[PATCH] scripts: Report 'suspicious' comments

Linux-Safety Archive mirror
 help / color / mirror / Atom feed

From: "Mohammed Billoo" <mab@mab-labs.com>
To: linux-safety@lists.elisa.tech
Cc: skhan@linuxfoundation.org, Mohammed Billoo <mab@mab-labs.com>
Subject: [PATCH] scripts: Report 'suspicious' comments
Date: Thu, 27 Aug 2020 11:13:33 -0400	[thread overview]
Message-ID: <20200827151333.11591-1-mab@mab-labs.com> (raw)

This perl script attempts to mitigate CWE-546
(https://cwe.mitre.org/data/definitions/546.html), which identifies code
with comments that suggest that code is incomplete. This script was
tested against the kernel, and the following is a snippet of the
output that was generated. The output was verified by confirming that
the specified file does indeed have that string at the specified line.

./arch/arm/include/asm/pgtable.h contains FIXME on line 316
./arch/arm/include/debug/imx.S contains FIXME on line 14
./arch/arm/kernel/entry-header.S contains BUG on line 71
./arch/arm/kernel/fiq.c contains FIXME on line 72

Signed-off-by: Mohammed Billoo <mab@mab-labs.com>
---
 Makefile                |  8 +++++++-
 scripts/checkcomment.pl | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 scripts/checkcomment.pl

diff --git a/Makefile b/Makefile
index f21168154160..c84b8bc5c18e 100644
--- a/Makefile
+++ b/Makefile
@@ -264,7 +264,7 @@ no-dot-config-targets := $(clean-targets) \
 			 cscope gtags TAGS tags help% %docs check% coccicheck \
 			 $(version_h) headers headers_% archheaders archscripts \
 			 %asm-generic kernelversion %src-pkg dt_binding_check \
-			 outputmakefile
+			 outputmakefile commentcheck
 no-sync-config-targets := $(no-dot-config-targets) %install kernelrelease
 single-targets := %.a %.i %.ko %.lds %.ll %.lst %.mod %.o %.s %.symtypes %/
 
@@ -1575,6 +1575,7 @@ help:
 	@echo  '  export_report   - List the usages of all exported symbols'
 	@echo  '  headerdep       - Detect inclusion cycles in headers'
 	@echo  '  coccicheck      - Check with Coccinelle'
+	@echo  '  commentcheck    - Check and report suspicious comments'
 	@echo  ''
 	@echo  'Tools:'
 	@echo  '  nsdeps          - Generate missing symbol namespace dependencies'
@@ -1842,6 +1843,11 @@ versioncheck:
 		-name '*.[hcS]' -type f -print | sort \
 		| xargs $(PERL) -w $(srctree)/scripts/checkversion.pl
 
+commentcheck:
+	find $(srctree)/* $(RCS_FIND_IGNORE) \
+		-name '*.[hcS]' -type f -print | sort \
+		| xargs $(PERL) -w $(srctree)/scripts/checkcomment.pl
+
 coccicheck:
 	$(Q)$(BASH) $(srctree)/scripts/$@
 
diff --git a/scripts/checkcomment.pl b/scripts/checkcomment.pl
new file mode 100644
index 000000000000..22fd77bc75d1
--- /dev/null
+++ b/scripts/checkcomment.pl
@@ -0,0 +1,35 @@
+#!/usr/bin/env perl
+# SPDX-License-Identifier: GPL-2.0
+#
+# (c) 2020, Mohammed Billoo (mab@mab-labs.com)
+#
+# This script checks for any keywords outlined in CWE-546
+# (https://cwe.mitre.org/data/definitions/546.html)
+# and simply reports them to the user. It's up to the user
+# to take any further actions.
+
+use strict;
+
+my @keywords = ('TODO', 'BUG', 'FIXME', 'HACK');
+my @mismatch_keywords = ('BUG\(\)');
+
+foreach my $file (@ARGV) {
+	my $i = 1;
+	open(my $f, '<', $file)
+		or die "Cannot open $file: $!\n";
+
+	while (my $line = <$f>) {
+		foreach my $keyword (@keywords) {
+			if ($line =~ /\b$keyword\b/) {
+				foreach my $mismatch_keyword (@mismatch_keywords) {
+					if ($line =~ /$mismatch_keyword/) {}
+					else {
+						print "$file contains $keyword on line $i\n";
+					}
+				}
+			}
+		}
+
+		$i++;
+	}
+}
-- 
2.17.1

next             reply	other threads:[~2020-08-27 15:14 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-27 15:13 Mohammed Billoo [this message]
2020-09-09 14:05 ` [linux-safety] [PATCH] scripts: Report 'suspicious' comments Lukas Bulwahn
2020-09-09 23:45   ` Mohammed Billoo
2020-09-10  6:42     ` Lukas Bulwahn
2020-09-10 11:55       ` Mohammed Billoo

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:f2116815416 dfblob:c84b8bc5c18 dfblob:22fd77bc75d
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200827151333.11591-1-mab@mab-labs.com \
    --to=mab@mab-labs.com \
    --cc=linux-safety@lists.elisa.tech \
    --cc=skhan@linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).