1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#!/bin/sh
# Audit Rust crate source for suspicious files in the current directory, that
# shouldn't or can't be part of a Debian source package.
#
# NOTE: this overwrites & deletes files in the current directory!!! Make a
# backup before running this script.
#
# Usage: $0 <whitelist> <filter_description> [<extra args to suspicious-source>]
set -e
whitelist="$1"
filter_description="$2"
shift 2 # everything else is args to suspicious-source
# Remove tiny files 4 bytes or less
find . -size -4c -type f -delete
# Remove non-suspicious files, warning on patterns that match nothing
echo "Excluding (i.e. removing) whitelisted files..."
grep -v '^#' "$whitelist" | xargs -I% sh -c 'rm -r ./% || true'
echo "Checking for suspicious files..."
# Remove cargo metadata files
find . '(' -name '.cargo-checksum.json' -or -name '.cargo_vcs_info.json' ')' -delete
# Strip comments & blank lines before testing rust source code -
# some authors like to write really long comments
find . -name '*.rs' -execdir sed -i -e '\,^\s*//,d' -e '/^\s*$/d' '{}' \;
# TODO: merge the -m stuff into suspicious-source(1).
suspicious-source -v "$@"
# The following shell snippet is a bit more strict than suspicious-source(1)
find . -type f -exec file '{}' \; | \
sed -e 's/\btext\b\(.*\), with very long lines/verylongtext\1/g' | \
grep -v '\b\(text\|empty\)\b' || true
# Most C and JS code should be in their own package
find . -name '*.c' -o -name '*.js'
echo "The above files (if any) seem suspicious, please audit them."
echo "If good, add them to $whitelist."
echo "If bad, add them to $filter_description."
|
