[Git][NTPsec/ntpsec][ntp.util-codacy] 2 commits: ntp.poly: Gaming the MacCabe plugin.
James Browning
gitlab at mg.gitlab.com
Mon Sep 14 12:08:51 UTC 2020
James Browning pushed to branch ntp.util-codacy at NTPsec / ntpsec
Commits:
2964dcb7 by James Browning at 2020-09-14T02:31:25-07:00
ntp.poly: Gaming the MacCabe plugin.
- - - - -
3c2f96cc by James Browning at 2020-09-14T05:07:45-07:00
blowing smoke
- - - - -
6 changed files:
- libaes_siv/README.md
- libjsmn/README.md
- pylib/poly.py
- tests/option-tester.sh
- tests/python2-tester.sh
- tests/python3-tester.sh
Changes:
=====================================
libaes_siv/README.md
=====================================
@@ -33,14 +33,14 @@ scheme](https://en.wikipedia.org/wiki/Deterministic_encryption).
Here are a couple common situations where AES-SIV may be an
appropriate choice of AEAD scheme:
-1. You can't count on the system doing the encrypting to reliably
- generate a unique nonce for every message. For example, the system
- may be an embedded device with no good entropy source, or may be a
- VM subject to be snapshotted and restored.
+1. You can't count on the system doing the encrypting to reliably
+ generate a unique nonce for every message. For example, the system
+ may be an embedded device with no good entropy source, or may be a
+ VM subject to be snapshotted and restored.
-2. You want your encryption to be deterministic so that an
- intermediating party such as a caching proxy, provided only with
- ciphertext, can perform deduplication.
+2. You want your encryption to be deterministic so that an
+ intermediating party such as a caching proxy, provided only with
+ ciphertext, can perform deduplication.
The drawback to SIV mode is that it requires two passes over its
input. This makes it potentially clumsy for use with large messages
@@ -61,23 +61,26 @@ and keys for AES-256-SIV are 512 bits long.
Build dependencies:
-* Any ISO C89 compiler (GCC or Clang recommended). No C99 language
- features are required, however `<stdint.h>` must be available and
- must define `uint64_t`. `char` must be 8 bits and arithmetic must be
- two's complement.
-* [CMake](https://cmake.org) >= 3.1
-* [OpenSSL](https://openssl.org) >=1.0.1 (libcrypto only). A recent
- release from the 1.0.2 branch or later is strongly recommended since
- 1.0.1 was EOL'ed at the end of 2016. Furthermore, OpenSSL versions prior
- to 1.0.1n and 1.0.2b have known bugs which impact `libaes_siv` and
- will cause failures in its test suite. LibreSSL is not supported.
-* [Asciidoc](http://asciidoc.org) (only required for building man pages)
+* Any ISO C89 compiler (GCC or Clang recommended). No C99 language
+ features are required, however `<stdint.h>` must be available and
+ must define `uint64_t`. `char` must be 8 bits and arithmetic must be
+ two's complement.
+
+* [CMake](https://cmake.org) >= 3.1
+
+* [OpenSSL](https://openssl.org) >=1.0.1 (libcrypto only). A recent
+ release from the 1.0.2 branch or later is strongly recommended since
+ 1.0.1 was EOL'ed at the end of 2016. Furthermore, OpenSSL versions prior
+ to 1.0.1n and 1.0.2b have known bugs which impact `libaes_siv` and
+ will cause failures in its test suite. LibreSSL is not supported.
+
+* [Asciidoc](http://asciidoc.org) (only required for building man pages)
Running benchmarks requires a POSIX.1-2001 compliant OS, including
the `clock_gettime` system call.
To build and install on POSIX-like platforms:
-```
+```terminal
cmake . &&
make &&
make test &&
@@ -91,7 +94,7 @@ If you want to build on an OS X machine, install the Xcode development
environment and the command line tools, then use either the Homebrew package
manager or the MacPorts package manager to install cmake and OpenSSL.
-Homebrew (https://brew.sh/):
+Homebrew <https://brew.sh/>:
```
brew install cmake openssl &&
cmake -DCMAKE_PREFIX_PATH=/usr/local/opt/openssl . &&
@@ -99,7 +102,7 @@ Homebrew (https://brew.sh/):
make test &&
sudo make install
```
-MacPorts (https://www.macports.org/):
+MacPorts <https://www.macports.org/>:
```
sudo port install cmake openssl &&
cmake . &&
=====================================
libjsmn/README.md
=====================================
@@ -32,15 +32,15 @@ other projects.
