-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcheckDod.sh
More file actions
executable file
·493 lines (443 loc) · 15 KB
/
Copy pathcheckDod.sh
File metadata and controls
executable file
·493 lines (443 loc) · 15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
#!/bin/bash
# functions
# returns the Value of the key. It contains either the direct Value, the Array or json-block.
function extract_top_level_block {
local key=$1
local file=$2
awk -v key="$key" '
BEGIN {
in_block = 0
found = 0
brace_level = 0
}
{
# Searching for line with "key":
if (!found && $0 ~ "\"" key "\"" && $0 ~ /:/) {
found = 1
# Output of the whole line(incl. key and value)
print
# Count all braces
brace_level += gsub(/[{\[]/, "")
brace_level -= gsub(/[}\]]/, "")
# exit if block ends (count braces reach 0)
if (brace_level == 0) {
exit
}
# start block
in_block = 1
next
}
if (in_block) {
print
brace_level += gsub(/[{\[]/, "")
brace_level -= gsub(/[}\]]/, "")
if (brace_level == 0) {
exit
}
}
}
' "$file"
}
function extract_config_value {
local key=$1
local file=$2
local match=$(grep -E "^[[:space:]]*'$key'[[:space:]]*=>" "$file" | head -n1 || true)
[[ -z "$match" ]] && { echo ""; return 0; }
echo "$match" | sed -E "s/^[[:space:]]*'$key'[[:space:]]*=>[[:space:]]*'([^']*)'[[:space:]]*,?/\1/"
}
function check_for_path_violations() {
local search_dir=${1:-.}
local filter=":[0-9]+:"
local path_pattern='(/[^[:space:]"'"'"']+|[A-Za-z]:\\[^[:space:]"'"'"']+|(\.\.?/)[^[:space:]"'"'"']+)'
local api_ignore='(GET|POST|PUT|DELETE|PATCH|curl|fetch|axios|http(s)?://|/api/)'
local others="($filter[[:space:]]*/\*\*)"
local exclude_ignore='exclude\('
local raw_matches
raw_matches=$(grep -Einr --include="*.php" --include="*.js" --exclude-dir={vendor,node_modules} "$path_pattern" "$search_dir" 2>/dev/null || true)
local matches
matches=$(echo "$raw_matches" | grep -Ev "$api_ignore" || true)
matches=$(echo "$matches" | grep -Ev "$others" || true)
matches=$(echo "$matches" | grep -Ev "$exclude_ignore" || true)
matches=$(echo "$matches" | awk -F: '
{
match($0, /[^ ]+\.php/)
filepath = substr($0, RSTART, RLENGTH)
split(filepath, parts, "/")
filename = parts[length(parts)]
if (filename == "config.php") next
line = substr($0, index($0,$3))
if (line ~ /^\s*\/\//) next
if (line ~ /@[A-Za-z0-9_\/.-]+/) next
if (line ~ /<\/[a-zA-Z0-9:_-]+>/) next
comment_pos = match(line, /\/\//)
if (comment_pos > 0) {
code_before_comment = substr(line, 1, comment_pos - 1)
if (code_before_comment ~ /\/[^[:space:]]*$/ || code_before_comment ~ /[A-Za-z]:\\[^[:space:]]*$/) {
print $0
}
} else {
print $0
}
}')
if [[ -n "$matches" ]]; then
while IFS= read -r line; do
pathviolations_tmp+=("$line")
done <<< "$matches"
fi
return 0
}
function extract_code_part() {
local line="$1"
local code paths=()
local file_rel="${line%%:*}"
local file_abs
file_abs=$(realpath "$file_rel" 2>/dev/null || true)
code="${line#*:}"
code="${code#*:}"
code="${code#"${code%%[![:space:]]*}"}"
while IFS= read -r match; do
clean_path="${match:1:${#match}-2}"
if [[ -n "$file_abs" ]]; then
echo "$file_abs: $clean_path"
else
echo "$file_rel: $clean_path"
fi
done < <(echo "$code" | grep -oE "['\"][./@A-Za-z0-9_:\\*?-]+['\"]")
}
function max_upward_traversal() {
local rel_path="$1"
local depth=0
local max_depth=0
IFS='/' read -ra parts <<< "$rel_path"
for part in "${parts[@]}"; do
if [[ "$part" == ".." ]]; then
((depth++))
if ((depth > max_depth)); then
max_depth=$depth
fi
elif [[ -n "$part" && "$part" != "." ]]; then
