diff options
| author | Adin Scannell <ascannell@google.com> | 2019-07-09 16:42:54 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2019-07-09 16:44:06 -0700 |
| commit | dea3cb92f2c9fffb604cedde6998b3209c91e716 (patch) | |
| tree | 41f1ac37d1f8b80861cfb63da9bbaca6c6a1c9da /tools/checkunsafe | |
| parent | cceef9d2cfbf72a7ae4feac2e53e46179c33155d (diff) | |
build: add nogo for static validation
PiperOrigin-RevId: 257297820
Diffstat (limited to 'tools/checkunsafe')
| -rw-r--r-- | tools/checkunsafe/BUILD | 13 | ||||
| -rw-r--r-- | tools/checkunsafe/check_unsafe.go | 56 |
2 files changed, 69 insertions, 0 deletions
diff --git a/tools/checkunsafe/BUILD b/tools/checkunsafe/BUILD new file mode 100644 index 000000000..d85c56131 --- /dev/null +++ b/tools/checkunsafe/BUILD @@ -0,0 +1,13 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_tool_library") + +package(licenses = ["notice"]) + +go_tool_library( + name = "checkunsafe", + srcs = ["check_unsafe.go"], + importpath = "checkunsafe", + visibility = ["//visibility:public"], + deps = [ + "@org_golang_x_tools//go/analysis:go_tool_library", + ], +) diff --git a/tools/checkunsafe/check_unsafe.go b/tools/checkunsafe/check_unsafe.go new file mode 100644 index 000000000..4ccd7cc5a --- /dev/null +++ b/tools/checkunsafe/check_unsafe.go @@ -0,0 +1,56 @@ +// Copyright 2019 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package checkunsafe allows unsafe imports only in files named appropriately. +package checkunsafe + +import ( + "fmt" + "path" + "strconv" + "strings" + + "golang.org/x/tools/go/analysis" +) + +// Analyzer defines the entrypoint. +var Analyzer = &analysis.Analyzer{ + Name: "checkunsafe", + Doc: "allows unsafe use only in specified files", + Run: run, +} + +func run(pass *analysis.Pass) (interface{}, error) { + for _, f := range pass.Files { + for _, imp := range f.Imports { + // Is this an unsafe import? + pkg, err := strconv.Unquote(imp.Path.Value) + if err != nil || pkg != "unsafe" { + continue + } + + // Extract the filename. + filename := pass.Fset.File(imp.Pos()).Name() + + // Allow files named _unsafe.go or _test.go to opt out. + if strings.HasSuffix(filename, "_unsafe.go") || strings.HasSuffix(filename, "_test.go") { + continue + } + + // Throw the error. + pass.Reportf(imp.Pos(), fmt.Sprintf("package unsafe imported by %s; must end with _unsafe.go", path.Base(filename))) + } + } + return nil, nil +} |