commit | d59a7dbb51268a336eb1df47eaaa683d9ec8a7f9 | [log] [tgz] |
---|---|---|
author | Oliver Newman <olivernewman@google.com> | Thu Aug 31 22:35:58 2023 +0000 |
committer | CQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com> | Thu Aug 31 22:35:58 2023 +0000 |
tree | 470a8ee5a4a3748da30fb9e63ac2d8fe2ae33519 | |
parent | d40a13fd49f228000ec47f7819ed72af209aeda3 [diff] |
[engine] Never evaluate executables relative to cwd `exec.ErrDot` is the error that `exec.LookPath()` returns when it fails to look up an executable on $PATH, but finds it in the current working directory. Notably, the current working directory may be outside the project root (if the "--root" flag is set), in which case the current working directory lookup is undesirable, as shac checks should only depend on tools in $PATH or in the checkout. Therefore, it should be considered an error if an executable is not found on $PATH. This means that commands like "foo.sh" that refer to a script in the repository root must use "./foo.sh" or an absolute path. If that becomes a pain for users, we could add a check to see if the file exists in the repository root before falling back to looking it up on $PATH. Change-Id: I6f3d5555c826c1492a3f40583cfd2ed04ed9b9ce Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/909879 Reviewed-by: Marc-Antoine Ruel <maruel@google.com> Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com> Fuchsia-Auto-Submit: Oliver Newman <olivernewman@google.com>
Shac (Scalable Hermetic Analysis and Checks) is a unified and ergonomic tool and framework for writing and running static analysis checks.
Shac checks are written in Starlark.
go install go.fuchsia.dev/shac-project/shac@latest shac check shac doc shac.star | less
Planned features/changes, in descending order by priority:
shac.textproto
shac.star
files.shac
cache directory that checks can write toctx.scm
glob
arguments to ctx.scm.{all,affected}_files()
functions for easier filtering⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.
See CONTRIBUTING.md to submit changes.