ubuntu-security-tools

Merge ~alexmurray/ubuntu-security-tools:uaudit-rubocop into ubuntu-security-tools:master

Proposed by Alex Murray on 2023-02-13

Status:	Merged
Merged at revision:	8e9594106615e826384d89e96fcac01bc59d229c
Proposed branch:	~alexmurray/ubuntu-security-tools:uaudit-rubocop
Merge into:	ubuntu-security-tools:master
Diff against target:	30 lines (+10/-0) 2 files modified audits/jira.template (+1/-0) audits/uaudit (+9/-0)
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Mark Esler	2023-02-13	Approve on 2023-02-13
Ubuntu Security Team	2023-02-13	Pending
Review via email: mp+437182@code.launchpad.net

Revision history for this message

Mark Esler (eslerm) wrote on 2023-02-13:

This looks great Alex! Thank you.

rubocop is a fairly verbose code linter, so I recommend adding `--only Security`.

review: Approve

Revision history for this message

Alex Murray (alexmurray) wrote on 2023-02-14:

Thanks Mark - I think I might also add --enable-pending-cops too in this case to try and get as much coverage as possible from the security linters.

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

People subscribed via source and target branches

to all changes:

1	diff --git a/audits/jira.template b/audits/jira.template
2	index 0a94a9a..82c83ff 100644
3	--- a/audits/jira.template
4	+++ b/audits/jira.template
5	@@ -9,6 +9,7 @@ $scc
6	- $coverity coverity defects
7	- $bandit warnings from bandit
8	- $brakeman brakeman defects
9	+- $rubocop rubocop defects
10	- $flawfinder flawfinder defects
11	- $cppcheck warnings from cppcheck
12	- $shellcheck warnings from shellcheck
13	diff --git a/audits/uaudit b/audits/uaudit
14	index af32fd5..3d0300b 100755
15	--- a/audits/uaudit
16	+++ b/audits/uaudit
17	@@ -165,6 +165,15 @@ static_analysis_tools = [
18	cmd_end=["."],
19	summary=["sed", "/^Processed/q", OUTPUT_FILE],
20	),
21	+ StaticAnalysisTool(
22	+ "rubocop",
23	+ source=StaticAnalysisToolSource.DEB,
24	+ cmd_start=["rubocop", "--no-color", "--enable-pending-cops", "--only", "Security"],
25	+ cmd_json=["--format", "json"],
26	+ cmd_txt=["--format", "emacs"],
27	+ cmd_end=["."],
28	+ summary=["grep", "-c", "^\\./", OUTPUT_FILE]
29	+ ),
30	]
31
32