Skip to content

fix #14077: fuzzing crash (assert) in Token::update_property_info() #3091

fix #14077: fuzzing crash (assert) in Token::update_property_info()

fix #14077: fuzzing crash (assert) in Token::update_property_info() #3091

Workflow file for this run

# Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
# Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners
name: scriptcheck
on:
push:
branches:
- 'main'
- 'releases/**'
- '2.*'
tags:
- '2.*'
pull_request:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: ccache
uses: hendrikmuhs/[email protected]
with:
key: ${{ github.workflow }}-${{ runner.os }}
- name: Cache Cppcheck
uses: actions/cache@v4
with:
path: cppcheck
key: ${{ runner.os }}-scriptcheck-cppcheck-${{ github.sha }}
- name: build cppcheck
run: |
export PATH="/usr/lib/ccache:/usr/local/opt/ccache/libexec:$PATH"
make -j$(nproc) CXXOPTS="-Werror"
strip -s ./cppcheck
scriptcheck:
needs: build
runs-on: ubuntu-22.04
strategy:
matrix:
python-version: [3.7, 3.8, 3.9, '3.10', '3.11', '3.12', '3.13']
include:
- python-version: '3.13'
python-latest: true
fail-fast: false
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
# TODO: bailout on error
- name: Restore Cppcheck
uses: actions/cache@v4
with:
path: cppcheck
key: ${{ runner.os }}-scriptcheck-cppcheck-${{ github.sha }}
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
check-latest: true
- name: Install missing software on ubuntu
run: |
sudo apt-get update
sudo apt-get install tidy libxml2-utils
- name: Install missing software on ubuntu (Python 3)
run: |
# shellcheck cannot be installed via pip
# ERROR: Could not find a version that satisfies the requirement shellcheck (from versions: none)
# ERROR: No matching distribution found for shellcheck
sudo apt-get install shellcheck
python -m pip install pip --upgrade
python -m pip install natsort
python -m pip install pexpect
python -m pip install 'pylint<=3.3.0'
python -m pip install unittest2
python -m pip install pytest
python -m pip install pytest-xdist
python -m pip install pygments
python -m pip install requests
python -m pip install psutil
python -m pip install setuptools
- name: run Shellcheck
if: matrix.python-latest
run: |
find . -name "*.sh" | xargs shellcheck --exclude SC2002,SC2013,SC2034,SC2035,SC2043,SC2046,SC2086,SC2089,SC2090,SC2129,SC2211,SC2231
- name: run pylint
if: matrix.python-latest
run: |
shopt -s globstar
pylint --jobs $(nproc) --py-version 3.7 addons/**/*.py htmlreport/cppcheck-htmlreport htmlreport/**/*.py test/**/*.py tools/**/*.py
- name: check .json files
if: matrix.python-latest
run: |
find . -name '*.json' | xargs -n 1 python -m json.tool > /dev/null
- name: Validate
if: matrix.python-latest
run: |
make -j$(nproc) validateCFG validatePlatforms validateRules
- name: check python syntax
run: |
shopt -s globstar
python -m py_compile addons/**/*.py
python -m py_compile htmlreport/cppcheck-htmlreport
python -m py_compile htmlreport/**/*.py
python -m py_compile test/**/*.py
python -m py_compile tools/**/*.py
- name: compile addons
run: |
python -m compileall ./addons
- name: test matchcompiler
run: |
python test/tools/test_matchcompiler.py
env:
PYTHONPATH: ./tools
# TODO: run with "-n auto" when misra_test.py can be run in parallel
# we cannot specify -Werror since xml/etree/ElementTree.py in Python 3.9/3.10 contains an unclosed file
- name: test addons
if: matrix.python-version == '3.9' || matrix.python-version == '3.10'
run: |
python -m pytest --strict-markers -vv -n 1 addons/test
env:
PYTHONPATH: ./addons
# TODO: run with "-n auto" when misra_test.py can be run in parallel
- name: test addons
if: matrix.python-version != '3.9' && matrix.python-version != '3.10'
run: |
python -m pytest -Werror --strict-markers -vv -n 1 addons/test
env:
PYTHONPATH: ./addons
- name: test htmlreport (standalone)
run: |
test/tools/htmlreport/test_htmlreport.py
test/tools/htmlreport/check.sh
- name: test htmlreport (pip)
run: |
python -m venv venv
source venv/bin/activate
python -m pip install -U pip
pip install ./htmlreport/
which cppcheck-htmlreport
PIP_PACKAGE_TEST=1 test/tools/htmlreport/test_htmlreport.py
# TODO: does not test the pip binary
test/tools/htmlreport/check.sh
- name: test reduce
run: |
python -m pytest -Werror --strict-markers -vv test/tools/reduce_test.py
env:
PYTHONPATH: ./tools
- name: test donate_cpu_lib
run: |
python -m pytest -Werror --strict-markers -vv test/tools/donate_cpu_lib_test.py
env:
PYTHONPATH: ./tools
- name: test donate_cpu_server
run: |
python -m pytest -Werror --strict-markers -vv test/tools/donate_cpu_server_test.py
# TODO: why is this file generated? also should be in a temporary folder if possible
rm -f test/tools/donate-cpu-server.log
env:
PYTHONPATH: ./tools
- name: Show all ignored files
if: false # TODO: currently lists all the contents of ignored folders - we only need what actually matched
run: |
git ls-files --others --ignored --exclude-standard
- name: Check for changed and unversioned files
run: |
# TODO: how to do this with a single command?
git status --ignored=no
git status --ignored=no | grep -q 'working tree clean'
dmake:
strategy:
matrix:
os: [ubuntu-22.04, macos-15, windows-2025]
fail-fast: false
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: run dmake
run: |
make -j3 CXXOPTS="-Werror" run-dmake
- name: check diff
run: |
git diff --exit-code