Cmake check - Static analysis for CMake files.

Overview

NPM

Build status Known Vulnerabilities

cmake_check

Cmake_check is a linter for the CMake language. It takes a set of user-defined rules and reports violations for CMakeLists.txt files and CMake modules.

Quick Start ▲

Step 1: Download cmake_check (several methods, see below).

Step 2: Open a terminal (cmd.exe on Windows).

Step 3: Invoke cmake_check to check your CMake files or directories. The executable name differs depending on whether you use the development source version (cmake_check), a Windows executable (cmake_check.exe) or , a Linux executable (cmake_check). On this page, cmake_check is the generic term used to refer to any of these.

a file

prompt> cmake_check -i CMakeLists.txt -v
info: Checking CMakeLists.txt
CMakeLists(10).txt (66) : warning Whitelist: calls to some_custom_function are not allowed by whitelist
info: Checked 1 files
info: 0 files are clean
info: 1 files have 2 warnings
info: 0 files are ignored
info: took {"durationMs":28}

a directory

prompt> cmake_check -i project_folder -v
info: Checking files in project_folder
project_folder/libFoo/CMakeLists.txt (66) : warning Whitelist: calls to some_custom_function are not allowed by whitelist
project_folder/libBar/CMakeLists.txt (50) : warning Whitelist: calls to some_other_custom_function are not allowed by whitelist
...
info: Checked 769 files
info: 186 files are clean
info: 583 files have 1566 warnings
info: 0 files are ignored
info: took {"durationMs":2270}

Overview ▲

Cmake_check is a linter for the CMake language. It takes a set of user-defined rules and reports violations for CMakeLists.txt files and CMake modules. CMake_check is a command line application suitable for continuous integration checks. This is especially useful for large source trees with hundreds of CMake files. Cmake_check can be used to enforce a certain coding style or project/company guidelines. It is written in TypeScript and runs on every platform where node.js is available.

Features are:

  • recursive check of all CMake files in a given directory
  • allows combination of checks to form custom rules
  • a rule may consist of any number of checks
  • provides warning output (msbuild format) that can be used by the jenkins warnings plugin

Available checks:

  • require commands to exist (or not exist)
  • allow white-listed commands only (to limit the use of custom functions)

Planned checks:

  • require a specific command order
  • constraints on specific command arguments
  • constraints on paths (e.g. no ..)
  • comment checks
  • maximum line length
  • indentation checks

Binaries ▲

Each release comes with a set of Linux and Windows binaries.

NPM ▲

Install NodeJS (version > 8.11).

npm install -g cmake_check

Versioning ▲

Cmake_check uses semantic versioning.

Basic Usage ▲

The basic use is:

cmake_check -i <input folder or file>

or with custom configuration:

cmake_check -c <config file> -i <input folder or file>

All CMake files in the given input folders are analyzed with the given configuration. All warnings are written to stdout.

For more information and further available options call cmake_check -h.

Configuration ▲

The documentation for the cmake_check configuration is available on a separate page.

How It Works ▲

Cmake_check uses a parser-generator and a grammar to create a parser of the CMake language. All CMakeLists.txt files from input are parsed to a structured object. All configured checks are executed on that object. Failed checks are printed as warnings.

Limitations

  • the language parser will fail on CMakeLists.txt files that do not conform to the CMake language
    • these errors are reported by CMake itself, a successful run of CMake on the input files is a precondition for cmake_check

Features under development ▲

See the development board for issues that are in work.

Issues
  • Cmake bracket arguments are not supported

    Cmake bracket arguments are not supported

    I am getting the following error:

    error: CMakeLists.txt:117 Expected "]" or any character but end of input found.

    Probably because of the following cmake code set(DOXYGEN_PREDEFINED FORCE_DOXYGEN [[TYPE_TO_STRING(x)=""]])

    Cf. https://cmake.org/cmake/help/latest/manual/cmake-language.7.html#bracket-argument for the language feature description.

    bug 
    opened by Lectem 3
  • Allow clang-format like configuration

    Allow clang-format like configuration

    When option -c is missing, cmake_check uses the nearest .cmake_check file upwards in the directory tree. The .cmake_check is a regular configuration file that applies to each file below ...

    The file can probably be be collected while traversing.

    enhancement 
    opened by DaelDe 1
  • Add the Rule class

    Add the Rule class

    A rule

    • consists of any number of checks
    • has an id
    • has a name
    • has an optional description?
    • exposes a check method
    • somehow reports results for acheck call...
    enhancement 
    opened by DaelDe 1
  • Bump lodash from 4.17.11 to 4.17.14

    Bump lodash from 4.17.11 to 4.17.14

    Bumps lodash from 4.17.11 to 4.17.14.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Use default config when -c is not specified

    Use default config when -c is not specified

    It should be a very basic check for modern CMake and style. The config should probably link the source where it has been taken from.

