mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-01-08 16:45:30 +00:00
56a854fe14
* update github.com/docker/cli * update github.com/docker/distribution * update github.com/docker/docker * update github.com/gin-gonic/gin * update github.com/golang-jwt/jwt/v4 * update github.com/golangci/golangci-lint * update github.com/gorilla/securecookie * update github.com/mattn/go-sqlite3 * update github.com/moby/moby * update github.com/prometheus/client_golang * update github.com/xanzy/go-gitlab
301 lines
8.1 KiB
Go
301 lines
8.1 KiB
Go
package depguard
|
|
|
|
import (
|
|
"go/build"
|
|
"go/token"
|
|
"io/ioutil"
|
|
"path"
|
|
"sort"
|
|
"strings"
|
|
|
|
"github.com/gobwas/glob"
|
|
"golang.org/x/tools/go/loader"
|
|
)
|
|
|
|
// ListType states what kind of list is passed in.
|
|
type ListType int
|
|
|
|
const (
|
|
// LTBlacklist states the list given is a blacklist. (default)
|
|
LTBlacklist ListType = iota
|
|
// LTWhitelist states the list given is a whitelist.
|
|
LTWhitelist
|
|
)
|
|
|
|
// StringToListType makes it easier to turn a string into a ListType.
|
|
// It assumes that the string representation is lower case.
|
|
var StringToListType = map[string]ListType{
|
|
"allowlist": LTWhitelist,
|
|
"denylist": LTBlacklist,
|
|
"whitelist": LTWhitelist,
|
|
"blacklist": LTBlacklist,
|
|
}
|
|
|
|
// Issue with the package with PackageName at the Position.
|
|
type Issue struct {
|
|
PackageName string
|
|
Position token.Position
|
|
}
|
|
|
|
// Wrapper for glob patterns that allows for custom negation
|
|
type negatableGlob struct {
|
|
g glob.Glob
|
|
negate bool
|
|
}
|
|
|
|
// Depguard checks imports to make sure they follow the given list and constraints.
|
|
type Depguard struct {
|
|
ListType ListType
|
|
IncludeGoRoot bool
|
|
|
|
Packages []string
|
|
prefixPackages []string
|
|
globPackages []glob.Glob
|
|
|
|
TestPackages []string
|
|
prefixTestPackages []string
|
|
globTestPackages []glob.Glob
|
|
|
|
IgnoreFileRules []string
|
|
prefixIgnoreFileRules []string
|
|
globIgnoreFileRules []negatableGlob
|
|
|
|
prefixRoot []string
|
|
}
|
|
|
|
// Run checks for dependencies given the program and validates them against
|
|
// Packages.
|
|
func (dg *Depguard) Run(config *loader.Config, prog *loader.Program) ([]*Issue, error) {
|
|
// Shortcut execution on an empty blacklist as that means every package is allowed
|
|
if dg.ListType == LTBlacklist && len(dg.Packages) == 0 {
|
|
return nil, nil
|
|
}
|
|
|
|
if err := dg.initialize(config, prog); err != nil {
|
|
return nil, err
|
|
}
|
|
directImports, err := dg.createImportMap(prog)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var issues []*Issue
|
|
for pkg, positions := range directImports {
|
|
for _, pos := range positions {
|
|
if ignoreFile(pos.Filename, dg.prefixIgnoreFileRules, dg.globIgnoreFileRules) {
|
|
continue
|
|
}
|
|
|
|
prefixList, globList := dg.prefixPackages, dg.globPackages
|
|
if len(dg.TestPackages) > 0 && strings.Index(pos.Filename, "_test.go") != -1 {
|
|
prefixList, globList = dg.prefixTestPackages, dg.globTestPackages
|
|
}
|
|
|
|
if dg.flagIt(pkg, prefixList, globList) {
|
|
issues = append(issues, &Issue{
|
|
PackageName: pkg,
|
|
Position: pos,
|
|
})
|
|
}
|
|
}
|
|
}
|
|
return issues, nil
|
|
}
|
|
|
|
func (dg *Depguard) initialize(config *loader.Config, prog *loader.Program) error {
|
|
// parse ordinary guarded packages
|
|
for _, pkg := range dg.Packages {
|
|
if strings.ContainsAny(pkg, "!?*[]{}") {
|
|
g, err := glob.Compile(pkg, '/')
|
|
if err != nil {
|
|
return err
|
|
}
|
|
dg.globPackages = append(dg.globPackages, g)
|
|
} else {
|
|
dg.prefixPackages = append(dg.prefixPackages, pkg)
|
|
}
|
|
}
|
|
|
|
// Sort the packages so we can have a faster search in the array
|
|
sort.Strings(dg.prefixPackages)
|
|
|
|
// parse guarded tests packages
|
|
for _, pkg := range dg.TestPackages {
|
|
if strings.ContainsAny(pkg, "!?*[]{}") {
|
|
g, err := glob.Compile(pkg, '/')
|
|
if err != nil {
|
|
return err
|
|
}
|
|
dg.globTestPackages = append(dg.globTestPackages, g)
|
|
} else {
|
|
dg.prefixTestPackages = append(dg.prefixTestPackages, pkg)
|
|
}
|
|
}
|
|
|
|
// Sort the test packages so we can have a faster search in the array
|
|
sort.Strings(dg.prefixTestPackages)
|
|
|
|
// parse ignore file rules
|
|
for _, rule := range dg.IgnoreFileRules {
|
|
if strings.ContainsAny(rule, "!?*[]{}") {
|
|
ng := negatableGlob{}
|
|
if strings.HasPrefix(rule, "!") {
|
|
ng.negate = true
|
|
rule = rule[1:] // Strip out the leading '!'
