Google Git
Sign in
fuchsia / shac-project / shac / 78e9ed73c516da22d4cb7f278a7f061717630dc2
commit78e9ed73c516da22d4cb7f278a7f061717630dc2[log] [tgz]
authorOliver Newman <olivernewman@google.com>Thu Aug 31 14:59:45 2023 +0000
committerCQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Aug 31 14:59:45 2023 +0000
tree015276008d2af46819400305d27e01eecfab7cfb
parent4bfd1e0c2ca9f8b8cc271d1273ab4642f3015c2f [diff]
Revert "[engine] Disallow calling register_check during load()"

This reverts commit d09e85771b373d572b4267e682f23b35c67b74c7.

Reason for revert: doesn't work as intended, prohibits 
`shac.register_check()` from being called even inside a function
loaded from another file.

Original change's description:
> [engine] Disallow calling register_check during load()
>
> See rationale in runtime_shac.go.
>
> If a valid reason for calling register_check from loaded files arises we
> can reconsider, but it's easier if we're strict from the beginning.
>
> Change-Id: Ic344d0b596b9b5f2d1be9c38e91d68cb339daf61
> Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/909933
> Commit-Queue: Oliver Newman <olivernewman@google.com>
> Fuchsia-Auto-Submit: Oliver Newman <olivernewman@google.com>
> Reviewed-by: Marc-Antoine Ruel <maruel@google.com>

Change-Id: Ic55fb5c091338b71085b1d576cf5652220705af4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/910592
Reviewed-by: RubberStamper 🤖 <android-build-ayeaye@system.gserviceaccount.com>
Commit-Queue: Oliver Newman <olivernewman@google.com>
8 files changed
tree: 015276008d2af46819400305d27e01eecfab7cfb
  1. .github/
  2. checks/
  3. cmd/
  4. doc/
  5. images/
  6. internal/
  7. scripts/
  8. vendor/
  9. .gitignore
  10. AUTHORS
  11. codecov.yml
  12. CONTRIBUTING.md
  13. go.mod
  14. go.sum
  15. LICENSE
  16. main.go
  17. OWNERS
  18. PATENTS
  19. README.md
  20. shac.star
  21. shac.textproto
README.md

shac

Shac (Scalable Hermetic Analysis and Checks) is a unified and ergonomic tool and framework for writing and running static analysis checks.

Shac checks are written in Starlark.

usage demonstration

Usage

go install go.fuchsia.dev/shac-project/shac@latest
shac check
shac doc shac.star | less

Documentation

Road map

Planned features/changes, in descending order by priority:

  • [x] Configuring files to exclude from shac analysis in shac.textproto
  • [x] Include unstaged files in analysis, including respecting unstaged shac.star files
  • [x] Automatic fix application with handling for conflicting suggestions
  • [ ] Provide a .shac cache directory that checks can write to
  • [ ] Mount checkout directory read-only
    • [x] By default
    • [ ] Unconditionally
  • [ ] Give checks access to the commit message via ctx.scm
  • [ ] Built-in formatting of Starlark files
  • [ ] Configurable “pass-throughs” - non-default environment variables and mounts that can optionally be passed through to the sandbox
  • [ ] Add glob arguments to ctx.scm.{all,affected}_files() functions for easier filtering
  • [ ] Filesystem sandboxing on MacOS
  • [ ] Windows sandboxing
  • [ ] Testing framework for checks

Contributing

âš  The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.

See CONTRIBUTING.md to submit changes.