Conversation
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
jserv
force-pushed
the
pre-commit
branch
12 times, most recently
from
34a7c30 to
f778c5a
Compare
This rewrites pre-commit hook from 7 basic checks to 11, adding compiler-based syntax verification, security pattern detection, and expanded banned function enforcement. All checks now operate on staged index content via a materialized temp tree. New checks: - Compiler -fsyntax-only pass (Linux only) with -Werror for format strings, implicit declarations, pointer type mismatches, and VLA - Security pattern scan on newly-added lines: non-literal format strings, missing O_CLOEXEC, positive errno returns, unchecked malloc multiplication, unbounded scanf, thread-unsafe functions - Expanded banned function list (13 functions) - Whitespace error detection via git diff --check - TODO/FIXME enforcement on new lines Change-Id: Ic25657aaee3df44b155e92ae69e695c1c139f546
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This rewrites pre-commit hook from 7 basic checks to 11, adding compiler-based syntax verification, security pattern detection, and expanded banned function enforcement. All checks now operate on staged index content via a materialized temp tree.
New checks:
Change-Id: Ic25657aaee3df44b155e92ae69e695c1c139f546
Summary by cubic
Overhauls pre-commit and CI gates to enforce formatting, whitespace, syntax, and security on C/H changes. Splits CI into fast coding-style and static-analysis jobs; adds Linux-only syntax checks and strengthens CLI/identity parsing with tests.
New Features
.config;clang-format-20;git diff --check; merge-conflict guard; non-ASCII path/name checks; binary warnings; TODO/FIXME on new lines; 13 banned functions; security scan on added lines (non-literal format strings, missing CLOEXEC, positive errno returns, unchecked malloc multiplication, unbounded scanf, thread-unsafe calls); compilermake check-syntax(-fsyntax-only, Linux only);cppcheckon changed files.coding-style(trailing newline +clang-format-20) andstatic-analysis(banned funcs, secret patterns, dangerous preprocessor +cppcheckwith timeout) jobs run in parallel with unit/build; adds.ci/check-*.shscripts to enforce these..editorconfig; hooks resolve paths robustly, respect Gitcolor.ui, and skip in CI.Bug Fixes
UINT_MAXcapped); adds unit tests.Written for commit 341cd08. Summary will update on new commits.