badwords: rework exceptions, fix many of them

[vszakats]

Also:

• support per-directory and per-upper-directory whitelist entries.
• convert badlist input grep tweak into the above format.
  (except for 'And' which had just a few hits.)
• fix many code exceptions, but do not enforce.
  (there also remain about 350 'will' uses in lib)
• fix badwords in example code, drop exceptions.
• badwords-all: convert to Perl.
  To make it usable from CMake.
• FAQ: reword to not use 'will'. Drop exception.

[bagder]

I think you can do this differently. I think banning url from source code is untenable for example. It makes zero sense to ban that from code. It could perhaps work if we really made sure the scanner only cared about comments.

Having a special set of whitelisted words could be handled within the script, the same way it now ignores markdown-indented content only for some files.

[bagder]

For example, when building the large set of files to scan, we could give each file a "qualifier" if it is document or source code, and then we could apply a special set of whitelisted words on the different categories. Without needing two invokes.

[bagder]

I would not be upset if we just skipped scanning the source code, because I think that actually does not need the same attention to language.

[bagder]

Doing separate whitelisting could then also make the bold and backtick whitelisting not apply to source code...

[vszakats]

url is easy to whitelist now on a per-subdir basis. But it's really
only one hit ATM.

Though what I noticed is not all badwords are caught for some
reason. Not sure if by intent or accident. [edit: my mistake!]

I'd still vouch for scanning sources and reduce exceptions. What
remains now is 'will' in lib. With per-lib whitelisted words it can be
relaxed as necessary.

[vszakats]

ah, my mistake, -a enabled scanning indented lines, which we want for src.
backtracking.

[bagder]

I have a pending script that extracts all the comments from source code, which should help to ignore code.

Do we want it to check double-quoted strings as well?

[vszakats]

I have a pending script that extracts all the comments from source code, which should help to ignore code.

Do we want it to check double-quoted strings as well?

That would be nice, yes. I expect a couple of exception due to it, but manageable.

[bagder]

Shouldn't url be whitelisted here?

[vszakats]

Seemed simpler to avoid by renaming. Could be a better
name though probably. I was wondering why it's only caught
here, not in other examples where declared as char *url.

[icing]

Uhm, we do not want to forbid meaningful variable names now, or?

[vszakats]

With 2 hits in total, one in examples, the other in lib, whitelisted,
it seems fine to me. Can be whitelisted wider, if causing issues.

Or, using @bagder's comment-filter.

[bagder]

But we don't want warnings for this when the next example is added using url as a variable name...

Although I will fix this in the next step which will make the script ignore the code and only check comments and strings

[vszakats]

I updated FAQ.md to avoid 'will', while here.