Features
--------
-* compatible with C89
-* no dependencies (even libc!)
-* highly portable (tested on x86/amd64, ARM, AVR)
-* about 200 lines of code
-* extremely small code footprint
-* API contains only 2 functions
-* no dynamic memory allocation
-* incremental single-pass parsing
-* library code is covered with unit-tests
+* compatible with C89
+* no dependencies (even libc!)
+* highly portable (tested on x86/amd64, ARM, AVR)
+* about 200 lines of code
+* extremely small code footprint
+* API contains only 2 functions
+* no dynamic memory allocation
+* incremental single-pass parsing
+* library code is covered with unit-tests
Design
------
@@ -51,9 +51,9 @@ The rudimentary jsmn object is a **token**. Let's consider a JSON string:
It holds the following tokens:
-* Object: `{ "name" : "Jack", "age" : 27}` (the whole object)
-* Strings: `"name"`, `"Jack"`, `"age"` (keys and some values)
-* Number: `27`
+* Object: `{ "name" : "Jack", "age" : 27}` (the whole object)
+* Strings: `"name"`, `"Jack"`, `"age"` (keys and some values)
+* Number: `27`
In jsmn, tokens do not hold any data, but point to token boundaries in JSON
string instead. In the example above jsmn will create tokens like: Object
@@ -62,12 +62,14 @@ string instead. In the example above jsmn will create tokens like: Object
Every jsmn token has a type, which indicates the type of corresponding JSON
token. jsmn supports the following token types:
-* Object - a container of key-value pairs, e.g.:
+* Object - a container of key-value pairs, e.g.:
`{ "foo":"bar", "x":0.3 }`
-* Array - a sequence of values, e.g.:
+
+* Array - a sequence of values, e.g.:
`[ 1, 2, 3 ]`
-* String - a quoted sequence of chars, e.g.: `"foo"`
-* Primitive - a number, a boolean (`true`, `false`) or `null`
+
+* String - a quoted sequence of chars, e.g.: `"foo"`
+* Primitive - a number, a boolean (`true`, `false`) or `null`
Besides start/end positions, jsmn tokens for complex types (like arrays
or objects) also contain a number of child items, so you can easily follow
@@ -81,7 +83,7 @@ Usage
Download `jsmn.h`, include it, done.
-```
+```c
#include "jsmn.h"
...
@@ -97,7 +99,7 @@ you might need to define additional macros. `#define JSMN_STATIC` hides all
jsmn API symbols by making them static. Also, if you want to include `jsmn.h`
from multiple C files, to avoid duplication of symbols you may define `JSMN_HEADER` macro.
-```
+```c
/* In every .c file that uses jsmn include only declarations: */
#define JSMN_HEADER
#include "jsmn.h"
@@ -123,9 +125,9 @@ Token types are described by `jsmntype_t`:
numbers, booleans and null, because one can easily tell the type using the
first character:
-* <code>'t', 'f'</code> - boolean
-* <code>'n'</code> - null
-* <code>'-', '0'..'9'</code> - number
+* <code>'t', 'f'</code> - boolean
+* <code>'n'</code> - null
+* <code>'-', '0'..'9'</code> - number
Token is an object of `jsmntok_t` type:
@@ -163,9 +165,9 @@ string. This can be useful if you don't know yet how many tokens to allocate.
If something goes wrong, you will get an error. Error will be one of these:
-* `JSMN_ERROR_INVAL` - bad token, JSON string is corrupted
-* `JSMN_ERROR_NOMEM` - not enough tokens, JSON string is too large
-* `JSMN_ERROR_PART` - JSON string is too short, expecting more JSON data
+* `JSMN_ERROR_INVAL` - bad token, JSON string is corrupted
+* `JSMN_ERROR_NOMEM` - not enough tokens, JSON string is too large
+* `JSMN_ERROR_PART` - JSON string is too short, expecting more JSON data
If you get `JSMN_ERROR_NOMEM`, you can re-allocate more tokens and call
`jsmn_parse` once more. If you read json data from the stream, you can
=====================================
pylib/poly.py
=====================================
@@ -34,6 +34,64 @@ master_encoding = 'latin-1'
forced_utf8 = False
+
+def polystr3(o):
+ """Polymorphic string factory function."""
+ if isinstance(o, str):
+ return o
+ if not isinstance(o, bytes):
+ return str(o)
+ return str(o, encoding=master_encoding)
+
+
+def polybytes3(s):
+ """Polymorphic string encoding function."""
