diff --git a/Gemfile.lock b/Gemfile.lock index c945b63d..e64378c9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -7,6 +7,7 @@ GEM PLATFORMS arm64-darwin-22 + arm64-darwin-23 x86_64-linux DEPENDENCIES diff --git a/assets/cleaner.rb b/assets/cleaner.rb index dd308f13..c33e3894 100755 --- a/assets/cleaner.rb +++ b/assets/cleaner.rb @@ -1,20 +1,58 @@ #!/usr/bin/env ruby require 'optparse' -options = {} +class Matcher + def initialize(*blocklist_files) + @blocklist = [] + blocklist_files.each do |blf| + next unless File.exist?(blf) + + blocklist = File.read(blf).split("\n").map(&:strip).reject(&:empty?) + # remove empty lines and comments + blocklist.reject! { |r| r.empty? || r.start_with?('#') } + + # remove all matching lines and report + blocklist.reject! do |r| + ret = r =~ /^[*@]+$/ + STDERR.puts "Warning: #{blf} contains a line with only asterisks/at, which will match everything" if ret + ret + end + + @blocklist += blocklist + end + end + + def match?(line) + @blocklist.each do |r| + return true if File.fnmatch?("*#{r}*", line) + end + false + end +end + +options = { + matcher: Matcher.new() +} OptionParser.new do |opts| opts.banner = "Usage: reviewdog-adapter.rb [options]" opts.on("--svgo", "Add SVGO String") do |v| options[:svgo] = true + options[:matcher] = Matcher.new("#{ENV["SCRIPTPATH"]}/dtd/blocklist.txt") end - opts.on("--assignees", "Add SVGO String") do |v| + opts.on("--assignees", "Add Assignees String") do |v| options[:assignees] = true end - opts.on("--sveltegrep", "Remove Extracted Script Extension") do |v| + opts.on("--sveltegrep", "Remove Extracted Script Extension, and use semgrep blocklist") do |v| options[:sveltegrep] = true + options[:matcher] = Matcher.new("#{ENV["SCRIPTPATH"]}/semgrep_rules/blocklist.txt") + end + + opts.on("--semgrep", "Use semgrep blocklist") do |v| + options[:semgrep] = true + options[:matcher] = Matcher.new("#{ENV["SCRIPTPATH"]}/semgrep_rules/blocklist.txt") end end.parse! @@ -39,5 +77,5 @@ l.gsub!(/$/, "
Cc #{ENV['ASSIGNEES']}") end - puts l + puts l unless options[:matcher].match?(l) end \ No newline at end of file diff --git a/assets/dtd/blocklist.txt b/assets/dtd/blocklist.txt index b5d6b6f3..91e2b472 100644 --- a/assets/dtd/blocklist.txt +++ b/assets/dtd/blocklist.txt @@ -1,5 +1,5 @@ -element [^:]+: validity error : ID [^ ]+ already defined -element [^:]+: validity error : No declaration for attribute data-[^ ]+ of element [^:]+ +element *: validity error : ID * already defined +element *: validity error : No declaration for attribute data-* of element * element style: validity error : Element style does not carry attribute type -element svg: validity error : Value for attribute version of svg must be [^ ]+ -third_party\/rust\/[^.]+\.svg +element svg: validity error : Value for attribute version of svg must be * +third_party/rust/**/*.svg diff --git a/assets/reviewdog/reviewdog.yml b/assets/reviewdog/reviewdog.yml index c4874b55..7b97b073 100644 --- a/assets/reviewdog/reviewdog.yml +++ b/assets/reviewdog/reviewdog.yml @@ -14,8 +14,7 @@ runner: $([ -n "${GITHUB_BASE_REF+set}" ] && echo "--baseline-commit origin/${GITHUB_BASE_REF:-main}") \ --json \ | jq -r '.results[] | "\(.extra.severity[0:1]):\(.path):\(.end.line) \(.extra.message | sub("\n";"
";"g"))

Source: \(.extra.metadata.source)

,\(if .extra.metadata.assignees then .extra.metadata.assignees else "null" end | sub("\n";" ";"g"))"' \ - | grep -f $SCRIPTPATH/semgrep_rules/blocklist.txt -v \ - | $SCRIPTPATH/cleaner.rb --assignees) 2> reviewdog.semgrep.stderr.log + | $SCRIPTPATH/cleaner.rb --semgrep --assignees) 2> reviewdog.semgrep.stderr.log errorformat: - "%t:%f:%l %m" sveltegrep: @@ -46,7 +45,6 @@ runner: '--include=*.extractedscript.html' \ ./ \ | jq -r '.results[] | "\(.extra.severity[0:1]):\(.path):\(.end.line) \(.extra.message | sub("\n";"
";"g"))

Source: \(.extra.metadata.source)

,\(if .extra.metadata.assignees then .extra.metadata.assignees else "null" end | sub("\n";" ";"g"))"' \ - | grep -f $SCRIPTPATH/semgrep_rules/blocklist.txt -v \ | $SCRIPTPATH/cleaner.rb --assignees --sveltegrep && \ find . -type f -name '*.extractedscript.*' -delete) 2> reviewdog.sveltegrep.stderr.log errorformat: @@ -56,7 +54,6 @@ runner: cmd: | set -e (xargs -0 -n1 -a $SCRIPTPATH/all_changed_files.txt $SCRIPTPATH/xmllint.sh \ - | egrep -f $SCRIPTPATH/dtd/blocklist.txt -v \ | $SCRIPTPATH/cleaner.rb --svgo) 2> reviewdog.safesvg.stderr.log errorformat: - "%f:%l: %m"