[Git][NTPsec/ntpsec][ntp.util-codacy] 2 commits: ntp.poly: Gaming the MacCabe plugin.

James Browning gitlab at mg.gitlab.com
Mon Sep 14 12:08:51 UTC 2020



James Browning pushed to branch ntp.util-codacy at NTPsec / ntpsec


Commits:
2964dcb7 by James Browning at 2020-09-14T02:31:25-07:00
ntp.poly: Gaming the MacCabe plugin.

- - - - -
3c2f96cc by James Browning at 2020-09-14T05:07:45-07:00
blowing smoke


- - - - -


6 changed files:

- libaes_siv/README.md
- libjsmn/README.md
- pylib/poly.py
- tests/option-tester.sh
- tests/python2-tester.sh
- tests/python3-tester.sh


Changes:

=====================================
libaes_siv/README.md
=====================================
@@ -33,14 +33,14 @@ scheme](https://en.wikipedia.org/wiki/Deterministic_encryption).
 Here are a couple common situations where AES-SIV may be an
 appropriate choice of AEAD scheme:
 
-1. You can't count on the system doing the encrypting to reliably
-   generate a unique nonce for every message. For example, the system
-   may be an embedded device with no good entropy source, or may be a
-   VM subject to be snapshotted and restored.
+1.  You can't count on the system doing the encrypting to reliably
+    generate a unique nonce for every message. For example, the system
+    may be an embedded device with no good entropy source, or may be a
+    VM subject to be snapshotted and restored.
 
-2. You want your encryption to be deterministic so that an
-   intermediating party such as a caching proxy, provided only with
-   ciphertext, can perform deduplication.
+2.  You want your encryption to be deterministic so that an
+    intermediating party such as a caching proxy, provided only with
+    ciphertext, can perform deduplication.
 
 The drawback to SIV mode is that it requires two passes over its
 input. This makes it potentially clumsy for use with large messages
@@ -61,23 +61,26 @@ and keys for AES-256-SIV are 512 bits long.
 
 Build dependencies:
 
-* Any ISO C89 compiler (GCC or Clang recommended). No C99 language
-  features are required, however `<stdint.h>` must be available and
-  must define `uint64_t`. `char` must be 8 bits and arithmetic must be
-  two's complement.
-* [CMake](https://cmake.org) >= 3.1
-* [OpenSSL](https://openssl.org) >=1.0.1 (libcrypto only). A recent
-  release from the 1.0.2 branch or later is strongly recommended since
-  1.0.1 was EOL'ed at the end of 2016. Furthermore, OpenSSL versions prior
-  to 1.0.1n and 1.0.2b have known bugs which impact `libaes_siv` and
-  will cause failures in its test suite. LibreSSL is not supported.
-* [Asciidoc](http://asciidoc.org) (only required for building man pages)
+*   Any ISO C89 compiler (GCC or Clang recommended). No C99 language
+    features are required, however `<stdint.h>` must be available and
+    must define `uint64_t`. `char` must be 8 bits and arithmetic must be
+    two's complement.
+
+*   [CMake](https://cmake.org) >= 3.1
+
+*   [OpenSSL](https://openssl.org) >=1.0.1 (libcrypto only). A recent
+    release from the 1.0.2 branch or later is strongly recommended since
+    1.0.1 was EOL'ed at the end of 2016. Furthermore, OpenSSL versions prior
+    to 1.0.1n and 1.0.2b have known bugs which impact `libaes_siv` and
+    will cause failures in its test suite. LibreSSL is not supported.
+
+*   [Asciidoc](http://asciidoc.org) (only required for building man pages)
 
 Running benchmarks requires a POSIX.1-2001 compliant OS, including
 the `clock_gettime` system call.
 
 To build and install on POSIX-like platforms:
-```
+```terminal
     cmake . &&
     make &&
     make test &&
@@ -91,7 +94,7 @@ If you want to build on an OS X machine, install the Xcode development
 environment and the command line tools, then use either the Homebrew package
 manager or the MacPorts package manager to install cmake and OpenSSL.
 