+ if isinstance(s, bytes):
+ return s
+ if not isinstance(s, str):
+ return bytes(s)
+ return bytes(s, encoding=master_encoding)
+
+
+def polyord3(c):
+ """Polymorphic ord() function."""
+ if isinstance(c, str):
+ return ord(c)
+ return c
+
+
+def polychr3(c):
+ """Polymorphic chr() function."""
+ if isinstance(c, int):
+ return chr(c)
+ return c
+
+
+def string_escape3(s):
+ """Polymorphic string_escape/unicode_escape."""
+ # This hack is necessary because Unicode strings in Python 3 don't
+ # have a decode method, so there's no simple way to ask it for the
+ # equivalent of decode('string_escape') in Python 2. This function
+ # assumes that it will be called with a Python 3 'str' instance
+ return s.encode(master_encoding).decode('unicode_escape')
+
+
+def make_std_wrapper3(stream):
+ """Standard input/output wrapper factory function."""
+ # This ensures that the encoding of standard output and standard
+ # error on Python 3 matches the master encoding we use to turn
+ # bytes to Unicode in polystr above
+ # line_buffering=True ensures that interactive command sessions
+ # work as expected
+ return io.TextIOWrapper(stream.buffer, encoding="utf-8",
+ newline="\n", line_buffering=True)
+
+
+def string_escape2(s):
+ """String_escape/unicode_escape."""
+ return s.decode('string_escape')
+
+
if str is bytes: # Python 2
polystr = str
polyunicode = unicode
@@ -41,63 +99,17 @@ if str is bytes: # Python 2
polyord = ord
polychr = str
polyinput = raw_input
-
- def string_escape(s):
- """String_escape/unicode_escape."""
- return s.decode('string_escape')
+ string_escape = string_escape2
else: # Python 3
import io
+ polystr = polystr3
+ polybytes = polybytes3
+ polyord = polyord3
+ polychr = polychr3
polyinput = input
-
- def polystr(o):
- """Polymorphic string factory function."""
- if isinstance(o, str):
- return o
- if not isinstance(o, bytes):
- return str(o)
- return str(o, encoding=master_encoding)
-
- polyunicode = polystr
-
- def polybytes(s):
- """Polymorphic string encoding function."""
- if isinstance(s, bytes):
- return s
- if not isinstance(s, str):
- return bytes(s)
- return bytes(s, encoding=master_encoding)
-
- def polyord(c):
- """Polymorphic ord() function."""
- if isinstance(c, str):
- return ord(c)
- return c
-
- def polychr(c):
- """Polymorphic chr() function."""
- if isinstance(c, int):
- return chr(c)
- return c
-
- def string_escape(s):
- """Polymorphic string_escape/unicode_escape."""
- # This hack is necessary because Unicode strings in Python 3 don't
- # have a decode method, so there's no simple way to ask it for the
- # equivalent of decode('string_escape') in Python 2. This function
- # assumes that it will be called with a Python 3 'str' instance
- return s.encode(master_encoding).decode('unicode_escape')
-
- def make_std_wrapper(stream):
- """Standard input/output wrapper factory function."""
- # This ensures that the encoding of standard output and standard
- # error on Python 3 matches the master encoding we use to turn
- # bytes to Unicode in polystr above
- # line_buffering=True ensures that interactive command sessions
- # work as expected
- return io.TextIOWrapper(stream.buffer, encoding="utf-8",
- newline="\n", line_buffering=True)
+ polyunicode = polystr3
# This is the one situation where we *can* force unicode.
if "utf-8" != sys.stdout.encoding.lower():
=====================================
tests/option-tester.sh
=====================================
@@ -19,7 +19,7 @@ PURGE=""
SECCOMP="$(pkg-config libseccomp --variable=includedir)"
SECCOMP="$SECCOMP/seccomp.h"
LINUX=""
-if [ `uname -s` = "Linux" -a -n "$SECCOMP" -a -f "$SECCOMPH" ]
+if [ "$(uname -s)" = "Linux" -a -n "$SECCOMP" -a -f "$SECCOMPH" ]
then
# Not supported on CentOS 6
LINUX="--enable-seccomp"
@@ -38,7 +38,7 @@ then
DISABLE_NTS="--disable-nts"
fi
else
- if ! $PYTHON ../wafhelpers/tlscheck
+ if ! "${PYTHON}" ../wafhelpers/tlscheck
then
DISABLE_NTS="--disable-nts"
fi
@@ -46,22 +46,22 @@ fi
doit ()
{
- DIR=test-$1
- [ ! -d $DIR ] && mkdir $DIR
- rm -rf $DIR/*
- $PYTHON ./waf configure $DISABLE_NTS --out=$DIR $2 2>&1 | tee $DIR/test.log
+ DIR="test-${1}"
+ [ ! -d "${DIR}" ] && mkdir "${DIR}"
+ rm -rf "${DIR}/"*
+ "${PYTHON}" ./waf configure "${DISABLE_NTS}" --out="${DIR}" $2 2>&1 | tee "${DIR}/test.log"
WAF1=$?
