packages/package_scanner.nim


# A very simple Nim package scanner.
#
# Scans the package list from this repository.
#
# Check the packages for:
#  * Missing name
#  * Missing/unknown method
#  * Missing/unreachable repository
#  * Missing tags
#  * Missing description
#  * Missing/unknown license
#  * Insecure git:// url on GitHub
#
# Usage: nim c -d:ssl -r package_scanner.nim
#
# Copyright 2015 Federico Ceratto <federico.ceratto@gmail.com>
# Released under GPLv3 License, see /usr/share/common-licenses/GPL-3

import httpclient
import net
import json
import os
import sets
import strutils

const
  LICENSES = @[
    "Allegro 4 Giftware",
    "Apache License 2.0",
    "BSD",
    "BSD2",
    "BSD3",
    "CC0",
    "GPL",
    "GPLv2",
    "GPLv3",
    "LGPLv2",
    "LGPLv3",
    "MIT",
    "MS-PL",
    "MPL",
    "WTFPL",
    "libpng",
    "zlib",
    "ISC",
    "Unlicense"
  ]
  VCS_TYPES = @["git", "hg"]

proc canFetchNimbleRepository(name: string, urlJson: JsonNode): bool =
  # The fetch is a lie!
  # TODO: Make this check the actual repo url and check if there is a
  #       nimble file in it
  result = true
  var url: string

  if not urlJson.isNil:
    url = urlJson.str

    try:
      discard getContent(url, timeout=10000)
    except HttpRequestError, TimeoutError:
      echo "W: ", name, ": unable to fetch repo ", url, " ",
           getCurrentExceptionMsg()
    except AssertionError:
      echo "W: ", name, ": httpclient failed ", url, " ",
           getCurrentExceptionMsg()
    except:
      echo "W: Another error attempting to request: ", url
      echo "  Error was: ", getCurrentExceptionMsg()

proc verifyAlias(pdata: JsonNode, result: var int) =
  if not pdata.hasKey("name"):
    echo "E: missing alias' package name"
    result.inc()

  # TODO: Verify that 'alias' points to a known package.

proc check(): int =
  var name: string
  echo ""
  let pkg_list = parseJson(readFile(getCurrentDir() / "packages.json"))
  var names = initSet[string]()

  for pdata in pkg_list:
    name = if pdata.hasKey("name"): pdata["name"].str else: ""

    if pdata.hasKey("alias"):
      verifyAlias(pdata, result)
    else:
      if name == "":
        echo "E: missing package name"
        result.inc()
      elif not pdata.hasKey("method"):
        echo "E: ", name, " has no method"
        result.inc()
      elif not (pdata["method"].str in VCS_TYPES):
        echo "E: ", name, " has an unknown method: ", pdata["method"].str
        result.inc()
      elif not pdata.hasKey("url"):
        echo "E: ", name, " has no URL"
        result.inc()
      elif pdata.hasKey("web") and not canFetchNimbleRepository(name, pdata["web"]):
        result.inc()
      elif not pdata.hasKey("tags"):
        echo "E: ", name, " has no tags"
        result.inc()
      elif not pdata.hasKey("description"):
        echo "E: ", name, " has no description"
        result.inc()
      elif not pdata.hasKey("license"):
        echo "E: ", name, " has no license"
        result.inc()
      elif pdata["url"].str.normalize.startsWith("git://github.com/"):
        echo "E: ", name, " has an insecure git:// URL instead of https://"
        result.inc()
      else:
        # Other warnings should go here
        if not (pdata["license"].str in LICENSES):
          echo "W: ", name, " has an unexpected license: ", pdata["license"]

    if name.normalize notin names:
      names.incl(name.normalize)
    else:
      echo("E: ", name, ": a package by that name already exists.")
      result.inc()

  echo ""
  echo "Problematic packages count: ", result


when isMainModule:
  quit(check())
Add package scanner 2015-03-07 23:55:08 +00:00
			`# A very simple Nim package scanner.`
			`#`
Improved travis file and package scanner. 2015-05-18 20:40:46 +01:00			`# Scans the package list from this repository.`
Add package scanner 2015-03-07 23:55:08 +00:00			`#`
			`# Check the packages for:`
			`# * Missing name`
			`# * Missing/unknown method`
			`# * Missing/unreachable repository`
improved(?) package_scanner! 2015-05-21 11:03:16 -04:00			`# * Missing tags`
			`# * Missing description`
			`# * Missing/unknown license`
Add check for git://github.com URLs 2016-06-09 21:38:20 +02:00			`# * Insecure git:// url on GitHub`
Add package scanner 2015-03-07 23:55:08 +00:00			`#`
			`# Usage: nim c -d:ssl -r package_scanner.nim`
			`#`
			`# Copyright 2015 Federico Ceratto <federico.ceratto@gmail.com>`
			`# Released under GPLv3 License, see /usr/share/common-licenses/GPL-3`

