4 Jul 2016 pabs3   » (Master)

Check All The thingS!

check-all-the-things (aka cats, Meow!) is a tool that aims to make it easy to know which tools can be used to check a directory tree and to make it easy to run those tools on the directory tree. The tree could either be a source tree or a build tree or both. It aims to check as much of the tree as possible so the output can be very verbose and have many false positives. It is not for the busy, lazy or noise intolerant. It runs the checks by matching file names and MIME types against those registered for a list of checks. Each check has a set of dependencies, flags, filename wildcards, MIME type wildcards, comments and prerequisite commands. By default it:

  • doesn't check file MIME types as this is slower
  • shows which command is currently running
  • limits check output to 10 lines
  • hides checks that output nothing
  • kills checks when interrupted with Ctrl+C
  • exits when interrupted twice in quick succession
  • outputs various remarks at the end

It runs all checks for the current distro/release except:

  • dangerous ones that execute code in the current dir
  • ones that modify files in the current dir
  • ones that access the network (if there is no default route)
  • ones that need work to be usable
  • ones that need a human to run them

There are command-line options to customise the behaviour and automatic bash shell completion via argcomplete. There are 177 checks (including TODO ones) in 73 different categories. There are an additional 224 not-well-specified TODO items for new checks in comments. It is exceptionally easy to add new checks once one knows how to use the tool one wants to add.

At this point in time it is probably not a good idea to run it in an untrusted directory tree for several reasons:

  • there could be unknown vulnerabilities in the tools used
  • there could be unknown interactions with interpreters (known ones worked around)
  • there could be some commands doing unknown code execution
  • there could be other weirdness in some layers
  • there is no automatic sandboxing at all yet

The project initially started as really hacky wiki page full of commands to run. At some point I figured it was time to make this actually be maintainable and started on a project to do that. At around the same time Jakub Wilk was working on maquack to replace the wiki page. Somehow I found out about it and talked to him about it. It was vastly less hacky than my version so I ended up taking it over and continuing it under the check-all-the-things name. I polished it for the last two years and finally released it into Debian unstable during DebCamp16.

Syndicated 2016-07-04 18:10:55 from Advogato

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!