
385 lines
8.5 KiB
Raw Normal View History

2022-11-03 05:29:44 +00:00
package analyze
import (
type Finding struct {
ItemType string
ItemName string
Line uint
Index any
Msg string
ExtraMsg string
func AnalyzeScript(r *interp.Runner, fl *syntax.File) ([]Finding, error) {
var findings []Finding
if _, ok := r.Vars["name"]; !ok {
findings = append(findings, Finding{
ItemType: "variable",
ItemName: "name",
Msg: "The %s is required",
if _, ok := r.Vars["version"]; !ok {
findings = append(findings, Finding{
ItemType: "variable",
ItemName: "version",
Msg: "The %s is required",
if _, ok := r.Vars["release"]; !ok {
findings = append(findings, Finding{
ItemType: "variable",
ItemName: "release",
Msg: "The %s is required",
if _, ok := r.Funcs["package"]; !ok {
findings = append(findings, Finding{
ItemType: "function",
ItemName: "package",
Msg: "The %s is required",
for name, scriptVar := range r.Vars {
_, scriptVar = scriptVar.Resolve(r.Env)
val := getVal(&scriptVar)
// Remove any override suffix, so that we
// check all the overrides as well
cutName, _, _ := strings.Cut(name, "_")
// build_vars has an underscore, and thus is a special case
// that must be accounted for
if strings.HasPrefix("name", "build_vars") {
cutName = "build_vars"
switch cutName {
case "release":
valStr, ok := mustBeStr(val, name, &findings)
if !ok {
if !isNumeric(strings.TrimPrefix(valStr, "-")) {
findings = append(findings, Finding{
ItemType: "variable",
ItemName: name,
Msg: "The %s must be an integer",
case "epoch":
valStr, ok := mustBeStr(val, name, &findings)
if !ok {
if !isNumeric(valStr) {
findings = append(findings, Finding{
ItemType: "variable",
ItemName: name,
Msg: "The %s must be a positive integer",
case "homepage":
valStr, ok := mustBeStr(val, name, &findings)
if !ok {
_, err := url.ParseRequestURI(valStr)
if err != nil {
findings = append(findings, Finding{
ItemType: "variable",
ItemName: name,
Msg: "The %s must be a valid URL",
case "maintainer":
valStr, ok := mustBeStr(val, name, &findings)
if !ok {
addr, err := mail.ParseAddress(valStr)
if err != nil {
findings = append(findings, Finding{
ItemType: "variable",
ItemName: name,
Msg: "The %s must be a valid RFC 5322 address",
if addr.Name == "" || addr.Address == "" {
findings = append(findings, Finding{
ItemType: "variable",
ItemName: name,
Msg: "The %s must contain a name and email (e.g. Arsen Musayelyan <>)",
case "architectures":
valSlice, ok := mustBeArray(val, name, &findings)
if !ok {
if slices.Contains(valSlice, "noarch") || slices.Contains(valSlice, "any") {
findings = append(findings, Finding{
ItemType: "variable",
ItemName: name,
Msg: "The %s must be set to 'all' to represent noarch/any",
2022-11-05 18:13:18 +00:00
case "license":
2022-11-03 05:29:44 +00:00
valSlice, ok := mustBeArray(val, name, &findings)
if !ok {
for _, val := range valSlice {
if strings.Contains(strings.ToLower(val), "custom") {
license := spdx.Licenses.License(val)
if license == nil {
similar := spdx.FindSimilarLicense(val)
f := Finding{
ItemType: "variable",
ItemName: name,
Msg: "The %s contains an invalid SPDX license identifier: '" + val + "'.",
ExtraMsg: "A list of SPDX license identifiers can be found at",
if similar != "" {
f.Msg += " Did you mean '" + similar + "'?"