			`import httpclient`
			`import net`
			`import json`
Improved travis file and package scanner. 2015-05-18 20:40:46 +01:00			`import os`
Package_scanner will now check for duplicate pkg names. 2015-09-01 17:55:41 +01:00			`import sets`
			`import strutils`
Add package scanner 2015-03-07 23:55:08 +00:00
			`const`
			`LICENSES = @[`
			`"Allegro 4 Giftware",`
Added more license to package_scanner. 2015-10-17 14:23:19 +01:00			`"Apache License 2.0",`
Add package scanner 2015-03-07 23:55:08 +00:00			`"BSD",`
Fixes travis build and adds some new licenses to scanner. 2016-10-31 20:18:30 +01:00			`"BSD2",`
Add package scanner 2015-03-07 23:55:08 +00:00			`"BSD3",`
			`"CC0",`
			`"GPL",`
			`"GPLv2",`
			`"GPLv3",`
			`"LGPLv2",`
			`"LGPLv3",`
			`"MIT",`
			`"MS-PL",`
Added more license to package_scanner. 2015-10-17 14:23:19 +01:00			`"MPL",`
Add package scanner 2015-03-07 23:55:08 +00:00			`"WTFPL",`
			`"libpng",`
Added more license to package_scanner. 2015-10-17 14:23:19 +01:00			`"zlib",`
Fixes travis build and adds some new licenses to scanner. 2016-10-31 20:18:30 +01:00			`"ISC",`
			`"Unlicense"`
Add package scanner 2015-03-07 23:55:08 +00:00			`]`
			`VCS_TYPES = @["git", "hg"]`

improved(?) package_scanner! 2015-05-21 11:03:16 -04:00			`proc canFetchNimbleRepository(name: string, urlJson: JsonNode): bool =`
			`# The fetch is a lie!`
			`# TODO: Make this check the actual repo url and check if there is a`
			`# nimble file in it`
			`result = true`
			`var url: string`

			`if not urlJson.isNil:`
			`url = urlJson.str`

			`try:`
Fixes travis build and adds some new licenses to scanner. 2016-10-31 20:18:30 +01:00			`discard getContent(url, timeout=10000)`
improved(?) package_scanner! 2015-05-21 11:03:16 -04:00			`except HttpRequestError, TimeoutError:`
Soften scanner and update to Nim v0.18.0 2018-07-04 10:45:26 +01:00			`echo "W: ", name, ": unable to fetch repo ", url, " ",`
improved(?) package_scanner! 2015-05-21 11:03:16 -04:00			`getCurrentExceptionMsg()`
			`except AssertionError:`
			`echo "W: ", name, ": httpclient failed ", url, " ",`
			`getCurrentExceptionMsg()`
Handle all errors when calling httpclient. 2015-09-01 17:59:14 +01:00			`except:`
			`echo "W: Another error attempting to request: ", url`
			`echo " Error was: ", getCurrentExceptionMsg()`
improved(?) package_scanner! 2015-05-21 11:03:16 -04:00
Add support for aliases to package scanner. 2017-07-11 00:02:17 +01:00			`proc verifyAlias(pdata: JsonNode, result: var int) =`
			`if not pdata.hasKey("name"):`
			`echo "E: missing alias' package name"`
			`result.inc()`

			`# TODO: Verify that 'alias' points to a known package.`
improved(?) package_scanner! 2015-05-21 11:03:16 -04:00
Add package scanner 2015-03-07 23:55:08 +00:00			`proc check(): int =`
no nil strings anymore (#985) Looks good 2019-01-09 19:04:06 +01:00			`var name: string`
Add package scanner 2015-03-07 23:55:08 +00:00			`echo ""`
no nil strings anymore (#985) Looks good 2019-01-09 19:04:06 +01:00			`let pkg_list = parseJson(readFile(getCurrentDir() / "packages.json"))`
Package_scanner will now check for duplicate pkg names. 2015-09-01 17:55:41 +01:00			`var names = initSet[string]()`

Add package scanner 2015-03-07 23:55:08 +00:00			`for pdata in pkg_list:`
no nil strings anymore (#985) Looks good 2019-01-09 19:04:06 +01:00			`name = if pdata.hasKey("name"): pdata["name"].str else: ""`
improved(?) package_scanner! 2015-05-21 11:03:16 -04:00
Add support for aliases to package scanner. 2017-07-11 00:02:17 +01:00			`if pdata.hasKey("alias"):`
			`verifyAlias(pdata, result)`
			`else:`
no nil strings anymore (#985) Looks good 2019-01-09 19:04:06 +01:00			`if name == "":`
Add support for aliases to package scanner. 2017-07-11 00:02:17 +01:00			`echo "E: missing package name"`
			`result.inc()`
			`elif not pdata.hasKey("method"):`
			`echo "E: ", name, " has no method"`
			`result.inc()`
			`elif not (pdata["method"].str in VCS_TYPES):`
			`echo "E: ", name, " has an unknown method: ", pdata["method"].str`
			`result.inc()`
			`elif not pdata.hasKey("url"):`
			`echo "E: ", name, " has no URL"`
			`result.inc()`
			`elif pdata.hasKey("web") and not canFetchNimbleRepository(name, pdata["web"]):`
			`result.inc()`
			`elif not pdata.hasKey("tags"):`
			`echo "E: ", name, " has no tags"`
			`result.inc()`
			`elif not pdata.hasKey("description"):`
			`echo "E: ", name, " has no description"`
			`result.inc()`
			`elif not pdata.hasKey("license"):`
			`echo "E: ", name, " has no license"`
			`result.inc()`
			`elif pdata["url"].str.normalize.startsWith("git://github.com/"):`
			`echo "E: ", name, " has an insecure git:// URL instead of https://"`
			`result.inc()`
			`else:`
			`# Other warnings should go here`
			`if not (pdata["license"].str in LICENSES):`
			`echo "W: ", name, " has an unexpected license: ", pdata["license"]`
improved(?) package_scanner! 2015-05-21 11:03:16 -04:00
Package_scanner will now check for duplicate pkg names. 2015-09-01 17:55:41 +01:00			`if name.normalize notin names:`
			`names.incl(name.normalize)`
			`else:`
			`echo("E: ", name, ": a package by that name already exists.")`
			`result.inc()`
improved(?) package_scanner! 2015-05-21 11:03:16 -04:00
			`echo ""`
			`echo "Problematic packages count: ", result`

Add package scanner 2015-03-07 23:55:08 +00:00
			`when isMainModule:`
			`quit(check())`