| Summary: | request for RATS ebuild | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Nilanjan De <nilanjan> |
| Component: | New packages | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | RESOLVED LATER | ||
| Severity: | enhancement | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.securesoftware.com/rats/ | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 6009, 17872 | ||
| Attachments: |
rats-2.1.ebuild
rats-2.1.ebuild |
||
|
Description
Nilanjan De
2003-11-21 11:43:14 UTC
this something you guys are interested in? Well Debian has a .deb for it, i would love to see it in Gentoo portage also. Seems you/we must fill out an online form in order to download the RATS evaluation version. I don't know what legal ramifications it would have if we bypassed this step. Reporter please research what license RATS is released under and if file mirroring is allowed. RATS is distributed under the GNU GENERAL PUBLIC LICENSE version 2. http://www.securesoftware.com/distributing.htm So here is what I'm thinking about source scanning. We can take RATS, flawfiner, and perhaps splint and add support to portage for when these are installed and found in the FEATURES for example we have FEATURES="rats" set then we scan the src code in $S right before the src_compile is called from ebuild.sh example for flawfinder http://dev.gentoo.org/~solar/portage_misc/feature.flawfinder I'll add rats and see if I can do the same for it. Created attachment 22661 [details]
rats-2.1.ebuild
Please test rats ebuild.
Created attachment 22662 [details]
rats-2.1.ebuild
This install cleaner.
solar@simple rats $ epm -q -l rats
/usr/bin/rats
/usr/share/man/man1/rats.1.gz
/usr/share/doc/rats-2.1/README.gz
/usr/share/doc/rats-2.1/COPYING.gz
/usr/share/doc/rats-2.1/README.win32.gz
/usr/share/rats/rats-c.xml
/usr/share/rats/rats-openssl.xml
/usr/share/rats/rats-perl.xml
/usr/share/rats/rats-php.xml
/usr/share/rats/rats-python.xml
And matching ebuild.sh to have rats scan cource files.
if [ "$PWD" = "${S}" -a "`has rats ${FEATURES}`" != "" -a -x /usr/bin/rats ]; then
s_files="`find ${S} -name '*.c' -o -name '*.cpp' -o -name '*.php' -o -name '*.pl'`"
flaws=""
if [ -n "$s_files" ]; then
s_count=`echo ${files} | tr ' ' '\n' | wc -l | awk '{print $1}'`
einfo "Running rats on [$s_count] files"
[ -z "${FEATURE_RATS_WARNLEVEL}" ] && export FEATURE_RATS_WARNLEVEL=3
flaws=$(/usr/bin/rats --quiet --resultsonly --warning ${FEATURE_RATS_WARNLEVEL} ${s_files})
if [ -n "$flaws" ]; then
echo -ne "\a"; sleep 0,25 &>/dev/null; echo -ne "\a"; sleep 0,25 &>/dev/null
echo -ne "\a"; sleep 0,25 &>/dev/null; echo -ne "\a"; sleep 0,25 &>/dev/null
ewarn "rats report for ${PN}"
echo "------------------------------------------------------------------------"
echo -e "${flaws}"
echo "------------------------------------------------------------------------"
i=5
while [ $i != 0 ]; do
echo -ne ".\a"
sleep 0.25
i=$(($i - 1))
done
has interactive ${FEATURES} &&
read -p "- Press Enter To Continue or CTRL+C to abort"
fi
fi
fi
If you want to add this to portage please test it like this.
edit your ebuild.sh look for a line like this.
-------------------------------------------
#some packages use an alternative to $S to build in, cause
#our libtool to create problematic .la files
export PWORKDIR="$WORKDIR"
src_compile
-------------------------------------------
Right before the src_compile add a src_pre_compile
then inside of src_pre_compile() { # add the above code or the flawfinder code or both }
For example min looks like.
src_pre_compile() {
if [ "$PWD" = "${S}" -a "`has rats ${FEATURES}`" != "" -a -x /usr/bin/rats ]; then
s_files="`find ${S} -name '*.c' -o -name '*.cpp' -o -name '*.php' -o -name '*.pl'`"
flaws=""
if [ -n "$s_files" ]; then
s_count=`echo ${files} | tr ' ' '\n' | wc -l | awk '{print $1}'`
einfo "Running rats on [$s_count] files"
[ -z "${FEATURE_RATS_WARNLEVEL}" ] && export FEATURE_RATS_WARNLEVEL=3
flaws=$(/usr/bin/rats --quiet --resultsonly --warning ${FEATURE_RATS_WARNLEVEL} ${s_files})
if [ -n "$flaws" ]; then
echo -ne "\a"; sleep 0,25 &>/dev/null; echo -ne "\a"; sleep 0,25 &>/dev/null
echo -ne "\a"; sleep 0,25 &>/dev/null; echo -ne "\a"; sleep 0,25 &>/dev/null
ewarn "rats report for ${PN}"
echo "------------------------------------------------------------------------"
echo -e "${flaws}"
echo "------------------------------------------------------------------------"
i=5
while [ $i != 0 ]; do
echo -ne ".\a"
sleep 0.25
i=$(($i - 1))
done
has interactive ${FEATURES} &&
read -p "- Press Enter To Continue or CTRL+C to abort"
fi
fi
fi
if [ "$PWD" = "${S}" -a "`has flawfinder ${FEATURES}`" != "" -a -x /usr/bin/flawfinder ]; then
c_files="`find ${S} -name '*.c' -o -name '*.cpp'`"
flaws=""
if [ -n "$c_files" ]; then
c_count=`echo ${c_files} | tr ' ' '\n' | wc -l | awk '{print $1}'`
einfo "Running flawfinder on [$c_count] files"
[ -z "${FEATURE_FLAWFINDER_MINLEVEL}" ] && export FEATURE_FLAWFINDER_MINLEVEL=5
debug-print "flawfinder --quiet --dataonly --minlevel=${FEATURE_FLAWFINDER_MINLEVEL} ${c_files}"
flaws=$(flawfinder --quiet --dataonly --minlevel=${FEATURE_FLAWFINDER_MINLEVEL} ${c_files})
if [ -n "$flaws" ]; then
echo -ne "\a"; sleep 0,25 &>/dev/null; echo -ne "\a"; sleep 0,25 &>/dev/null
echo -ne "\a"; sleep 0,25 &>/dev/null; echo -ne "\a"; sleep 0,25 &>/dev/null
ewarn "flawfinder report for ${PN}"
echo "------------------------------------------------------------------------"
echo -e "${flaws}"
echo "------------------------------------------------------------------------"
i=5
while [ $i != 0 ]; do
echo -ne ".\a"
sleep 0.25
i=$(($i - 1))
done
has interactive ${FEATURES} &&
read -p "- Press Enter To Continue or CTRL+C to abort"
fi
fi
fi
}
No feedback so "rats" must not be all that usefull to anybody. Perparing to close bug or bounce to another herd. changing resolution to LATER |
