Add an ArcanistChmodLinter.

Summary: Fixes T3922. Add a linter which complains if files are executable when they shoudn't be. Test Plan: Tested by modifying the `.arclint` file of the rARC repository and running `arc lint --everything`. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: epriestley, Korvin Maniphest Tasks: T3922 Differential Revision: https://secure.phabricator.com/D9187
2024-11-22 06:42:41 +01:00 · 2014-05-18 16:57:08 -07:00 · 2014-05-18 16:57:08 -07:00 · 904fbe737c
commit 904fbe737c
parent 606380f4bd
2 changed files with 82 additions and 0 deletions
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@ -32,6 +32,7 @@ phutil_register_library_map(array(
    'ArcanistCSharpLinter' => 'lint/linter/ArcanistCSharpLinter.php',
    'ArcanistCallConduitWorkflow' => 'workflow/ArcanistCallConduitWorkflow.php',
    'ArcanistCapabilityNotSupportedException' => 'workflow/exception/ArcanistCapabilityNotSupportedException.php',
+    'ArcanistChmodLinter' => 'lint/linter/ArcanistChmodLinter.php',
    'ArcanistChooseInvalidRevisionException' => 'exception/ArcanistChooseInvalidRevisionException.php',
    'ArcanistChooseNoRevisionsException' => 'exception/ArcanistChooseNoRevisionsException.php',
    'ArcanistCloseRevisionWorkflow' => 'workflow/ArcanistCloseRevisionWorkflow.php',
@ -222,6 +223,7 @@ phutil_register_library_map(array(
    'ArcanistCSharpLinter' => 'ArcanistLinter',
    'ArcanistCallConduitWorkflow' => 'ArcanistBaseWorkflow',
    'ArcanistCapabilityNotSupportedException' => 'Exception',
+    'ArcanistChmodLinter' => 'ArcanistLinter',
    'ArcanistChooseInvalidRevisionException' => 'Exception',
    'ArcanistChooseNoRevisionsException' => 'Exception',
    'ArcanistCloseRevisionWorkflow' => 'ArcanistBaseWorkflow',
--- a/src/lint/linter/ArcanistChmodLinter.php
+++ b/src/lint/linter/ArcanistChmodLinter.php
@ -0,0 +1,80 @@
+<?php
+
+/**
+ * Ensures that files are not executable unless they are either binary or
+ * contain a shebang.
+ */
+final class ArcanistChmodLinter extends ArcanistLinter {
+
+  const LINT_INVALID_EXECUTABLE = 1;
+
+  public function getInfoName() {
+    return 'Chmod';
+  }
+
+  public function getInfoDescription() {
+    return pht(
+      'Checks the permissions on files and ensures that they are not made to '.
+      'be executable unnecessarily. In particular, a file should not be '.
+      'executable unless it is either binary or contain a shebang.');
+  }
+
+  public function getLinterName() {
+    return 'CHMOD';
+  }
+
+  public function getLinterConfigurationName() {
+    return 'chmod';
+  }
+
+  public function shouldLintBinaryFiles() {
+    return true;
+  }
+
+  public function getLintNameMap() {
+    return array(
+      self::LINT_INVALID_EXECUTABLE => pht('Invalid Executable'),
+    );
+  }
+
+  public function getLintSeverityMap() {
+    return array(
+      self::LINT_INVALID_EXECUTABLE => ArcanistLintSeverity::SEVERITY_WARNING,
+    );
+  }
+
+  public function lintPath($path) {
+    if (is_executable($path)) {
+      if ($this->getEngine()->isBinaryFile($path)) {
+        // Path is a binary file, which makes it a valid executable.
+        return;
+      } else if ($this->getShebang($path)) {
+        // Path contains a shebang, which makes it a valid executable.
+        return;
+      } else {
+        $this->raiseLintAtPath(
+          self::LINT_INVALID_EXECUTABLE,
+          pht(
+            'Executable files should either be binary or contain a shebang.'));
+      }
+    }
+  }
+
+  /**
+   * Returns the path's shebang.
+   *
+   * @param  string
+   * @return string|null
+   */
+  private function getShebang($path) {
+    $line = head(phutil_split_lines($this->getEngine()->loadData($path), true));
+
+    $matches = array();
+    if (preg_match('/^#!(.*)$/', $line, $matches)) {
+      return $matches[1];
+    } else {
+      return null;
+    }
+  }
+
+}