata.gz: 802522146b1d3bb3ba9466e6685d21e4b3d79346
+  data.tar.gz: e8253157a6d19177ed45083d7638e1fbb6c097e6
 SHA512:
-  metadata.gz: 7cbaf855866862610c321bc4c4044459744e7fb334c443ac8e760b85ea363da2d6625963b1b8af33d2f958a4e9c441933d93f64719d37e12a1a69e7f309c409c
-  data.tar.gz: 8a1ebefac1023fbd3790075e684bb4044b2c71ca46e8e06f197bdc0e1287cc5d91f029964a45b6a58c3be8e96239bb929a355f489b2175da8ac6ebbde1644f34
+  metadata.gz: 12eccd3189ebba43044f772ec4c8384449478fd102b98cc4a894675b2b953ca7c7ca87ac77d5f14ee6582778ae033342c608143208310e74bebb6a07847d0d8d
+  data.tar.gz: f619bd12da3a25eba96d6116394c29800bbdb7884cc03bc82d767205f8423a8b24205de722a6f7ba4a9cacbcfb95c38ef682fa0e086429b98375806ee10c1fb2

data/lib/pedant/checks/contains_unreachable_code.rb

@@ -33,6 +33,19 @@ module Pedant
     def check(file, tree)
       def check_statements(file, list)
         list.each do |node|
+          # Is this an exit() call that's used to deprecate the plugin? If so,
+          # we'll ignore it and check the rest of the plugin.
+          # These look like:
+          #   exit(0, "This plugin has been deprecated");
+          # Some plugins (like the Slackware plugins) just do: exit(0);
+          # But, they are old and have been deprecated forever and will
+          # probably never be changed or reenabled.
+          next if node.is_a?(Nasl::Call) and
+            node.name.ident.name == 'exit' and
+            node.args.length == 2 and
+            node.args[1].expr.is_a?(Nasl::String) and
+            node.args[1].expr.text =~ /plugin has been deprecated|patch has been replaced/i
+
           # Check if the Node is capable of jumping out of the Block, without
           # resuming where it left off (i.e., Call). The exception is exit(),
           # which is a builtin Function that terminates execution.

data/lib/pedant/checks/flipped_operands_on_match_or_substring.rb

@@ -32,22 +32,44 @@ module Pedant
 
     def check(file, tree)
       def walk(node, root)
+        def is_get_kb_item_with_literal? node
+          # Is this a call to get_kb_item with just one literal string?
+          return true if node.is_a?(Nasl::Call) and
+            node.name.ident.name == 'get_kb_item' and
+            node.name.indexes == [] and
+            node.args.length == 1 and
+            node.args.first.expr.is_a?(Nasl::String)
+
+          return false
+        end
         # Recursively descend into the right-hand and left-hand sides of each expression.
         if node.is_a? Nasl::Expression
           [:lhs, :rhs].each { |side| walk(node.send(side), root) }
 
           return unless node.op.is_a?(Nasl::Token)
 
+          # We have four operators we examine here:
+          # The regex operators, and the substring operators. One operand is the "needle" and the other is the "haystack".
+          # For substring (><, >!<), the operands go: "needle" >< "the needle in the haystack"
+          # For regex, it's the opposite: "the needle in the haystack" =~ "needle"
+          # It's a common error to flip these by accident.
+
+          # For the regex operators, the left side is what is being tested and
+          # the right side is the pattern to match.
           if ["=~", "!~"].include?(node.op.body)
             side = :lhs
             opposite = :rhs
           end
 
+          # The substring operators have their operands reversed from the regex
+          # operators; the right side is the thing we are testing and the left
+          # side is the pattern.
           if ["><", ">!<"].include?(node.op.body)
             side = :rhs
             opposite = :lhs
           end
 
+          # If the operator isn't one of the four we check
           return if side.nil?
 
           # The check for no indexes is to account for this uncommon-but-in-use
@@ -56,7 +78,7 @@ module Pedant
           #
           #   tolower(xml[index]) >< "abcdefghijklmnopqrstuvwxyz:_"
           #
-          if node.send(side).is_a?(Nasl::String) && node.send(opposite).is_a?(Nasl::Lvalue) && node.send(opposite).indexes == []
+          if node.send(side).is_a?(Nasl::String) && (node.send(opposite).is_a?(Nasl::Lvalue) && node.send(opposite).indexes == []) or is_get_kb_item_with_literal?(node.send(opposite))
             warn
             report(:error, "A '#{node.op.body}' operator has a literal string on the #{if side == :lhs then 'left' else 'right' end}-hand side.")
             report(:error, "The operands may be accidentally swapped.")

data/lib/pedant/version.rb

@@ -1,3 +1,3 @@
 module Pedant
-  VERSION = '0.1.5'
+  VERSION = '0.1.6'
 end

data/pedant.gemspec

@@ -48,6 +48,7 @@ Gem::Specification.new do |s|
   s.require_paths = ['lib']
 
   s.add_development_dependency 'rake', '~> 0'
+  s.add_development_dependency 'pry', '~> 0'
 
   s.add_runtime_dependency 'rainbow', '=2.0.0'
   s.add_runtime_dependency 'nasl', '~> 0.2', '>= 0.2.0'

data/test/unit/checks/test_contains_unreachable_code.rb

@@ -97,6 +97,17 @@ class TestContainsUnreachableCode < Test::Unit::TestCase
     )
   end
 
+  # Plugins that are deprecated will have a bit of code inserted to
+  # prevent the body of the plugin from running. We should not flag
+  # this specific call to exit().
+  def test_deprecated_plugin_exit
+    check(
+      :pass,
+      :CheckContainsUnreachableCode,
+      %q|{ exit(0, "This plugin has been deprecated"); foo(); }|
+    )
+  end
+
   # exit() is a special case in this check, because it's a function instead of a
   # language keyword.
   def test_indexed_exit
@@ -106,7 +117,7 @@ class TestContainsUnreachableCode < Test::Unit::TestCase
       %q|{ exit.foo(); foo(); }|
     )
   end
-  
+
   def audit_indexed_exit
     check(
       :pass,

data/test/unit/checks/test_flipped_operands_on_match_or_substring.rb

@@ -59,6 +59,24 @@ class TestFlippedOperandsOnMatchOrSubstring < Test::Unit::TestCase
     )
   end
 
+  # get_kb_item() returns a string and nobody stores regexes or substrings
+  # in the KB, so treat this as a special case.
+  def test_get_kb_item
+    check(
+      :warn,
+      :CheckFlippedOperandsOnMatchOrSubstring,
+      %q|if (get_kb_item("whatever") >< "Windows");|
+    )
+  end
+
+  def test_some_other_function
+    check(
+      :pass,
+      :CheckFlippedOperandsOnMatchOrSubstring,
+      %q|if (get_substring_for_key("whatever") >< "Windows");|
+    )
+  end
+
   def test_simple_match
     check(
       :warn,

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nasl-pedant
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - Mak Kolybabi
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-11-09 00:00:00.000000000 Z
+date: 2017-09-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -26,6 +26,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rainbow
   requirement: !ruby/object:Gem::Requirement