-Homebrew (https://brew.sh/):
+Homebrew <https://brew.sh/>:
 ```
     brew install cmake openssl &&
     cmake -DCMAKE_PREFIX_PATH=/usr/local/opt/openssl . &&
@@ -99,7 +102,7 @@ Homebrew (https://brew.sh/):
     make test &&
     sudo make install
 ```
-MacPorts (https://www.macports.org/):
+MacPorts <https://www.macports.org/>:
 ```
     sudo port install cmake openssl &&
     cmake . &&


=====================================
libjsmn/README.md
=====================================
@@ -32,15 +32,15 @@ other projects.
 Features
 --------
 
-* compatible with C89
-* no dependencies (even libc!)
-* highly portable (tested on x86/amd64, ARM, AVR)
-* about 200 lines of code
-* extremely small code footprint
-* API contains only 2 functions
-* no dynamic memory allocation
-* incremental single-pass parsing
-* library code is covered with unit-tests
+*   compatible with C89
+*   no dependencies (even libc!)
+*   highly portable (tested on x86/amd64, ARM, AVR)
+*   about 200 lines of code
+*   extremely small code footprint
+*   API contains only 2 functions
+*   no dynamic memory allocation
+*   incremental single-pass parsing
+*   library code is covered with unit-tests
 
 Design
 ------
@@ -51,9 +51,9 @@ The rudimentary jsmn object is a **token**. Let's consider a JSON string:
 
 It holds the following tokens:
 
-* Object: `{ "name" : "Jack", "age" : 27}` (the whole object)
-* Strings: `"name"`, `"Jack"`, `"age"` (keys and some values)
-* Number: `27`
+*   Object: `{ "name" : "Jack", "age" : 27}` (the whole object)
+*   Strings: `"name"`, `"Jack"`, `"age"` (keys and some values)
+*   Number: `27`
 
 In jsmn, tokens do not hold any data, but point to token boundaries in JSON
 string instead. In the example above jsmn will create tokens like: Object
@@ -62,12 +62,14 @@ string instead. In the example above jsmn will create tokens like: Object
 Every jsmn token has a type, which indicates the type of corresponding JSON
 token. jsmn supports the following token types:
 
-* Object - a container of key-value pairs, e.g.:
+*   Object - a container of key-value pairs, e.g.:
 	`{ "foo":"bar", "x":0.3 }`
-* Array - a sequence of values, e.g.:
+
+*   Array - a sequence of values, e.g.:
 	`[ 1, 2, 3 ]`
-* String - a quoted sequence of chars, e.g.: `"foo"`
-* Primitive - a number, a boolean (`true`, `false`) or `null`
+
+*   String - a quoted sequence of chars, e.g.: `"foo"`
+*   Primitive - a number, a boolean (`true`, `false`) or `null`
 
 Besides start/end positions, jsmn tokens for complex types (like arrays
 or objects) also contain a number of child items, so you can easily follow
@@ -81,7 +83,7 @@ Usage
 
 Download `jsmn.h`, include it, done.
 
-```
+```c
 #include "jsmn.h"
 
 ...
@@ -97,7 +99,7 @@ you might need to define additional macros. `#define JSMN_STATIC` hides all
 jsmn API symbols by making them static. Also, if you want to include `jsmn.h`
 from multiple C files, to avoid duplication of symbols you may define  `JSMN_HEADER` macro.
 
-```
+```c
 /* In every .c file that uses jsmn include only declarations: */
 #define JSMN_HEADER
 #include "jsmn.h"
@@ -123,9 +125,9 @@ Token types are described by `jsmntype_t`:
 numbers, booleans and null, because one can easily tell the type using the
 first character:
 
