Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only read the first line for shbang. #1213

Merged
merged 1 commit into from
Sep 18, 2024
Merged

Only read the first line for shbang. #1213

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions pkg/sca/sca.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -601,7 +601,7 @@ func sonameLibver(soname string) string {
return libver
}

func getShbang(fp fs.File) (string, error) {
func getShbang(fp io.Reader) (string, error) {
// python3 and sh are symlinks and generateCmdProviders currently only considers
// regular files. Since nothing will fulfill such a depend, do not generate one.
ignores := map[string]bool{"python3": true, "python": true, "sh": true}
Expand All @@ -622,7 +622,12 @@ func getShbang(fp fs.File) (string, error) {
return "", nil
}

toks := strings.Fields(string(buf[2 : blen-2]))
line1 := string(buf[2:blen])
endl := strings.Index(line1, "\n")
if endl >= 0 {
line1 = line1[:endl]
}
toks := strings.Fields(line1)
bin := toks[0]

// if #! is '/usr/bin/env foo', then use next arg as the dep
Expand Down
40 changes: 40 additions & 0 deletions pkg/sca/sca_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,14 @@
package sca

import (
"bytes"
"context"
"fmt"
"io"
"net/http"
"os"
"path/filepath"
"regexp"
"strings"
"testing"
"time"
Expand Down Expand Up @@ -275,3 +277,41 @@ func TestShbangDeps(t *testing.T) {
t.Errorf("Analyze(): (-want, +got):\n%s", diff)
}
}

func TestGetShbang(t *testing.T) {
for i, td := range []struct {
content string
want string
wantErr string
}{
{"#!/usr/bin/env bash\n", "bash", ""},
{"#!/usr/bin/env python3.12\nwith open...\n", "python3.12", ""},
// /bin/sh is explicitly ignored.
{"#!/bin/sh\necho hi world\n", "", ""},
{"#!/bin/dash\necho hi world\n", "/bin/dash", ""},
{"#!/usr/bin/env -S bash -x\necho hi world\n", "bash", ""},
{"#!/usr/bin/env bash -x\necho hi world\n", "bash", "multiple arguments"},
{"cs101 assignment", "", ""},
// no carriage return in file
{"#!/usr/bin/perl", "/usr/bin/perl", ""},
} {
got, gotErr := getShbang(bytes.NewReader([]byte(td.content)))
if td.wantErr != "" {
if gotErr == nil {
t.Errorf("%d - expected err, got %s", i, got)
} else if matched, err := regexp.MatchString(td.wantErr, fmt.Sprintf("%v", gotErr)); err != nil {
t.Errorf("%d - bad test, failed regexp.Match(%s)", i, td.wantErr)
} else if !matched {
t.Errorf("%d - expected err '%s', got '%s'", i, td.wantErr, gotErr)
}
} else {
if gotErr != nil {
t.Errorf("%d - unexpected err %v", i, gotErr)
continue
}
if td.want != got {
t.Errorf("%d - got %d '%s', expected %d '%s'", i, len(got), got, len(td.want), td.want)
}
}
}
}
Loading