Modify check-webkit-style to prohibit sensitive phrases
[WebKit-https.git] / Tools / Scripts / webkitpy / style / checkers / changelog.py
1 # Copyright (C) 2011 Patrick Gansterer <paroga@paroga.com>
2 #
3 # Redistribution and use in source and binary forms, with or without
4 # modification, are permitted provided that the following conditions
5 # are met:
6 # 1.  Redistributions of source code must retain the above copyright
7 #     notice, this list of conditions and the following disclaimer.
8 # 2.  Redistributions in binary form must reproduce the above copyright
9 #     notice, this list of conditions and the following disclaimer in the
10 #     documentation and/or other materials provided with the distribution.
11 #
12 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
13 # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
14 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
15 # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
16 # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
18 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
22 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23
24 """Checks WebKit style for ChangeLog files."""
25
26 from common import TabChecker, match, search, searchIgnorecase
27 from sys import maxsize
28 from webkitpy.common.checkout.changelog import parse_bug_id_from_changelog
29
30
31 class ChangeLogChecker(object):
32     """Processes text lines for checking style."""
33
34     categories = set(['changelog/bugnumber', 'changelog/filechangedescriptionwhitespace'])
35
36     def __init__(self, file_path, handle_style_error, should_line_be_checked):
37         self.file_path = file_path
38         self.handle_style_error = handle_style_error
39         self.should_line_be_checked = should_line_be_checked
40         self._tab_checker = TabChecker(file_path, handle_style_error)
41
42     def check_entry(self, first_line_checked, entry_lines):
43         if not entry_lines:
44             return
45         for line in entry_lines:
46             if parse_bug_id_from_changelog(line):
47                 break
48             if searchIgnorecase("Unreviewed", line):
49                 break
50             if searchIgnorecase("build", line) and searchIgnorecase("fix", line):
51                 break
52         else:
53             self.handle_style_error(first_line_checked,
54                                     "changelog/bugnumber", 5,
55                                     "ChangeLog entry has no bug number")
56         # check file change descriptions for style violations
57         line_no = first_line_checked - 1
58         for line in entry_lines:
59             line_no = line_no + 1
60             # filter file change descriptions
61             if not match('\s*\*\s', line):
62                 continue
63             if search(':\s*$', line) or search(':\s', line):
64                 continue
65             self.handle_style_error(line_no,
66                                     "changelog/filechangedescriptionwhitespace", 5,
67                                     "Need whitespace between colon and description")
68
69         # check for a lingering "No new tests (OOPS!)." left over from prepare-changeLog.
70         line_no = first_line_checked - 1
71         for line in entry_lines:
72             line_no = line_no + 1
73             if match('\s*No new tests \(OOPS!\)\.$', line):
74                 self.handle_style_error(line_no,
75                                         "changelog/nonewtests", 5,
76                                         "You should remove the 'No new tests' and either add and list tests, or explain why no new tests were possible.")
77
78         self.check_for_unwanted_security_phrases(first_line_checked, entry_lines)
79
80     def check(self, lines):
81         self._tab_checker.check(lines)
82         first_line_checked = 0
83         entry_lines = []
84
85         for line_index, line in enumerate(lines):
86             if not self.should_line_be_checked(line_index + 1):
87                 # If we transitioned from finding changed lines to
88                 # unchanged lines, then we are done.
89                 if first_line_checked:
90                     break
91                 continue
92             if not first_line_checked:
93                 first_line_checked = line_index + 1
94             entry_lines.append(line)
95
96         self.check_entry(first_line_checked, entry_lines)
97
98     def contains_phrase_in_first_line_or_across_two_lines(self, phrase, line1, line2):
99         return searchIgnorecase(phrase, line1) or ((not searchIgnorecase(phrase, line2)) and searchIgnorecase(phrase, line1 + " " + line2))
100
101     def check_for_unwanted_security_phrases(self, first_line_checked, lines):
102         unwanted_security_phrases = [
103             "arbitrary code execution", "buffer overflow", "buffer overrun",
104             "buffer underrun", "dangling pointer", "double free", "fuzzer", "fuzzing", "fuzz test",
105             "invalid cast", "jsfunfuzz", "malicious", "memory corruption", "security bug",
106             "security flaw", "use after free", "use-after-free", "UXSS",
107             "WTFCrashWithSecurityImplication",
108             "spoof",  # Captures spoof, spoofed, spoofing
109             "vulnerab",  # Captures vulnerable, vulnerability, vulnerabilities
110         ]
111
112         lines_with_single_spaces = []
113         for line in lines:
114             lines_with_single_spaces.append(" ".join(line.split()))
115
116         found_unwanted_security_phrases = []
117         last_index = len(lines_with_single_spaces) - 1
118         first_line_number_with_unwanted_phrase = maxsize
119         for unwanted_phrase in unwanted_security_phrases:
120             for line_index, line in enumerate(lines_with_single_spaces):
121                 next_line = "" if line_index >= last_index else lines_with_single_spaces[line_index + 1]
122                 if self.contains_phrase_in_first_line_or_across_two_lines(unwanted_phrase, line, next_line):
123                     found_unwanted_security_phrases.append(unwanted_phrase)
124                     first_line_number_with_unwanted_phrase = min(first_line_number_with_unwanted_phrase, first_line_checked + line_index)
125
126         if len(found_unwanted_security_phrases) > 0:
127             self.handle_style_error(first_line_number_with_unwanted_phrase,
128                                     "changelog/unwantedsecurityterms", 3,
129                                     "Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: {}".format(", ".join(found_unwanted_security_phrases)))