-* <code>'t', 'f'</code> - boolean 
-* <code>'n'</code> - null
-* <code>'-', '0'..'9'</code> - number
+*   <code>'t', 'f'</code> - boolean 
+*   <code>'n'</code> - null
+*   <code>'-', '0'..'9'</code> - number
 
 Token is an object of `jsmntok_t` type:
 
@@ -163,9 +165,9 @@ string. This can be useful if you don't know yet how many tokens to allocate.
 
 If something goes wrong, you will get an error. Error will be one of these:
 
-* `JSMN_ERROR_INVAL` - bad token, JSON string is corrupted
-* `JSMN_ERROR_NOMEM` - not enough tokens, JSON string is too large
-* `JSMN_ERROR_PART` - JSON string is too short, expecting more JSON data
+*   `JSMN_ERROR_INVAL` - bad token, JSON string is corrupted
+*   `JSMN_ERROR_NOMEM` - not enough tokens, JSON string is too large
+*   `JSMN_ERROR_PART` - JSON string is too short, expecting more JSON data
 
 If you get `JSMN_ERROR_NOMEM`, you can re-allocate more tokens and call
 `jsmn_parse` once more.  If you read json data from the stream, you can


=====================================
pylib/poly.py
=====================================
@@ -34,6 +34,64 @@ master_encoding = 'latin-1'
 
 forced_utf8 = False
 
+
+def polystr3(o):
+    """Polymorphic string factory function."""
+    if isinstance(o, str):
+        return o
+    if not isinstance(o, bytes):
+        return str(o)
+    return str(o, encoding=master_encoding)
+
+
+def polybytes3(s):
+    """Polymorphic string encoding function."""
+    if isinstance(s, bytes):
+        return s
+    if not isinstance(s, str):
+        return bytes(s)
+    return bytes(s, encoding=master_encoding)
+
+
+def polyord3(c):
+    """Polymorphic ord() function."""
+    if isinstance(c, str):
+        return ord(c)
+    return c
+
+
+def polychr3(c):
+    """Polymorphic chr() function."""
+    if isinstance(c, int):
+        return chr(c)
+    return c
+
+
+def string_escape3(s):
+    """Polymorphic string_escape/unicode_escape."""
+    # This hack is necessary because Unicode strings in Python 3 don't
+    # have a decode method, so there's no simple way to ask it for the
+    # equivalent of decode('string_escape') in Python 2. This function
+    # assumes that it will be called with a Python 3 'str' instance
+    return s.encode(master_encoding).decode('unicode_escape')
+
+
+def make_std_wrapper3(stream):
+    """Standard input/output wrapper factory function."""
+    # This ensures that the encoding of standard output and standard
+    # error on Python 3 matches the master encoding we use to turn
+    # bytes to Unicode in polystr above
+    # line_buffering=True ensures that interactive command sessions
+    # work as expected
+    return io.TextIOWrapper(stream.buffer, encoding="utf-8",
+                            newline="\n", line_buffering=True)
+
+
+def string_escape2(s):
+    """String_escape/unicode_escape."""
+    return s.decode('string_escape')
+
+
 if str is bytes:  # Python 2
     polystr = str
     polyunicode = unicode
@@ -41,63 +99,17 @@ if str is bytes:  # Python 2
     polyord = ord
     polychr = str
     polyinput = raw_input
-
-    def string_escape(s):
-        """String_escape/unicode_escape."""
-        return s.decode('string_escape')
+    string_escape = string_escape2
 
 else:  # Python 3
     import io
 