WAF2=0
WAF3=0
if [ "$WAF1" = 0 ]
then
- echo 2>&1 | tee -a $DIR/test.log
- $PYTHON ./waf build 2>&1 | tee -a $DIR/test.log
+ echo 2>&1 | tee -a "${DIR}/test.log"
+ "${PYTHON}" ./waf build 2>&1 | tee -a "${DIR}/test.log"
WAF2=$?
if [ "$WAF2" = 0 ]
then
- echo 2>&1 | tee -a $DIR/test.log
- $PYTHON ./waf check 2>&1 | tee -a $DIR/test.log
+ echo 2>&1 | tee -a "${DIR}/test.log"
+ "${PYTHON}" ./waf check 2>&1 | tee -a "${DIR}/test.log"
WAF3=$?
else
PURGE="${PURGE} ${PYTHON}-${DIR}-build"
@@ -71,8 +71,8 @@ doit ()
fi
if [ "$WAF1" != 0 -o "$WAF2" != 0 -o "$WAF3" != 0 ]
then
- echo 2>&1 | tee -a $DIR/test.log
- echo "Trouble with $DIR" 2>&1 | tee -a $DIR/test.log
+ echo 2>&1 | tee -a "${DIR}/test.log"
+ echo "Trouble with ${DIR}" 2>&1 | tee -a "${DIR}/test.log"
fi
if [ "$WAF3" != 0 ]
then
@@ -91,8 +91,8 @@ doit classic "--enable-classic-mode --refclock=all --disable-doc --disable-manpa
doit all "--enable-warnings --enable-debug --enable-debug-gdb --enable-debug-timing --refclock=all --enable-leap-smear --enable-mssntp --enable-early-droproot --disable-fuzz $LINUX --disable-doc --disable-manpage"
-if [ "`which asciidoc 2>/dev/null`" != "" -a \
- "`which xsltproc 2>/dev/null`" != "" ]
+if [ "$(which asciidoc 2>/dev/null)" != "" -a \
+ "$(which xsltproc 2>/dev/null)" != "" ]
then
doit doc ""
fi
@@ -107,10 +107,10 @@ grep "The configuration failed" test*/test.log
grep ^Trouble test*/test.log
echo
-echo -n "## "; $PYTHON --version
-if test -n "$PYTHONPATH"
+echo -n "## "; "${PYTHON}" --version
+if test -n ""${PYTHON}"PATH"
then
- echo "## PYTHONPATH is" \"$PYTHONPATH\"
+ echo "## PYTHONPATH is \"${PYTHONPATH}\""
fi
if ! (set -o pipefail) 2>/dev/null
@@ -121,7 +121,7 @@ then
PURGE="${PURGE} pipefail"
fi
-if [ `uname -s` = "Linux" -a -z "$SECCOMP" ]
+if [ $(uname -s) = "Linux" -a -z "$SECCOMP" ]
then
echo
echo "### Warning: Missing seccomp.h (on a Linux system)"
=====================================
tests/python2-tester.sh
=====================================
@@ -5,7 +5,7 @@
# This is a clone of option-tester.sh
# to build with python2 and do minimal (version) testing.
-if [ "`which python2 2>/dev/null`" = "" ]
+if [ "$(which python2 2>/dev/null)" = "" ]
then
echo "# Error: No python2 on this system."
exit 1
@@ -21,28 +21,28 @@ fi
doit ()
{
DIR=test-$1
- [ ! -d $DIR ] && mkdir $DIR
- rm -rf $DIR/*
- python2 ./waf configure --out=$DIR $2 2>&1 | tee $DIR/test.log
+ [ ! -d "${DIR}" ] && mkdir "${DIR}"
+ rm -rf "${DIR}"/*
+ python2 ./waf configure --out="${DIR}" $2 2>&1 | tee "${DIR}/test.log"
WAF1=$?
