search

pdehaan / shield-linter

Let's try and validate some shield study settings and configs
https://github.com/mozilla/shield-studies-addon-utils/issues/236
Mozilla Public License 2.0
0 stars 0 forks source link

alarms heuristic #16

Open gregglind opened 6 years ago

gregglind commented 6 years ago

if

check:

pdehaan commented 6 years ago

This one seems difficult. Unless we just do some grepping of all **/*.{js,jsm} files for the string ".expires" (since we can't really parse it using some AST or whatever).

pdehaan commented 6 years ago

OK, this may be roughly possible using something like shelljs's grep() method.

Basically this will just recursively scan the "addon/*/.js" for the string ".expires" then parses+filters the results:

const {grep} = require("shelljs");

const {stdout} = grep(".expires", "addon/**/*.js");
// Since `stdout` is a big block of text with "\n" newlines, we convert it into an array,
// trim any leading and trailing whitespace from each element, and then remove any empty 
// elements.
const results = stdout.split("\n").map(str => str.trim()).filter(Boolean);
if (results.length) {
  console.log(`I found some results:\n${results.join("\n")}`);
} else {
  console.log("No results found");
}

But since this is grep, i imagine we'd have some difficulty separating comments from code, and we may have oodles of false positives. But at least it may be a starting point.

gregglind commented 6 years ago

1: recall that 'grep -C' gives you lines around things :)

  1. I suggest this logic.:

Always do an "alarms report".

  1. has a "days": integer regex somewhere in code.
  2. has alarms permission // easy json
  3. has a call to browser.alarms in the code /// grep

if yes on days, needs the other two. if yes on 3, but not 2, needs 2. if yes on 2, but not 3, that's an 'unused permission'

At this point, I am looking for a 'report' of 'smoke' as much as actual 'this fails'.

On Fri, Jul 13, 2018 at 12:24 PM, Peter deHaan notifications@github.com wrote:

OK, this may be roughly possible using something like shelljs's grep() http://npm.im/shelljs method.

Basically this will just recursively scan the "addon/*/.js" for the string ".expires" then parses+filters the results:

const {grep} = require("shelljs"); const {stdout} = grep(".expires", "addon/*/.js"); const results = stdout.split("\n").map(str => str.trim()).filter(Boolean);if (results.length) { console.log(I found some results:\n${results.join("\n")}); } else { console.log("No results found"); }

But since this is grep, i imagine we'd have some difficulty separating comments from code, and we may have oodles of false positives. But at least it may be a starting point.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pdehaan/shield-linter/issues/16#issuecomment-404899057, or mute the thread https://github.com/notifications/unsubscribe-auth/AAKAjyOz-XREZEniCH2p-qhdqI4LSXzrks5uGNfFgaJpZM4VNpa5 .

pdehaan commented 6 years ago

Re: > "has a "days": integer regex somewhere in code." Do you have an example of what that regex would look like?