+    polystr = polystr3
+    polybytes = polybytes3
+    polyord = polyord3
+    polychr = polychr3
     polyinput = input
-
-    def polystr(o):
-        """Polymorphic string factory function."""
-        if isinstance(o, str):
-            return o
-        if not isinstance(o, bytes):
-            return str(o)
-        return str(o, encoding=master_encoding)
-
-    polyunicode = polystr
-
-    def polybytes(s):
-        """Polymorphic string encoding function."""
-        if isinstance(s, bytes):
-            return s
-        if not isinstance(s, str):
-            return bytes(s)
-        return bytes(s, encoding=master_encoding)
-
-    def polyord(c):
-        """Polymorphic ord() function."""
-        if isinstance(c, str):
-            return ord(c)
-        return c
-
-    def polychr(c):
-        """Polymorphic chr() function."""
-        if isinstance(c, int):
-            return chr(c)
-        return c
-
-    def string_escape(s):
-        """Polymorphic string_escape/unicode_escape."""
-        # This hack is necessary because Unicode strings in Python 3 don't
-        # have a decode method, so there's no simple way to ask it for the
-        # equivalent of decode('string_escape') in Python 2. This function
-        # assumes that it will be called with a Python 3 'str' instance
-        return s.encode(master_encoding).decode('unicode_escape')
-
-    def make_std_wrapper(stream):
-        """Standard input/output wrapper factory function."""
-        # This ensures that the encoding of standard output and standard
-        # error on Python 3 matches the master encoding we use to turn
-        # bytes to Unicode in polystr above
-        # line_buffering=True ensures that interactive command sessions
-        # work as expected
-        return io.TextIOWrapper(stream.buffer, encoding="utf-8",
-                                newline="\n", line_buffering=True)
+    polyunicode = polystr3
 
     # This is the one situation where we *can* force unicode.
     if "utf-8" != sys.stdout.encoding.lower():


=====================================
tests/option-tester.sh
=====================================
@@ -19,7 +19,7 @@ PURGE=""
 SECCOMP="$(pkg-config libseccomp --variable=includedir)"
 SECCOMP="$SECCOMP/seccomp.h"
 LINUX=""
-if [ `uname -s` = "Linux" -a -n "$SECCOMP" -a -f "$SECCOMPH" ]
+if [ "$(uname -s)" = "Linux" -a -n "$SECCOMP" -a -f "$SECCOMPH" ]
 then
   # Not supported on CentOS 6
   LINUX="--enable-seccomp"
@@ -38,7 +38,7 @@ then
     DISABLE_NTS="--disable-nts"
   fi
 else
-  if ! $PYTHON ../wafhelpers/tlscheck
+  if ! "${PYTHON}" ../wafhelpers/tlscheck
   then
     DISABLE_NTS="--disable-nts"
   fi
@@ -46,22 +46,22 @@ fi
 
 doit ()
 {
-  DIR=test-$1
-  [ ! -d $DIR ] && mkdir $DIR
-  rm -rf $DIR/*
-  $PYTHON ./waf configure $DISABLE_NTS --out=$DIR $2 2>&1 | tee    $DIR/test.log
+  DIR="test-${1}"
+  [ ! -d "${DIR}" ] && mkdir "${DIR}"
+  rm -rf "${DIR}/"*
+  "${PYTHON}" ./waf configure "${DISABLE_NTS}" --out="${DIR}" $2 2>&1 | tee    "${DIR}/test.log"
   WAF1=$?
   WAF2=0
   WAF3=0
   if [ "$WAF1" = 0 ]
   then
-  echo                                 2>&1    | tee -a $DIR/test.log
-  $PYTHON ./waf build                   2>&1    | tee -a $DIR/test.log