((depth--))
if ((depth < 0)); then depth=0; fi
fi
done
echo "$max_depth"
}
function check_path_tail() {
local base_path="$1"
local depth="$2"
IFS='/' read -ra parts <<< "$base_path"
local total=${#parts[@]}
local start=$(( total - depth ))
(( start < 0 )) && start=0
local keyword
for (( i = start; i < total; i++ )); do
keyword="${parts[i]}"
if [[ "$keyword" =~ ^(html|htdocs|current|shared)$ ]]; then
return 0
fi
done
return 1
}
# script start
set -eo pipefail
# global variables
README="README.md" # location of Readme.md
COMPOSER="composer.json" # location of composer.json
KEYWORDS=('mautic') # keyword array for the keyword "keyword"
DIRECTORY="install-directory-name" # variable to get the install-directory-name of the composer.json
REQUIRE=('php' 'mautic/core-lib') # array for the keywords thats need to be in "require"-Option in the composer.json
CR="Leuchtfeuer Digital Marketing GmbH" # Copyright naming to check at multiple places
COMPOSEREXIST=true # Variable that get changed in the script if composer.json do not exist
CONFIGEXIST="unknown" # Variable that get changed in the script when it gets checked
READMEEXIST=true # Variable that get changed in the script if README.md do not exist
# Are the composer and readme existing?
if [[ ! -f "$README" ]]; then
READMEEXIST=false
fi
if [[ ! -f "$COMPOSER" ]]; then
if [[ "$READMEEXIST" == true ]]; then
printf "\e[32m$README don't exist. \e[0m"
fi
printf "\e[32m$COMPOSER don't exist. config.php is unknown.\e[0m"
exit 1
fi
# Theme or Plugin?
PLUGIN=$(grep '"type": "mautic-' $COMPOSER | sed -E 's/.*"type"[[:space:]]*:[[:space:]]*"([^"]*)".*/\1/') # "mautic- for specific type of the file and not of something else in the composer"
if [[ "$PLUGIN" == "mautic-plugin" ]]; then
PLUGIN=true # is the directory to check a plugin or not?
KEYWORDS+=('plugin' 'integration') # additional to the previous one
AUTHORS=("name\": \"$CR" 'homepage": "https://Leuchtfeuer.com/mautic/' 'role": "Developer' 'email": "mautic-plugins@leuchtfeuer.com')
# keywords that needs to exist in the "Author"-Options in composer.json
LICENSE="GPL-3\.0"
AUTOLOAD="psr-4" # "autoload"-Option needs this value in composer.json
CONFIG="Config/config.php" # location of config.php
elif [[ "$PLUGIN" == "mautic-theme" ]]; then
PLUGIN=false
KEYWORDS+=('theme')
CONFIG="config.php"
else
echo "this directory is neither a Plugin nor a Theme or it is not defined in the $COMPOSER"
exit 1
fi
# is config existing?
if [[ ! -f "$CONFIG" ]]; then
CONFIGEXIST=false
else
CONFIGEXIST=true
fi
# check composer.json
# it needs to be checked before config.php
# Start composer
composererrorstoplevel=()
composererrorsinside=()
composerkeys=('name' 'description' 'keywords' 'extra' 'require') # extra needs to be before autoload
if [[ "$PLUGIN" == true ]]; then
composerkeys+=('authors' 'license' 'autoload')
fi
for key in "${composerkeys[@]}"; do
block=$(extract_top_level_block "$key" "$COMPOSER")
if [[ "$block" == "" ]]; then
composererrorstoplevel+=($key)
continue
fi
if [[ $key == 'name' ]]; then
[[ "$block" != *'"leuchtfeuer/'* ]] && composererrorsinside+=('"name" needs to start with "leuchtfeuer/"')
nametheme=${name_theme##*/}
continue
elif [[ $key == 'description' ]]; then
description=$(echo "$block" | sed -E "s/.*\"description\"[[:space:]]*:[[:space:]]*\"([^\"]+)\".*/\1/")
if [[ -z "${description:-}" ]]; then
composererrorsinside+=("description is empty")
fi
elif [[ $key == 'keywords' ]]; then