    • extend the current config if needed
    • argument -c should be optional
    • change the documentation accordingly
    • document the default rules
    opened by DaelDe 0
  • Uniform binary name

    Uniform binary name

    No need to have different binary names for each platform. The only difference if any should be in the executable, e.g. cmake_check.exe on Windows and cmake_check on Linux. Much more consistency for writing scripts around this :)

    opened by gajop 0
  • Detection of type of file does not work

    Detection of type of file does not work

    At them moment a CMakeLists is target specific whenever there is an add_library call. This does not work as people may wrap the call.

    It is not easy at all to find out if a target is defined in a CMakeLists.txt. Consider to only have type Module and CMakeLists. The rules need to be somehow relaxed then. Or find clean rules when it does not define a target.

    Change command call in CMakeFile.ts to accept regex, maybe use more relaxed regex for target detection? (add_lib|add_ex|target_.*) Folder CMake only contain add_subdirectory calls

    Another idea is to apply a whitelist of allowed CMake functions. So first all rules with a black list are checked ans afterwards or at the end the whitelist.

    bug 
    opened by DaelDe 0
  • Make use of RuleSets in RuleChecker

    Make use of RuleSets in RuleChecker

    • create config object as input
    • create rules and rulesets from config
    • rulechecker determines the type of a file and only applies rule sets for that type
    enhancement 
    opened by DaelDe 0
  • Add RuleSet

    Add RuleSet

    A RuleSet holds a number of rules. RuleSets have an

    • AppliesTo member that can hold values [CMakeModules, TargetCMakeLists, FolderCMakeLists], rules of the set are only checked for the type given in appliesTo
    enhancement 
    opened by DaelDe 0
  • Define and implement how checks report their results

    Define and implement how checks report their results

    Checks are atomic operations, they check one specific aspect. They should not generate any end-user visible text. Thus they have to report some check specific information....

    enhancement 
    opened by DaelDe 0
  • [Snyk] Security upgrade yargs from 12.0.4 to 13.1.0

    [Snyk] Security upgrade yargs from 12.0.4 to 13.1.0

    Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • package.json
      • package-lock.json

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Issue | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:------------------------- medium severity | Prototype Pollution
    SNYK-JS-YARGSPARSER-560381 | Yes | Proof of Concept

    Commit messages
    Package name: yargs The new version differs by 25 commits.
    • 706fc7a chore(release): 13.1.0
    • 95700d6 test: add tests for alias behavior, based on conversations today (#1291)
    • f45a817 chore: slight refactor of approach being used, add support for per-command
    • 5be206a feat: add applyBeforeValidation, for applying sync middleware before validation
    • cc8af76 chore(release): 13.0.0
    • e9dc3aa feat: options/positionals with leading '+' and '0' no longer parse as numbers (#1286)
    • ef16792 chore: drop Node 6 from testing matrix (#1287)
    • f25de4f chore: update dependencies (#1284)
    • 6916ce9 feat: adds config option for sorting command output (#1256)
    • 7b200d2 chore: increase test timeout for windows
    • 64af518 fix: middleware added multiple times due to reference bug (#1282)
    • 61f1b25 doc: update docs to reflect new parserConfiguration method (#1280)
    • 3c6869a feat: Add `.parserConfiguration()` method, deprecating package.json config (#1262)
    • da75ea2 fix: better bash path completion (#1272)
    • e0c62c8 doc: edit help example to align with actual output (#1271)
    • bc0ee40 chore: address @aorinevo's code review so that we can land
    • f3a4e4f feat: support promises in middleware
    • 64a0d7e docs: Testing command modules (#1267)
    • 0510fe6 fix(validation): Use the error as a message when none exists otherwise (#1268)
    • 27bf739 fix(deps): Update os-locale to avoid security vulnerability (#1270)
    • 54e165d docs(advanced): document non-singleton use, .exit() and parsed (#1251)
    • 8789bf4 chore(release): 12.0.5
    • dc8d63f chore: explicit update to yargs-parser
    • eacc035 fix: allows camel-case, variadic arguments, and strict mode to be combined (#1247)

    See the full diff

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information:

    🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    opened by snyk-bot 0
  • [Snyk] Fix for 1 vulnerable dependencies

    [Snyk] Fix for 1 vulnerable dependencies

    Description

    This PR fixes one or more vulnerable packages in the npm dependencies of this project. See the Snyk test report for more details.

    Snyk Project: DaelDe/cmake_check:package.json

    Snyk Organization: DaelDe

    Changes included in this PR

    • A Snyk policy (.snyk) file, with updated settings.

    Vulnerabilities that will be fixed

    With a Snyk patch:

    You can read more about Snyk's upgrade and patch logic in Snyk's documentation.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Stay secure, The Snyk team

    Note: You are seeing this because you or someone else with access to this repository has authorised Snyk to open Fix PRs. To review the settings for this Snyk project please go to the project settings page.

    opened by snyk-bot 0
  • Have this tool upstream

    Have this tool upstream

    I think it would benefit everybody if this tool would be part of CMake.

