alint-rules 0.4.9

Internal: built-in rule implementations for alint. Not a stable public API.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

//! `shebang_has_executable` — every file that starts with `#!`
//! must have the Unix `+x` bit set.
//!
//! The inverse of `executable_has_shebang`: catches scripts that
//! were committed with a shebang but where the executable bit
//! was never set (or got clobbered by `git add --chmod=-x`,
//! `cp`, a tarball round-trip, etc.). Running them requires
//! `bash script.sh` instead of `./script.sh`, which is usually
//! not the author's intent.
//!
//! Non-Unix platforms: rule is a no-op. No fix op — `chmod`
//! auto-apply is deferred to a later release (see ROADMAP).

use alint_core::{Context, Error, Level, Result, Rule, RuleSpec, Scope, Violation};

#[derive(Debug)]
pub struct ShebangHasExecutableRule {
    id: String,
    level: Level,
    policy_url: Option<String>,
    message: Option<String>,
    scope: Scope,
}

impl Rule for ShebangHasExecutableRule {
    fn id(&self) -> &str {
        &self.id
    }
    fn level(&self) -> Level {
        self.level
    }
    fn policy_url(&self) -> Option<&str> {
        self.policy_url.as_deref()
    }

    #[cfg(unix)]
    fn evaluate(&self, ctx: &Context<'_>) -> Result<Vec<Violation>> {
        use std::os::unix::fs::PermissionsExt;

        let mut violations = Vec::new();
        for entry in ctx.index.files() {
            if !self.scope.matches(&entry.path) {
                continue;
            }
            let full = ctx.root.join(&entry.path);
            let Ok(bytes) = std::fs::read(&full) else {
                continue;
            };
            if !bytes.starts_with(b"#!") {
                continue;
            }
            let Ok(meta) = std::fs::metadata(&full) else {
                continue;
            };
            if meta.permissions().mode() & 0o111 == 0 {
                let msg = self
                    .message
                    .clone()
                    .unwrap_or_else(|| "shebang script is not marked executable".to_string());
                violations.push(Violation::new(msg).with_path(&entry.path));
            }
        }
        Ok(violations)
    }

    #[cfg(not(unix))]
    fn evaluate(&self, _ctx: &Context<'_>) -> Result<Vec<Violation>> {
        Ok(Vec::new())
    }
}

pub fn build(spec: &RuleSpec) -> Result<Box<dyn Rule>> {
    let paths = spec.paths.as_ref().ok_or_else(|| {
        Error::rule_config(&spec.id, "shebang_has_executable requires a `paths` field")
    })?;
    if spec.fix.is_some() {
        return Err(Error::rule_config(
            &spec.id,
            "shebang_has_executable has no fix op — chmod auto-apply is deferred (see ROADMAP)",
        ));
    }
    Ok(Box::new(ShebangHasExecutableRule {
        id: spec.id.clone(),
        level: spec.level,
        policy_url: spec.policy_url.clone(),
        message: spec.message.clone(),
        scope: Scope::from_paths_spec(paths)?,
    }))
}