# check if keywords has an array
if [[ "$block" != *'['* || "$block" != *']'* ]]; then
composererrorsinside+=('"keywords" needs to be an array')
continue
fi
for required in "${KEYWORDS[@]}"; do
if [[ "$block" != *\"$required\"* ]]; then
composererrorsinside+=("keyword \"$required\" is missing in \"keywords\"")
fi
done
elif [[ $key == 'extra' ]]; then
if [[ "$block" != *\"$DIRECTORY\"* ]]; then
composererrorsinside+=("extra needs \"$DIRECTORY\" as an option")
fi
installdirectoryname=$(echo "$block" | grep "\"$DIRECTORY\"" | sed -E "s/.*\"$DIRECTORY\"[[:space:]]*:[[:space:]]*\"([^\"]*)\".*/\1/")
elif [[ $key == 'require' ]]; then
for singlerequire in "${REQUIRE[@]}"; do
if [[ "$block" != *\"$singlerequire\"* ]]; then
composererrorsinside+=("keyword \"$singlerequire\" is missing in \"require\"")
fi
done
fi
if [[ $key == 'authors' ]]; then
for author in "${AUTHORS[@]}"; do
if [[ "$author" == *"email"* ]]; then
block=$(echo "$block" | tr '[:upper:]' '[:lower:]')
fi
if [[ "$block" != *\"$author\"* ]]; then
composererrorsinside+=("keyword with specific value \"$author\" is missing")
fi
done
fi
if [[ $key == 'license' ]]; then
if [[ "$block" != *\"$LICENSE\"* ]]; then
composererrorsinside+=("license needs to be \"$LICENSE\"")
fi
fi
if [[ $key == 'autoload' ]]; then
if [[ "$block" != *\"$AUTOLOAD\"* ]]; then
composererrorsinside+=("autoload needs an option \"$AUTOLOAD\"")
fi
if [[ -z "${installdirectoryname:-}" ]]; then
composererrorsinside+=("Can not extract the install-directory-name, please be sure to fill out, autoload unknown")
continue
fi
pattern="\"MauticPlugin\\\\$installdirectoryname\\\\\""
if [[ "$block" != *"$pattern"* ]]; then
composererrorsinside+=("autoload needs $pattern as an option")
fi
fi
done
# End Composer
# check config.php
# Start config
if [[ "$CONFIGEXIST" == true ]]; then
configkeys=('name' 'description' 'author' 'version')
configerrors=()
for key in "${configkeys[@]}"; do
value=$(extract_config_value "$key" "$CONFIG")
if [[ -z "$value" ]]; then
configerrors+=("$key is missing or empty in config.php")
continue
fi
if [[ $key == 'description' ]]; then
if [[ -z "${description:-}" ]]; then
configerrors+=("TIPP: copy the description of $CONFIG to $COMPOSER")
continue
fi
if [[ "$value" != "$description" ]]; then
configerrors+=($'The description needs to be the same in the composer.json and the config.php\n composer.json: '"$description"$'\n config.php: '"$value")
fi
fi
if [[ $key == 'author' ]]; then
if [[ "$value" != "$CR" ]]; then
configerrors+=("author needs to be \"$CR\"")
fi
fi
if [[ $key == 'name' ]]; then
nameplugin="$value"
if [[ -z "${nameplugin:-}" ]]; then
configerrors+=("name should have a value")
fi
fi
done
fi
# End config
# check README.md
# Start readme
if [[ "$READMEEXIST" == true ]]; then
readmeerrors=()
if [[ "$PLUGIN" == true ]]; then
readmekeys=('# Plugin Name' '## Overview' '## Requirements' '## Installation' '### Composer' '### Manual Installation' '## Configuration' '## Usage' '## Credits' '## Author')
synonymover=('## Overview' '## Purpose' '## Features')
synonymreq=('## Requirements' '## Version Support')
else
readmekeys=('# Theme Name')
fi
for key in "${readmekeys[@]}"; do
if [[ $key == '# Theme Name' ]]; then
nametheme=$(echo "$nametheme" | tr '[:upper:]' '[:lower:]')
if [[ -z "${nametheme:-}" ]]; then
readmeerrors+=("TIPP: copy the name from $README to $COMPOSER in name behind \"leuchtfeuer/\"")
fi
if ! grep -Fq -- "# $nametheme" "$README"; then
readmeerrors+=("Name of Theme should be the same as end of name ($nametheme) in $COMPOSER")