findings = append(findings, f)
case "provides":
mustBeArray(val, name, &findings)
case "conflicts":
mustBeArray(val, name, &findings)
case "deps":
mustBeArray(val, name, &findings)
case "build_deps":
mustBeArray(val, name, &findings)
case "replaces":
mustBeArray(val, name, &findings)
case "sources":
valSlice, ok := mustBeArray(val, name, &findings)
if !ok {
for i, val := range valSlice {
u, err := url.ParseRequestURI(val)
if err != nil {
findings = append(findings, Finding{
ItemType: "element",
Index: i,
ItemName: name,
Msg: "The %s must be a valid URL",
query := u.Query()
var validParams []string
if strings.HasPrefix(u.Scheme, "git+") {
validParams = []string{"tag", "branch", "commit", "depth", "name"}
} else {
validParams = []string{"archive"}
for paramName := range query {
if strings.HasPrefix(paramName, "~") {
paramName = strings.TrimPrefix(paramName, "~")
} else {
if !slices.Contains(validParams, paramName) {
findings = append(findings, Finding{
ItemType: "element",
ItemName: name,
Index: i,
Msg: "The %s contains an invalid parameter name '~" + paramName + "'",
case "checksums":
valSlice, ok := mustBeArray(val, name, &findings)
if !ok {
sourcesName := strings.Replace(name, "checksums", "sources", 1)
srcs, ok := r.Vars[sourcesName]
if !ok || len(srcs.List) != len(valSlice) {
findings = append(findings, Finding{
ItemType: "array",
ItemName: name,
Msg: "The %s is not the same size as its corresponding sources array",
for i, val := range valSlice {
if val != "SKIP" && len(val) != 64 {
findings = append(findings, Finding{
ItemType: "element",
ItemName: name,
Index: i,
Msg: "The %s contains an invalid SHA256 checksum. SHA256 hashes must be 64 characters in length.",
if val != "SKIP" {
_, err := hex.DecodeString(val)
if err != nil {
findings = append(findings, Finding{
ItemType: "element",
ItemName: name,
Index: i,
Msg: "The %s contains an invalid SHA256 checksum. SHA256 hashes must be valid hexadecimal.",
case "backup":
mustBeArray(val, name, &findings)
case "scripts":
mustBeMap(val, name, &findings)
lns := FindLines(fl)
for i, finding := range findings {
if finding.ItemType == "function" {
ln, ok := lns.Funcs[finding.ItemName]
if ok {
findings[i].Line = ln
} else {
ln, ok := lns.Vars[finding.ItemName]
if ok {
findings[i].Line = ln
return findings, nil
func mustBeStr(val any, name string, findings *[]Finding) (string, bool) {
valStr, ok := val.(string)
if !ok {
*findings = append(*findings, Finding{
ItemType: "variable",
ItemName: name,
Msg: "The %s must be a string",
return valStr, ok
func mustBeArray(val any, name string, findings *[]Finding) ([]string, bool) {
valSlice, ok := val.([]string)
if !ok {
*findings = append(*findings, Finding{
ItemType: "variable",
ItemName: name,
Msg: "The %s must be an array",
return valSlice, ok
func mustBeMap(val any, name string, findings *[]Finding) (map[string]string, bool) {
valMap, ok := val.(map[string]string)
if !ok {
*findings = append(*findings, Finding{
ItemType: "variable",
ItemName: name,
Msg: "The %s must be a map",
return valMap, ok
func getVal(v *expand.Variable) any {
if v.Str != "" {
return v.Str
} else if v.List != nil {
return v.List
} else if v.Map != nil {
return v.Map
return nil
func isNumeric(s string) bool {
index := strings.IndexFunc(s, func(r rune) bool {
return r < '0' || r > '9'
return index == -1
type Lines struct {
Vars map[string]uint
Funcs map[string]uint
func FindLines(fl *syntax.File) Lines {
out := Lines{map[string]uint{}, map[string]uint{}}
for _, stmt := range fl.Stmts {
switch cmd := stmt.Cmd.(type) {
case *syntax.CallExpr:
if len(cmd.Assigns) == 0 {
name := cmd.Assigns[0].Name.Value
line := cmd.Assigns[0].Pos().Line()
out.Vars[name] = line
case *syntax.FuncDecl:
out.Funcs[cmd.Name.Value] = cmd.Pos().Line()
return out