/
banned_commands.bats
85 lines (74 loc) · 2.48 KB
/
banned_commands.bats
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/usr/bin/env bats
load test_helpers
banned_commands=(
# Process substitution isn't POSIX compliant and cause trouble
"<("
# Command isn't included in the Ubuntu packages asdf depends on. Also not
# defined in POSIX
column
# echo isn't consistent across operating systems, and sometimes output can
# be confused with echo flags. printf does everything echo does and more.
echo
# It's best to avoid eval as it makes it easier to accidentally execute
# arbitrary strings
eval
# realpath not available by default on OSX.
realpath
# readlink on OSX behaves differently from readlink on other Unix systems
readlink
# source isn't POSIX compliant. . behaves the same and is POSIX compliant
# Except in fish, where . is deprecated, and will be removed in the future.
source
)
banned_commands_regex=(
# grep -y does not work on alpine and should be "grep -i" either way
"grep.* -y"
# grep -P is not a valid option in OSX.
"grep.* -P"
# Ban grep long commands as they do not work on alpine
"grep[^|]+--\w{2,}"
# sort --sort-version isn't supported everywhere
"sort.*-V"
"sort.*--sort-versions"
)
setup() {
setup_asdf_dir
}
teardown() {
clean_asdf_dir
}
@test "banned commands are not found in source code" {
# Assert command is not used in the lib and bin dirs
# or expect an explicit comment at end of line, allowing it.
# Also ignore matches that are contained in comments or a string or
# followed by an underscore (indicating it's a variable and not a
# command).
for cmd in "${banned_commands[@]}"; do
run bash -c "grep -nHR '$cmd' asdf.* lib bin\
| grep -v '#.*$cmd'\
| grep -v '\".*$cmd.*\"' \
| grep -v '${cmd}_'\
| grep -v '# asdf_allow: $cmd'"
# Only print output if we've found a banned command
#if [ "$status" -ne 1 ]; then
if [ "" != "$output" ]; then
echo "banned command $cmd: $output"
fi
[ "$status" -eq 1 ]
[ "" == "$output" ]
done
for cmd in "${banned_commands_regex[@]}"; do
run bash -c "grep -nHRE '$cmd' asdf.* lib bin\
| grep -v '#.*$cmd'\
| grep -v '\".*$cmd.*\"' \
| grep -v '${cmd}_'\
| grep -v '# asdf_allow: $cmd'"
# Only print output if we've found a banned command
#if [ "$status" -ne 1 ]; then
if [ "" != "$output" ]; then
echo "banned command $cmd: $output"
fi
[ "$status" -eq 1 ]
[ "" == "$output" ]
done
}