WAF2=0
WAF3=0
if [ "$WAF1" = 0 ]
then
- echo 2>&1 | tee -a $DIR/test.log
- python2 ./waf build 2>&1 | tee -a $DIR/test.log
+ echo 2>&1 | tee -a "${DIR}/test.log"
+ python2 ./waf build 2>&1 | tee -a "${DIR}/test.log"
WAF2=$?
if [ "$WAF2" = 0 ]
then
- echo 2>&1 | tee -a $DIR/test.log
- python2 ./waf check 2>&1 | tee -a $DIR/test.log
+ echo 2>&1 | tee -a "${DIR}/test.log"
+ python2 ./waf check 2>&1 | tee -a "${DIR}/test.log"
WAF3=$?
fi
fi
if [ "$WAF1" != 0 -o "$WAF2" != 0 -o "$WAF3" != 0 ]
then
- echo 2>&1 | tee -a $DIR/test.log
- echo "Trouble with $DIR" 2>&1 | tee -a $DIR/test.log
+ echo 2>&1 | tee -a "${DIR}/test.log"
+ echo "Trouble with ${DIR}" 2>&1 | tee -a "${DIR}/test.log"
fi
echo
echo
@@ -61,9 +61,9 @@ grep ^Trouble test*/test.log
echo
echo -n "## "; python2 --version
-if test -n "$PYTHONPATH"
+if test -n "${PYTHONPATH}"
then
- echo "## PYTHONPATH is" \"$PYTHONPATH\"
+ echo "## PYTHONPATH is" \"${PYTHONPATH}\"
fi
if ! /bin/sh -c "set -o pipefail" 2> /dev/null
=====================================
tests/python3-tester.sh
=====================================
@@ -5,7 +5,7 @@
# This is a clone of option-tester.sh
# to build with python3 and do minimal (version) testing.
-if [ "`which python3 2>/dev/null`" = "" ]
+if [ "$(which python3 2>/dev/null)" = "" ]
then
echo "# Error: No python3 on this system."
exit 1
@@ -21,28 +21,28 @@ fi
doit ()
{
DIR=test-$1
- [ ! -d $DIR ] && mkdir $DIR
- rm -rf $DIR/*
- python3 ./waf configure --out=$DIR $2 2>&1 | tee $DIR/test.log
+ [ ! -d "${DIR}" ] && mkdir "${DIR}"
+ rm -rf "${DIR}"/*
+ python3 ./waf configure --out="${DIR}" $2 2>&1 | tee "${DIR}/test.log"
WAF1=$?
WAF2=0
WAF3=0
if [ "$WAF1" = 0 ]
then
- echo 2>&1 | tee -a $DIR/test.log
- python3 ./waf build 2>&1 | tee -a $DIR/test.log
+ echo 2>&1 | tee -a "${DIR}/test.log"
+ python3 ./waf build 2>&1 | tee -a "${DIR}/test.log"
WAF2=$?
if [ "$WAF2" = 0 ]
then
- echo 2>&1 | tee -a $DIR/test.log
- python3 ./waf check 2>&1 | tee -a $DIR/test.log
+ echo 2>&1 | tee -a "${DIR}/test.log"
+ python3 ./waf check 2>&1 | tee -a "${DIR}/test.log"
WAF3=$?
fi
fi
if [ "$WAF1" != 0 -o "$WAF2" != 0 -o "$WAF3" != 0 ]
then
- echo 2>&1 | tee -a $DIR/test.log
- echo "Trouble with $DIR" 2>&1 | tee -a $DIR/test.log
+ echo 2>&1 | tee -a "${DIR}/test.log"
+ echo "Trouble with ${DIR}" 2>&1 | tee -a "${DIR}/test.log"
fi
echo
echo
@@ -61,9 +61,9 @@ grep ^Trouble test*/test.log
echo
echo -n "## "; python3 --version
-if test -n "$PYTHONPATH"
+if test -n "${PYTHONPATH}"
then
- echo "## PYTHONPATH is" \"$PYTHONPATH\"
+ echo "## PYTHONPATH is" \"${PYTHONPATH}\"
fi
if ! /bin/sh -c "set -o pipefail" 2> /dev/null
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/663353b37a169addbc1f19c1522b6124837b672f...3c2f96ccb64d363a0b1704a8f99136b2c941acea
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/663353b37a169addbc1f19c1522b6124837b672f...3c2f96ccb64d363a0b1704a8f99136b2c941acea
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20200914/36239f31/attachment-0001.htm>
More information about the vc
mailing list