continue
fi
fi
if [[ $key == "## Overview" ]]; then
forward=false
for subkey in "${synonymover[@]}"; do
if grep -Fq -- "$subkey" "$README"; then
forward=true
fi
done
if [[ "$forward" == true ]]; then
continue
else
readmeerrors+=('Missing Section: ## Overview / Purpose / Features')
continue
fi
fi
if [[ $key == "## Requirements" ]]; then
forward=false
for subkey in "${synonymreq[@]}"; do
if grep -Fq -- "$subkey" "$README"; then
forward=true
fi
done
if [[ "$forward" == true ]]; then
continue
else
readmeerrors+=('Missing Section: ## Requirements / Version Support')
continue
fi
fi
if [[ $key == '# Plugin Name' ]]; then
if [[ -z "${nameplugin:-}" ]]; then
readmeerrors+=("TIPP: copy name from $README to $CONFIG")
continue
fi
if ! grep -Fq -- "$nameplugin" "$README"; then
readmeerrors+=("Name of the Plugin should be the same as the name ($nameplugin) in $CONFIG")
fi
continue
fi
if ! grep -Fq -- "$key" "$README"; then
readmeerrors+=("Missing section: $key")
fi
done
fi
# End readme
# check for relativ or absolute paths in Code
# Start path check
SEARCH_DIR="./"
pathviolations_tmp=()
pathviolations=()
check_for_path_violations "$SEARCH_DIR"
for line in "${pathviolations_tmp[@]}"; do
while IFS= read -r code_part; do
base_path="${code_part%%:*}"
base_path=$(dirname "$base_path")
path_only="${code_part#*: }"
if [[ "$path_only" == /* || "$path_only" == *".."* ]]; then
depth=$(max_upward_traversal "$path_only")
if check_path_tail "$base_path" "$depth"; then
pathviolations+=("$line")
fi
fi
done < <(extract_code_part "$line")
done
# End path check
# Output of Errors
if [[ "$CONFIGEXIST" == true && "$READMEEXIST" == true ]]; then
if [[ ${#composererrorstoplevel[@]} -eq 0 && ${#composererrorsinside[@]} -eq 0 && ${#configerrors[@]} -eq 0 && ${#readmeerrors[@]} -eq 0 ]]; then
printf "\e[32m$README, $CONFIG and $COMPOSER are in good shape\n\e[0m" # green
exit 0
fi
fi
if [[ ${#composererrorstoplevel[@]} -eq 0 ]]; then
printf "\e[32m1st part of $COMPOSER check passed: all options present.\n\e[0m"
else
printf "\e[31mOptions missing in composer.json:\n\e[0m" # red
for err in "${composererrorstoplevel[@]}"; do
echo " - $err"
done
fi
if [[ ${#composererrorsinside[@]} -eq 0 ]]; then
printf "\e[32m2nd part of $COMPOSER check passed: all known values right.\n\e[0m"
else
printf "\e[31mOptions wrong in composer.json:\n\e[0m"
for err in "${composererrorsinside[@]}"; do
echo " - $err"
done
fi
if [[ ${#composererrorstoplevel[@]} -eq 0 && ${#composererrorsinside[@]} -eq 0 ]]; then
printf "\e[32mYour $COMPOSER meets all requirements\n\e[0m"
fi
if [[ "$CONFIGEXIST" == true ]]; then
if [[ ${#configerrors[@]} -eq 0 ]]; then
printf "\e[32m$CONFIG check passed: all options present and right.\n\e[0m"
else
printf "\e[31mValues missing or wrong in $CONFIG:\n\e[0m"
for err in "${configerrors[@]}"; do
echo " - $err"
done
fi
else
printf "\e[32m$CONFIG don't exist. \e[0m"
fi
if [[ "$READMEEXIST" == true ]]; then
if [[ ${#readmeerrors[@]} -eq 0 ]]; then
printf "\e[32m$README check passed: all sections present.\n\e[0m"
else
printf "\e[31mREADME.md check failed:\n\e[0m"
for err in "${readmeerrors[@]}"; do
echo " - $err"
done
fi
else
printf "\e[31m$README don't exist. \e[0m"
fi
if [[ ${#pathviolations[@]} -eq 0 ]]; then
printf "\e[32mPath Violation check passed: no relevant hardcoded paths.\n\e[0m"
else
printf "\e[31mPath Violation check failed:\n\e[0m"
for entry in "${pathviolations[@]}"; do
echo " - $entry"
done
fi
exit 1