From patchwork Thu Aug 27 15:13:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mohammed Billoo X-Patchwork-Id: 11740899 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EE9B81575 for ; Thu, 27 Aug 2020 15:14:46 +0000 (UTC) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 56E472177B for ; Thu, 27 Aug 2020 15:14:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=lists.elisa.tech header.i=@lists.elisa.tech header.b="vxhYggAO" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 56E472177B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=mab-labs.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=bounce+72012+16+4688437+8417402@lists.elisa.tech X-Received: by 127.0.0.2 with SMTP id nHugYY4689772xtbHVAfO4V1; Thu, 27 Aug 2020 08:14:45 -0700 X-Received: from mail-qv1-f66.google.com (mail-qv1-f66.google.com [209.85.219.66]) by mx.groups.io with SMTP id smtpd.web12.21201.1598541284258699070 for ; Thu, 27 Aug 2020 08:14:45 -0700 X-Received: by mail-qv1-f66.google.com with SMTP id x6so2752410qvr.8 for ; Thu, 27 Aug 2020 08:14:44 -0700 (PDT) X-Gm-Message-State: dsaRTpY6mBLF9qfnBdwntdsix4688437AA= X-Google-Smtp-Source: ABdhPJzREGUM2/WzTNJZCwlSjdjUz1V8NHvT+VgZ/g9OuhjVp9Wv9IcsG8MVznxzNGFo6rbf4ThJMQ== X-Received: by 2002:a0c:cd02:: with SMTP id b2mr18945586qvm.150.1598541283099; Thu, 27 Aug 2020 08:14:43 -0700 (PDT) X-Received: from localhost.localdomain (ool-45752a48.dyn.optonline.net. [69.117.42.72]) by smtp.googlemail.com with ESMTPSA id w27sm1931122qtv.68.2020.08.27.08.14.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Aug 2020 08:14:42 -0700 (PDT) From: "Mohammed Billoo" To: linux-safety@lists.elisa.tech Cc: skhan@linuxfoundation.org, Mohammed Billoo Subject: [linux-safety] [PATCH] scripts: Report 'suspicious' comments Date: Thu, 27 Aug 2020 11:13:33 -0400 Message-Id: <20200827151333.11591-1-mab@mab-labs.com> Precedence: Bulk List-Unsubscribe: Sender: linux-safety@lists.elisa.tech List-Id: Mailing-List: list linux-safety@lists.elisa.tech; contact linux-safety+owner@lists.elisa.tech Delivered-To: mailing list linux-safety@lists.elisa.tech List-Post: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.elisa.tech; q=dns/txt; s=20140610; t=1598541285; bh=aPegvyNdi0TgqL3VRTQYi4tujVGmjSPVg8oCLTpdkC8=; h=Cc:Date:From:Subject:To; b=vxhYggAOam/8McUdWqCfpbqoIZL4nZq2lEXKc8dDv9yY6vf/F/GbIBvxzXOg4b/tZXW j/zRukIEBuP59NxbkyJx6sKU+huaZy5YzE6GK50o8q1ax1TitHaOTWyx12UejsJA89sI3 UcWD/twrNiSrtaUk3QJsY01kITQnmfR1dps= This perl script attempts to mitigate CWE-546 (https://cwe.mitre.org/data/definitions/546.html), which identifies code with comments that suggest that code is incomplete. This script was tested against the kernel, and the following is a snippet of the output that was generated. The output was verified by confirming that the specified file does indeed have that string at the specified line. ./arch/arm/include/asm/pgtable.h contains FIXME on line 316 ./arch/arm/include/debug/imx.S contains FIXME on line 14 ./arch/arm/kernel/entry-header.S contains BUG on line 71 ./arch/arm/kernel/fiq.c contains FIXME on line 72 Signed-off-by: Mohammed Billoo --- Makefile | 8 +++++++- scripts/checkcomment.pl | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 scripts/checkcomment.pl diff --git a/Makefile b/Makefile index f21168154160..c84b8bc5c18e 100644 --- a/Makefile +++ b/Makefile @@ -264,7 +264,7 @@ no-dot-config-targets := $(clean-targets) \ cscope gtags TAGS tags help% %docs check% coccicheck \ $(version_h) headers headers_% archheaders archscripts \ %asm-generic kernelversion %src-pkg dt_binding_check \ - outputmakefile + outputmakefile commentcheck no-sync-config-targets := $(no-dot-config-targets) %install kernelrelease single-targets := %.a %.i %.ko %.lds %.ll %.lst %.mod %.o %.s %.symtypes %/ @@ -1575,6 +1575,7 @@ help: @echo ' export_report - List the usages of all exported symbols' @echo ' headerdep - Detect inclusion cycles in headers' @echo ' coccicheck - Check with Coccinelle' + @echo ' commentcheck - Check and report suspicious comments' @echo '' @echo 'Tools:' @echo ' nsdeps - Generate missing symbol namespace dependencies' @@ -1842,6 +1843,11 @@ versioncheck: -name '*.[hcS]' -type f -print | sort \ | xargs $(PERL) -w $(srctree)/scripts/checkversion.pl +commentcheck: + find $(srctree)/* $(RCS_FIND_IGNORE) \ + -name '*.[hcS]' -type f -print | sort \ + | xargs $(PERL) -w $(srctree)/scripts/checkcomment.pl + coccicheck: $(Q)$(BASH) $(srctree)/scripts/$@ diff --git a/scripts/checkcomment.pl b/scripts/checkcomment.pl new file mode 100644 index 000000000000..22fd77bc75d1 --- /dev/null +++ b/scripts/checkcomment.pl @@ -0,0 +1,35 @@ +#!/usr/bin/env perl +# SPDX-License-Identifier: GPL-2.0 +# +# (c) 2020, Mohammed Billoo (mab@mab-labs.com) +# +# This script checks for any keywords outlined in CWE-546 +# (https://cwe.mitre.org/data/definitions/546.html) +# and simply reports them to the user. It's up to the user +# to take any further actions. + +use strict; + +my @keywords = ('TODO', 'BUG', 'FIXME', 'HACK'); +my @mismatch_keywords = ('BUG\(\)'); + +foreach my $file (@ARGV) { + my $i = 1; + open(my $f, '<', $file) + or die "Cannot open $file: $!\n"; + + while (my $line = <$f>) { + foreach my $keyword (@keywords) { + if ($line =~ /\b$keyword\b/) { + foreach my $mismatch_keyword (@mismatch_keywords) { + if ($line =~ /$mismatch_keyword/) {} + else { + print "$file contains $keyword on line $i\n"; + } + } + } + } + + $i++; + } +}