|
|
} else {
|
|
ng.negate = false
|
|
}
|
|
|
|
g, err := glob.Compile(rule, '/')
|
|
if err != nil {
|
|
return err
|
|
}
|
|
ng.g = g
|
|
|
|
dg.globIgnoreFileRules = append(dg.globIgnoreFileRules, ng)
|
|
} else {
|
|
dg.prefixIgnoreFileRules = append(dg.prefixIgnoreFileRules, rule)
|
|
}
|
|
}
|
|
|
|
// Sort the rules so we can have a faster search in the array
|
|
sort.Strings(dg.prefixIgnoreFileRules)
|
|
|
|
if !dg.IncludeGoRoot {
|
|
var err error
|
|
dg.prefixRoot, err = listRootPrefixs(config.Build)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (dg *Depguard) createImportMap(prog *loader.Program) (map[string][]token.Position, error) {
|
|
importMap := make(map[string][]token.Position)
|
|
// For the directly imported packages
|
|
for _, imported := range prog.InitialPackages() {
|
|
// Go through their files
|
|
for _, file := range imported.Files {
|
|
// And populate a map of all direct imports and their positions
|
|
// This will filter out GoRoot depending on the Depguard.IncludeGoRoot
|
|
for _, fileImport := range file.Imports {
|
|
fileImportPath := cleanBasicLitString(fileImport.Path.Value)
|
|
if !dg.IncludeGoRoot && dg.isRoot(fileImportPath) {
|
|
continue
|
|
}
|
|
position := prog.Fset.Position(fileImport.Pos())
|
|
positions, found := importMap[fileImportPath]
|
|
if !found {
|
|
importMap[fileImportPath] = []token.Position{
|
|
position,
|
|
}
|
|
continue
|
|
}
|
|
importMap[fileImportPath] = append(positions, position)
|
|
}
|
|
}
|
|
}
|
|
return importMap, nil
|
|
}
|
|
|
|
func ignoreFile(filename string, prefixList []string, negatableGlobList []negatableGlob) bool {
|
|
if strInPrefixList(filename, prefixList) {
|
|
return true
|
|
}
|
|
return strInNegatableGlobList(filename, negatableGlobList)
|
|
}
|
|
|
|
func pkgInList(pkg string, prefixList []string, globList []glob.Glob) bool {
|
|
if strInPrefixList(pkg, prefixList) {
|
|
return true
|
|
}
|
|
return strInGlobList(pkg, globList)
|
|
}
|
|
|
|
func strInPrefixList(str string, prefixList []string) bool {
|
|
// Idx represents where in the prefix slice the passed in string would go
|
|
// when sorted. -1 Just means that it would be at the very front of the slice.
|
|
idx := sort.Search(len(prefixList), func(i int) bool {
|
|
return prefixList[i] > str
|
|
}) - 1
|
|
// This means that the string passed in has no way to be prefixed by anything
|
|
// in the prefix list as it is already smaller then everything
|
|
if idx == -1 {
|
|
return false
|
|
}
|
|
return strings.HasPrefix(str, prefixList[idx])
|
|
}
|
|
|
|
func strInGlobList(str string, globList []glob.Glob) bool {
|
|
for _, g := range globList {
|
|
if g.Match(str) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func strInNegatableGlobList(str string, negatableGlobList []negatableGlob) bool {
|
|
for _, ng := range negatableGlobList {
|
|
// Return true when:
|
|
// - Match is true and negate is off
|
|
// - Match is false and negate is on
|
|
if ng.g.Match(str) != ng.negate {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// InList | WhiteList | BlackList
|
|
// y | | x
|
|
// n | x |
|
|
func (dg *Depguard) flagIt(pkg string, prefixList []string, globList []glob.Glob) bool {
|
|
return pkgInList(pkg, prefixList, globList) == (dg.ListType == LTBlacklist)
|
|
}
|
|
|
|
func cleanBasicLitString(value string) string {
|
|
return strings.Trim(value, "\"\\")
|
|
}
|
|
|
|
// We can do this as all imports that are not root are either prefixed with a domain
|
|
// or prefixed with `./` or `/` to dictate it is a local file reference
|
|
func listRootPrefixs(buildCtx *build.Context) ([]string, error) {
|
|
if buildCtx == nil {
|
|
buildCtx = &build.Default
|
|
}
|
|
root := path.Join(buildCtx.GOROOT, "src")
|
|
fs, err := ioutil.ReadDir(root)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var pkgPrefix []string
|
|
for _, f := range fs {
|
|
if !f.IsDir() {
|
|
continue
|
|
}
|
|
pkgPrefix = append(pkgPrefix, f.Name())
|
|
}
|
|
return pkgPrefix, nil
|
|
}
|
|
|
|
func (dg *Depguard) isRoot(importPath string) bool {
|
|
// Idx represents where in the package slice the passed in package would go
|
|
// when sorted. -1 Just means that it would be at the very front of the slice.
|
|
idx := sort.Search(len(dg.prefixRoot), func(i int) bool {
|
|
return dg.prefixRoot[i] > importPath
|
|
}) - 1
|
|
// This means that the package passed in has no way to be prefixed by anything
|
|
// in the package list as it is already smaller then everything
|
|
if idx == -1 {
|
|
return false
|
|
}
|
|
// if it is prefixed by a root prefix we need to check if it is an exact match
|
|
// or prefix with `/` as this could return false posative if the domain was
|
|
// `archive.com` for example as `archive` is a go root package.
|
|
if strings.HasPrefix(importPath, dg.prefixRoot[idx]) {
|
|
return strings.HasPrefix(importPath, dg.prefixRoot[idx]+"/") || importPath == dg.prefixRoot[idx]
|
|
}
|
|
return false
|
|
}
|