Validate EC key sizes in KeyPairGenerator.initialize() #146
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Line Length Check | |
| on: | |
| pull_request: | |
| branches: [ '*' ] | |
| jobs: | |
| line-length-check: | |
| runs-on: ubuntu-latest | |
| name: Check 80 character line limit | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check line length in PR changes | |
| run: | | |
| # Get the base branch (usually main/master) | |
| BASE_BRANCH="${{ github.event.pull_request.base.ref }}" | |
| echo "Checking line length (max 80 characters) for changed files in " \ | |
| "src/, examples/, and jni/ directories..." | |
| echo "================================================================" | |
| # Create temporary files with unique names | |
| changed_files=$(mktemp) | |
| violations_file=$(mktemp) | |
| # Get all changed files in this PR and filter for target directories | |
| git diff --name-only "origin/$BASE_BRANCH"...HEAD | \ | |
| grep -E '^(src/|examples/|jni/)' > "$changed_files" || true | |
| # Initialize violation count | |
| violation_count=0 | |
| # Check each changed file | |
| while IFS= read -r file; do | |
| if [[ -f "$file" ]]; then | |
| # Skip WolfCryptProvider.java as it contains service mappings | |
| # that legitimately exceed 80 characters | |
| if [[ "$file" == "src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java" ]]; then | |
| echo "Skipping $file (contains security service mappings)" | |
| continue | |
| fi | |
| # Skip auto-generated JNI header files in jni/include/ | |
| # These are generated by javac -h and contain long function | |
| # signatures that cannot be controlled | |
| if [[ "$file" =~ ^jni/include/.*\.h$ ]]; then | |
| echo "Skipping $file (auto-generated JNI header)" | |
| continue | |
| fi | |
| echo "Checking: $file" | |
| # Get added lines with actual file line numbers and check their length | |
| new_line_num=0 | |
| git diff "origin/$BASE_BRANCH"...HEAD "$file" | \ | |
| while IFS= read -r line; do | |
| # Track line numbers from diff headers - format: @@ -old_start,old_count +new_start,new_count @@ | |
| if [[ "$line" =~ ^@@.*\+([0-9]+) ]]; then | |
| # Extract starting line number for new file (after +) | |
| # Subtract 1 because we'll increment before processing first line | |
| new_line_num=$((${BASH_REMATCH[1]} - 1)) | |
| elif [[ "$line" =~ ^(\+[^+].*) ]]; then | |
| # This is an added line (not a +++ header) | |
| # Increment line number BEFORE processing (since this line exists in new file) | |
| new_line_num=$((new_line_num + 1)) | |
| added_line="${line:1}" # Remove leading + | |
| char_count=${#added_line} | |
| # Skip JNI method signatures and calls to avoid false positives | |
| # These are auto-generated names that can't be shortened | |
| if [[ $char_count -gt 80 ]]; then | |
| # Check if this is a JNI method signature, call, or parameter line that should be ignored | |
| if [[ "$added_line" =~ JNIEXPORT.*JNICALL.*Java_com_wolfssl_ ]] || \ | |
| [[ "$added_line" =~ Java_com_wolfssl_.*\( ]] || \ | |
| [[ "$added_line" =~ ^[[:space:]]*return[[:space:]]+Java_com_wolfssl_.* ]] || \ | |
| [[ "$added_line" =~ ^[[:space:]]*\(JNIEnv\*[[:space:]]+env.*\) ]] || \ | |
| [[ "$added_line" =~ ^[[:space:]]*JNIEnv\*[[:space:]]+env.* ]]; then | |
| echo "$file:$new_line_num - Skipping JNI method signature/call/parameters ($char_count characters)" | |
| echo " Line: $added_line" | |
| else | |
| echo "❌ $file:$new_line_num - Line too long ($char_count characters)" | |
| echo " Line: $added_line" | |
| echo "violation" >> "$violations_file" | |
| fi | |
| fi | |
| elif [[ "$line" =~ ^[[:space:]] ]]; then | |
| # Context line (unchanged) - increment new file line number | |
| new_line_num=$((new_line_num + 1)) | |
| # Removed lines (starting with -) don't affect new file line numbers | |
| fi | |
| done | |
| fi | |
| done < "$changed_files" | |
| # Count violations | |
| if [[ -f "$violations_file" ]]; then | |
| violation_count=$(grep -c "violation" "$violations_file" || echo 0) | |
| else | |
| violation_count=0 | |
| fi | |
| echo "================================================================" | |
| if [[ $violation_count -gt 0 ]]; then | |
| echo "❌ Found $violation_count line(s) exceeding 80 " \ | |
| "characters in PR changes" | |
| echo "" | |
| echo "Please ensure all lines are 80 characters or less " \ | |
| "as per coding standards." | |
| echo "You can check line length in your editor or use this command:" | |
| echo " grep -n '.\{81,\}' <filename>" | |
| rm -f "$violations_file" "$changed_files" | |
| exit 1 | |
| else | |
| echo "✅ All changed lines are within the 80 character limit" | |
| rm -f "$violations_file" "$changed_files" | |
| exit 0 | |
| fi |