    One would have to use c++ and the existing parsing code in CMake though.

    I have opened a feature request to CMake here: https://gitlab.kitware.com/cmake/cmake/issues/18434

    opened by cristianadam 1
  • Raise unit test coverage for the parser

    Raise unit test coverage for the parser

    The parser is most critical, when it fails, cmake_check is basically useless.

    • all features of the CMake language shall be checked
    • a list of known issues shall be created
    opened by DaelDe 0
Owner
Dael
Dael
Static analysis of structures is a fundamental step for determining the stability of structures

StAnD: A Dataset of Linear Static Analysis Problems [Abstract] [Paper] Static analysis of structures is a fundamental step for determining the stabili

Zuru Tech 3 Jan 20, 2022
Project to check which Nt/Zw functions your local EDR is hooking

Probatorum EDR Userland Hook Checker Probatorum will check which Nt/Zw functions your local EDR is hooking. Most credit for this code goes to SolomonS

null 146 Aug 9, 2022
Windows 11 compability check with user friendly output

Win11SysCheck Windows 11 compability check software with user friendly output GUI available as experimental release in experimental_ui branch Contribu

null 63 Jul 10, 2022
Samir Teymurov 1 Oct 6, 2021
A console application using CPP that manages the guest details and check in and quarantine period of individual

A console application using CPP that manages the guest details and check in and quarantine period of individual(14 days). Efficient searching of guest, sorting and availability of room details can be found using the applications.

KAZI SAHARIAR RAHI 2 Nov 24, 2021
osu!auth integrity check bypass

Note This is for research purposes only! I'm releasing this to help improve osu's anticheat solution. if you'd like to contact me, please do so on dis

hoshikuzu 10 Oct 26, 2021
Auto updating integrity check bypass for Roblox

auto-updating-memcheck Auto updating integrity check bypass for Roblox Before you use Put the "zylib" folder in your include directory Place the "util

Jayden 5 Apr 26, 2022
A C++ implemented set of 8,16,32,64 bit cyclic redundancy check (CRC) functions conforming to the CRC spec given by AUTOSAR

A C++ implemented set of 8,16,32,64 bit cyclic redundancy check (CRC) functions conforming to the CRC spec given by AUTOSAR. Written in C++ and compiled as a 'C++ addon' for use in JavaScript. Available on NPM.

Richard Haar 3 Jul 13, 2022
Tests to check the determinism of the basic floating point arithmetic operations on different devices, using Unity and Rust.

This repo contains tests to check the determinism (consistency) of the basic floating point arithmetic operations (add, subtract, multiply, divide) on

Erik Roystan 4 Dec 24, 2021
A kernel module that patches Linux kernel "on-the-fly" to skip TASK_RSS_EVENTS_THRESH check in check_sync_rss_stat

split-rss-counting-patch A kernel module that patches Linux kernel "on-the-fly" to skip TASK_RSS_EVENTS_THRESH check in check_sync_rss_stat. Why? Read

Bao-Hiep Le 3 Mar 6, 2022
This program converts ASCII STL files to RT files for miniRT.

STL to RT This program converts ASCII STL files to RT files for miniRT. Input the ASCII STL file to the standard input and output the RT file from the

null 5 Mar 29, 2021
Use DOS object files (OMF) as patch files

omfpatch - Use Intel/Microsoft .OBJ files as binary diffs Overview This tool makes it possible to use MASM / TASM / JWasm / nasm as tool to write patc

Michael Karcher 2 Jan 30, 2022
Creates 3D lithophanes from image files, exports them to stl files, ready for slicing and 3D printing.

LithoMaker Creates 3D lithophanes from PNG image files and exports them to STL files, ready for slicing and 3D printing. Download the latest release h

Lars Muldjord 13 Jun 29, 2022
a playground for working with fully static tensors and automatic differentiation

This is a playground for learning about how to apply template-meta-programming to get more efficient evaluation for tensor-based automatic differentiation.

Edward Kmett 16 Mar 18, 2021
ApeX is a static library for C++ software. Originally it was created to make C++ studying easier,

ApeX is a static library for C++ software. Originally it was created to make C++ studying easier, so it has functions to complete common tasks with just one line of code. But who knows, maybe this library will get bigger some day

null 0 Jan 18, 2022
Get_next_line is a project that taught me some new concepts like static variables file_desctiptors how they work

Get_next_line is a project that taught me some new concepts like static variables file_desctiptors how they work, how to create them, read and import data from them.

Ahmed El Mountassir 4 Apr 19, 2022
Meta - static reflection tools for c++. i mostly use this with entt.

meta Static reflection tools for C++. I use it with EnTT but it can work with anything. The main features the library provides are: Registering types

Nikhilesh S 9 Jul 12, 2022
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a

anthemtotheego 161 Aug 5, 2022