+  echo                                 2>&1    | tee -a "${DIR}/test.log"
+  "${PYTHON}" ./waf build                   2>&1    | tee -a "${DIR}/test.log"
   WAF2=$?
   if [ "$WAF2" = 0 ]
   then
-  echo                                 2>&1    | tee -a $DIR/test.log
-  $PYTHON ./waf check                   2>&1    | tee -a $DIR/test.log
+  echo                                 2>&1    | tee -a "${DIR}/test.log"
+  "${PYTHON}" ./waf check                   2>&1    | tee -a "${DIR}/test.log"
   WAF3=$?
   else
     PURGE="${PURGE} ${PYTHON}-${DIR}-build"
@@ -71,8 +71,8 @@ doit ()
   fi
   if [ "$WAF1" != 0 -o "$WAF2" != 0 -o "$WAF3" != 0 ]
   then
-    echo                               2>&1   | tee -a $DIR/test.log
-    echo "Trouble with $DIR"           2>&1   | tee -a $DIR/test.log
+    echo                                 2>&1   | tee -a "${DIR}/test.log"
+    echo "Trouble with ${DIR}"           2>&1   | tee -a "${DIR}/test.log"
   fi
   if [ "$WAF3" != 0 ]
   then
@@ -91,8 +91,8 @@ doit classic "--enable-classic-mode --refclock=all --disable-doc --disable-manpa
 
 doit all     "--enable-warnings --enable-debug --enable-debug-gdb --enable-debug-timing --refclock=all --enable-leap-smear --enable-mssntp --enable-early-droproot --disable-fuzz $LINUX --disable-doc --disable-manpage"
 
-if [ "`which asciidoc 2>/dev/null`" != "" -a \
-     "`which xsltproc 2>/dev/null`" != "" ]
+if [ "$(which asciidoc 2>/dev/null)" != "" -a \
+     "$(which xsltproc 2>/dev/null)" != "" ]
 then
 doit doc     ""
 fi
@@ -107,10 +107,10 @@ grep "The configuration failed"  test*/test.log
 grep ^Trouble                    test*/test.log
 echo
 
-echo -n "## ";  $PYTHON --version
-if test -n "$PYTHONPATH"
+echo -n "## ";  "${PYTHON}" --version
+if test -n ""${PYTHON}"PATH"
 then
-  echo "## PYTHONPATH is" \"$PYTHONPATH\"
+  echo "## PYTHONPATH is \"${PYTHONPATH}\""
 fi
 
 if ! (set -o pipefail) 2>/dev/null
@@ -121,7 +121,7 @@ then
   PURGE="${PURGE} pipefail"
 fi
 
-if [ `uname -s` = "Linux" -a -z "$SECCOMP" ]
+if [ $(uname -s) = "Linux" -a -z "$SECCOMP" ]
 then
     echo
     echo "### Warning: Missing seccomp.h (on a Linux system)"


=====================================
tests/python2-tester.sh
=====================================
@@ -5,7 +5,7 @@
 # This is a clone of option-tester.sh
 # to build with python2 and do minimal (version) testing.
 
-if [ "`which python2 2>/dev/null`" = "" ]
+if [ "$(which python2 2>/dev/null)" = "" ]
 then
   echo "# Error: No python2 on this system."
   exit 1
@@ -21,28 +21,28 @@ fi
 doit ()
 {
   DIR=test-$1
-  [ ! -d $DIR ] && mkdir $DIR
-  rm -rf $DIR/*
-  python2 ./waf configure --out=$DIR $2 2>&1 | tee    $DIR/test.log
+  [ ! -d "${DIR}" ] && mkdir "${DIR}"
+  rm -rf "${DIR}"/*
+  python2 ./waf configure --out="${DIR}" $2 2>&1 | tee    "${DIR}/test.log"
   WAF1=$?
   WAF2=0
   WAF3=0
   if [ "$WAF1" = 0 ]
   then
-  echo                            2>&1   | tee -a $DIR/test.log
-  python2 ./waf build             2>&1   | tee -a $DIR/test.log
+  echo                            2>&1   | tee -a "${DIR}/test.log"
+  python2 ./waf build             2>&1   | tee -a "${DIR}/test.log"
   WAF2=$?
   if [ "$WAF2" = 0 ]
   then
-  echo                            2>&1   | tee -a $DIR/test.log
-  python2 ./waf check             2>&1   | tee -a $DIR/test.log
