mirror of
https://git.proxmox.com/git/rustc
synced 2025-08-14 01:17:41 +00:00
41 lines
1.6 KiB
Bash
Executable File
41 lines
1.6 KiB
Bash
Executable File
#!/bin/sh
|
|
# Audit Rust crate source for suspicious files in the current directory, that
|
|
# shouldn't or can't be part of a Debian source package.
|
|
#
|
|
# NOTE: this overwrites & deletes files in the current directory!!! Make a
|
|
# backup before running this script.
|
|
#
|
|
# Usage: $0 <whitelist> <filter_description> [<extra args to suspicious-source>]
|
|
|
|
set -e
|
|
|
|
whitelist="$1"
|
|
filter_description="$2"
|
|
shift 2 # everything else is args to suspicious-source
|
|
|
|
# Remove tiny files 4 bytes or less
|
|
find . -size -4c -type f -delete
|
|
# Remove non-suspicious files, warning on patterns that match nothing
|
|
echo "Excluding (i.e. removing) whitelisted files..."
|
|
grep -v '^#' "$whitelist" | xargs -I% sh -c 'rm -r ./% || true'
|
|
echo "Checking for suspicious files..."
|
|
# Remove cargo metadata files
|
|
find . '(' -name '.cargo-checksum.json' -or -name '.cargo_vcs_info.json' ')' -delete
|
|
# Strip comments & blank lines before testing rust source code -
|
|
# some authors like to write really long comments
|
|
find . -name '*.rs' -execdir sed -i -e '\,^\s*//,d' -e '/^\s*$/d' '{}' \;
|
|
|
|
# TODO: merge the -m stuff into suspicious-source(1).
|
|
suspicious-source -v "$@"
|
|
# The following shell snippet is a bit more strict than suspicious-source(1)
|
|
find . -type f -exec file '{}' \; | \
|
|
sed -e 's/\btext\b\(.*\), with very long lines/verylongtext\1/g' | \
|
|
grep -v '\b\(text\|empty\)\b' || true
|
|
|
|
# Most C and JS code should be in their own package
|
|
find . -name '*.c' -o -name '*.js'
|
|
|
|
echo "The above files (if any) seem suspicious, please audit them."
|
|
echo "If good, add them to $whitelist."
|
|
echo "If bad, add them to $filter_description."
|