Package: check-all-the-things Version: 2015.12.10 Severity: important Tags: help security
The group selection enables checks that are to be disabled by default
due to having (dangerous/todo/etc flags). Checks with these flags
should only get enabled when explicitly requested. This is an important
issue because it enables dangerous checks when they weren't requested.
This problem still occurs in git master where groups/flags have been
merged. In git master it also enables checks that modify files. I have
tried to fix it but haven't been able to wrap my head around the
problem properly. I am hoping some of the folks subscribed to the bugs
for check-all-the-things can help fix this issue. If not I will try to
focus on fixing it during DebCamp. The below output illustrates this:
pabs@chianamo ~ $ mkdir tmp-test-cats-group-selection
pabs@chianamo ~ $ cd tmp-test-cats-group-selection/
pabs@chianamo ~/tmp-test-cats-group-selection $ cat
/usr/share/check-all-the-things/data/perl
[perl-syntax-check]
apt = perl
match = *.pl *.pm
command = perl -wc {file} | grep -v ' syntax OK$'
comment = Dangerous because it executes code in use statements and BEGIN,
UNITCHECK and CHECK blocks
flags = dangerous
[perl-b-lint]
apt = perl, libb-lint-perl
match = *.pl *.pm
prereq = perl -MO=Lint /dev/null
command = perl -MO=Lint {file} | grep -v ' syntax OK$'
comment = Dangerous because it executes code in use statements and BEGIN,
UNITCHECK and CHECK blocks
flags = dangerous
...
pabs@chianamo ~/tmp-test-cats-group-selection $ /usr/bin/check-all-the-things
-g perl
# Dangerous because it executes code in use statements and BEGIN, UNITCHECK and
CHECK blocks
$ find -type f \( -iname '*.pl' -o -iname '*.pm' \) -exec perl -MO=Lint {} \; |
grep -v ' syntax OK$'
./foo.pm syntax OK
./foo.pl syntax OK
# Dangerous because it executes code in use statements and BEGIN, UNITCHECK and
CHECK blocks
$ find -type f \( -iname '*.pl' -o -iname '*.pm' \) -exec perl -wc {} \; | grep
-v ' syntax OK$'
./foo.pm syntax OK
./foo.pl syntax OK
...
-- System Information:
Debian Release: stretch/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (860,
'testing-proposed-updates'), (800, 'unstable-debug'), (800, 'unstable'), (790,
'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690,
'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages check-all-the-things depends on:
ii python3 3.5.1-3
Versions of packages check-all-the-things recommends:
ii acheck 0.5.2
ii appstream 0.9.6-1
pn appstream-glib <none>
ii bfbtester 2.0.1-7.1
ii blhc 0.05-0.1
ii bzip2 1.0.6-8
ii cabal-install 1.22.7.0-1
ii cbmc 5.4-2
ii clang 1:3.6-33
ii clang-modernize 1:3.6-33
ii clang-tidy 1:3.6-33
ii cme 1.011-1
ii codespell 1.8-1
ii cppcheck 1.73-1
ii deheader 1.3-1
ii desktop-file-utils 0.22-1
ii devscripts 2.16.4
ii dh-ocaml 1.0.10
ii duck 0.9
ii epubcheck 4.0.1-2
ii fdupes 1.51-1
ii flawfinder 1.31-1
pn fontforge-nox <none>
ii freetype2-demos 2.6.3-3+b1
ii gendarme 4.2-1
ii gettext 0.19.7-2
ii gettext-lint 0.4-2.1
ii ghc-mod 5.4.0.0-1+b1
ii golang-go 2:1.6.1-2
ii hlint 1.9.26-1
ii hopenpgp-tools 0.18-1
ii i18nspector 0.24-1
ii iwyu 3.7-1
ii jlint 3.0-4.5+b1
ii jpeginfo 1.6.0-6+b2
ii lacheck 1.26-15
ii libb-lint-perl 1.20-1
ii libconfig-model-dpkg-perl 2.079
ii libconfig-model-perl 2.083-1
ii libperl-critic-perl 1.126-1
ii libpod-pom-perl 2.01-1
ii libxml2-utils 2.9.3+dfsg1-1
ii lintex 1.14-1
ii lintian 2.5.44
ii lua-check 0.15.0-1
ii lzip 1.17-1+b1
ii lzop 1.03-3.2
ii moreutils 0.58-1
ii mp3check 0.8.7-2+b1
ii mp3val 0.1.8-3+b1
ii ocaml-nox 4.02.3-6
ii oggz-tools 1.1.1-5
ii opus-tools 0.1.9-1
ii p7zip 15.14.1+dfsg-2
ii pep8 1.7.0-2
ii perl 5.22.2-1
ii php5-cli 5.6.22+dfsg-1
ii pmccabe 2.6
ii pngcheck 2.3.0-7
ii puppet 3.8.5-2
ii puppet-lint 1.1.0-1
ii pyflakes 1.2.3-1
ii python-bashate 0.3.1-2
ii python-fontforge 20120731.b-7.2
ii python-jpylyzer 1.17.0-1
ii python-magic 1:5.25-2
ii python3-bashate 0.3.1-2
ii python3-doc8 0.6.0-3
ii python3-magic 1:5.25-2
ii python3-ptyprocess 0.5.1-1
ii python3-restructuredtext-lint 0.12.2-2
ii sharutils 1:4.15.2-1
ii shellcheck 0.3.7-5
ii unzip 6.0-20
ii vorbis-tools 1.4.0-10
ii xz-utils 5.1.1alpha+20120614-2.1
check-all-the-things suggests no packages.
-- no debconf information
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