+  echo                            2>&1   | tee -a "${DIR}/test.log"
+  python2 ./waf check             2>&1   | tee -a "${DIR}/test.log"
   WAF3=$?
   fi
   fi
   if [ "$WAF1" != 0 -o "$WAF2" != 0 -o "$WAF3" != 0 ] 
   then
-    echo                          2>&1   | tee -a $DIR/test.log
-    echo "Trouble with $DIR"      2>&1   | tee -a $DIR/test.log
+    echo                          2>&1   | tee -a "${DIR}/test.log"
+    echo "Trouble with ${DIR}"      2>&1   | tee -a "${DIR}/test.log"
   fi
   echo
   echo
@@ -61,9 +61,9 @@ grep ^Trouble                    test*/test.log
 echo
 
 echo -n "## ";  python2 --version
-if test -n "$PYTHONPATH"
+if test -n "${PYTHONPATH}"
 then
-  echo "## PYTHONPATH is" \"$PYTHONPATH\"
+  echo "## PYTHONPATH is" \"${PYTHONPATH}\"
 fi
 
 if ! /bin/sh -c "set -o pipefail" 2> /dev/null


=====================================
tests/python3-tester.sh
=====================================
@@ -5,7 +5,7 @@
 # This is a clone of option-tester.sh
 # to build with python3 and do minimal (version) testing.
 
-if [ "`which python3 2>/dev/null`" = "" ]
+if [ "$(which python3 2>/dev/null)" = "" ]
 then
   echo "# Error: No python3 on this system."
   exit 1
@@ -21,28 +21,28 @@ fi
 doit ()
 {
   DIR=test-$1
-  [ ! -d $DIR ] && mkdir $DIR
-  rm -rf $DIR/*
-  python3 ./waf configure --out=$DIR $2 2>&1 | tee    $DIR/test.log
+  [ ! -d "${DIR}" ] && mkdir "${DIR}"
+  rm -rf "${DIR}"/*
+  python3 ./waf configure --out="${DIR}" $2 2>&1 | tee    "${DIR}/test.log"
   WAF1=$?
   WAF2=0
   WAF3=0
   if [ "$WAF1" = 0 ]
   then
-  echo                            2>&1   | tee -a $DIR/test.log
-  python3 ./waf build             2>&1   | tee -a $DIR/test.log
+  echo                            2>&1   | tee -a "${DIR}/test.log"
+  python3 ./waf build             2>&1   | tee -a "${DIR}/test.log"
   WAF2=$?
   if [ "$WAF2" = 0 ]
   then
-  echo                            2>&1   | tee -a $DIR/test.log
-  python3 ./waf check             2>&1   | tee -a $DIR/test.log
+  echo                            2>&1   | tee -a "${DIR}/test.log"
+  python3 ./waf check             2>&1   | tee -a "${DIR}/test.log"
   WAF3=$?
   fi
   fi
   if [ "$WAF1" != 0 -o "$WAF2" != 0 -o "$WAF3" != 0 ] 
   then
-    echo                          2>&1   | tee -a $DIR/test.log
-    echo "Trouble with $DIR"      2>&1   | tee -a $DIR/test.log
+    echo                          2>&1   | tee -a "${DIR}/test.log"
+    echo "Trouble with ${DIR}"      2>&1   | tee -a "${DIR}/test.log"
   fi
   echo
   echo
@@ -61,9 +61,9 @@ grep ^Trouble                    test*/test.log
 echo
 
 echo -n "## ";  python3 --version
-if test -n "$PYTHONPATH"
+if test -n "${PYTHONPATH}"
 then
-  echo "## PYTHONPATH is" \"$PYTHONPATH\"
+  echo "## PYTHONPATH is" \"${PYTHONPATH}\"
 fi
 
 if ! /bin/sh -c "set -o pipefail" 2> /dev/null



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/663353b37a169addbc1f19c1522b6124837b672f...3c2f96ccb64d363a0b1704a8f99136b2c941acea

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/663353b37a169addbc1f19c1522b6124837b672f...3c2f96ccb64d363a0b1704a8f99136b2c941acea
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20200914/36239f31/attachment-0001.htm>


More information about the vc mailing list