diff --git a/Gemfile.lock b/Gemfile.lock
index c945b63d..e64378c9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -7,6 +7,7 @@ GEM
PLATFORMS
arm64-darwin-22
+ arm64-darwin-23
x86_64-linux
DEPENDENCIES
diff --git a/assets/cleaner.rb b/assets/cleaner.rb
index dd308f13..c33e3894 100755
--- a/assets/cleaner.rb
+++ b/assets/cleaner.rb
@@ -1,20 +1,58 @@
#!/usr/bin/env ruby
require 'optparse'
-options = {}
+class Matcher
+ def initialize(*blocklist_files)
+ @blocklist = []
+ blocklist_files.each do |blf|
+ next unless File.exist?(blf)
+
+ blocklist = File.read(blf).split("\n").map(&:strip).reject(&:empty?)
+ # remove empty lines and comments
+ blocklist.reject! { |r| r.empty? || r.start_with?('#') }
+
+ # remove all matching lines and report
+ blocklist.reject! do |r|
+ ret = r =~ /^[*@]+$/
+ STDERR.puts "Warning: #{blf} contains a line with only asterisks/at, which will match everything" if ret
+ ret
+ end
+
+ @blocklist += blocklist
+ end
+ end
+
+ def match?(line)
+ @blocklist.each do |r|
+ return true if File.fnmatch?("*#{r}*", line)
+ end
+ false
+ end
+end
+
+options = {
+ matcher: Matcher.new()
+}
OptionParser.new do |opts|
opts.banner = "Usage: reviewdog-adapter.rb [options]"
opts.on("--svgo", "Add SVGO String") do |v|
options[:svgo] = true
+ options[:matcher] = Matcher.new("#{ENV["SCRIPTPATH"]}/dtd/blocklist.txt")
end
- opts.on("--assignees", "Add SVGO String") do |v|
+ opts.on("--assignees", "Add Assignees String") do |v|
options[:assignees] = true
end
- opts.on("--sveltegrep", "Remove Extracted Script Extension") do |v|
+ opts.on("--sveltegrep", "Remove Extracted Script Extension, and use semgrep blocklist") do |v|
options[:sveltegrep] = true
+ options[:matcher] = Matcher.new("#{ENV["SCRIPTPATH"]}/semgrep_rules/blocklist.txt")
+ end
+
+ opts.on("--semgrep", "Use semgrep blocklist") do |v|
+ options[:semgrep] = true
+ options[:matcher] = Matcher.new("#{ENV["SCRIPTPATH"]}/semgrep_rules/blocklist.txt")
end
end.parse!
@@ -39,5 +77,5 @@
l.gsub!(/$/, "
Cc #{ENV['ASSIGNEES']}")
end
- puts l
+ puts l unless options[:matcher].match?(l)
end
\ No newline at end of file
diff --git a/assets/dtd/blocklist.txt b/assets/dtd/blocklist.txt
index b5d6b6f3..91e2b472 100644
--- a/assets/dtd/blocklist.txt
+++ b/assets/dtd/blocklist.txt
@@ -1,5 +1,5 @@
-element [^:]+: validity error : ID [^ ]+ already defined
-element [^:]+: validity error : No declaration for attribute data-[^ ]+ of element [^:]+
+element *: validity error : ID * already defined
+element *: validity error : No declaration for attribute data-* of element *
element style: validity error : Element style does not carry attribute type
-element svg: validity error : Value for attribute version of svg must be [^ ]+
-third_party\/rust\/[^.]+\.svg
+element svg: validity error : Value for attribute version of svg must be *
+third_party/rust/**/*.svg
diff --git a/assets/reviewdog/reviewdog.yml b/assets/reviewdog/reviewdog.yml
index c4874b55..7b97b073 100644
--- a/assets/reviewdog/reviewdog.yml
+++ b/assets/reviewdog/reviewdog.yml
@@ -14,8 +14,7 @@ runner:
$([ -n "${GITHUB_BASE_REF+set}" ] && echo "--baseline-commit origin/${GITHUB_BASE_REF:-main}") \
--json \
| jq -r '.results[] | "\(.extra.severity[0:1]):\(.path):\(.end.line) \(.extra.message | sub("\n";"
";"g"))
Source: \(.extra.metadata.source)
,\(if .extra.metadata.assignees then .extra.metadata.assignees else "null" end | sub("\n";" ";"g"))"' \
- | grep -f $SCRIPTPATH/semgrep_rules/blocklist.txt -v \
- | $SCRIPTPATH/cleaner.rb --assignees) 2> reviewdog.semgrep.stderr.log
+ | $SCRIPTPATH/cleaner.rb --semgrep --assignees) 2> reviewdog.semgrep.stderr.log
errorformat:
- "%t:%f:%l %m"
sveltegrep:
@@ -46,7 +45,6 @@ runner:
'--include=*.extractedscript.html' \
./ \
| jq -r '.results[] | "\(.extra.severity[0:1]):\(.path):\(.end.line) \(.extra.message | sub("\n";"
";"g"))
Source: \(.extra.metadata.source)
,\(if .extra.metadata.assignees then .extra.metadata.assignees else "null" end | sub("\n";" ";"g"))"' \
- | grep -f $SCRIPTPATH/semgrep_rules/blocklist.txt -v \
| $SCRIPTPATH/cleaner.rb --assignees --sveltegrep && \
find . -type f -name '*.extractedscript.*' -delete) 2> reviewdog.sveltegrep.stderr.log
errorformat:
@@ -56,7 +54,6 @@ runner:
cmd: |
set -e
(xargs -0 -n1 -a $SCRIPTPATH/all_changed_files.txt $SCRIPTPATH/xmllint.sh \
- | egrep -f $SCRIPTPATH/dtd/blocklist.txt -v \
| $SCRIPTPATH/cleaner.rb --svgo) 2> reviewdog.safesvg.stderr.log
errorformat:
- "%f:%l: %m"