Age | Commit message (Collapse) | Author | Files | Lines |
|
Add CodeQL Workflow for Code Security Analysis
This pull request introduces a CodeQL workflow to enhance the security analysis of our repository. CodeQL is a powerful static analysis tool that helps identify and mitigate security vulnerabilities in our codebase. By integrating this workflow into our GitHub Actions, we can proactively identify and address potential issues before they become security threats.
We added a new CodeQL workflow file (.github/workflows/codeql.yml) that
- Runs on every pull request (functionality to run on every push to main branches is included as a comment for convenience).
- Runs daily.
- Excludes queries with a high false positive rate or low-severity findings.
- Does not display results for git submodules, focusing only on our own codebase.
Testing:
To validate the functionality of this workflow, we have run several test scans on the codebase and reviewed the results. The workflow successfully compiles the project, identifies issues, and provides actionable insights while reducing noise by excluding certain queries and third-party code.
Deployment:
Once this pull request is merged, the CodeQL workflow will be active and automatically run on every push and pull request to the main branch. To view the results of these code scans, please follow these steps:
1. Under the repository name, click on the Security tab.
2. In the left sidebar, click Code scanning alerts.
Additional Information:
- You can further customize the workflow to adapt to your specific needs by modifying the workflow file.
- For more information on CodeQL and how to interpret its results, refer to the GitHub documentation and the CodeQL documentation (https://codeql.github.com/ and https://codeql.github.com/docs/).
Signed-off-by: Brian <bayuan@purdue.edu>
|
|
Add CodeQL Workflow for Code Security Analysis
This pull request introduces a CodeQL workflow to enhance the security analysis of our repository. CodeQL is a powerful static analysis tool that helps identify and mitigate security vulnerabilities in our codebase. By integrating this workflow into our GitHub Actions, we can proactively identify and address potential issues before they become security threats.
We added a new CodeQL workflow file (.github/workflows/codeql.yml) that
- Runs on every pull request (functionality to run on every push to main branches is included as a comment for convenience).
- Runs daily.
- Excludes queries with a high false positive rate or low-severity findings.
- Does not display results for git submodules, focusing only on our own codebase.
Testing:
To validate the functionality of this workflow, we have run several test scans on the codebase and reviewed the results. The workflow successfully compiles the project, identifies issues, and provides actionable insights while reducing noise by excluding certain queries and third-party code.
Deployment:
Once this pull request is merged, the CodeQL workflow will be active and automatically run on every push and pull request to the main branch. To view the results of these code scans, please follow these steps:
1. Under the repository name, click on the Security tab.
2. In the left sidebar, click Code scanning alerts.
Additional Information:
- You can further customize the workflow to adapt to your specific needs by modifying the workflow file.
- For more information on CodeQL and how to interpret its results, refer to the GitHub documentation and the CodeQL documentation (https://codeql.github.com/ and https://codeql.github.com/docs/).
Signed-off-by: Brian <bayuan@purdue.edu>
|
|
Add CodeQL Workflow for Code Security Analysis
This pull request introduces a CodeQL workflow to enhance the security analysis of our repository. CodeQL is a powerful static analysis tool that helps identify and mitigate security vulnerabilities in our codebase. By integrating this workflow into our GitHub Actions, we can proactively identify and address potential issues before they become security threats.
We added a new CodeQL workflow file (.github/workflows/codeql.yml) that
- Runs on every push and pull request to the main branch.
- Excludes queries with a high false positive rate or low-severity findings.
- Does not display results for third-party code, focusing only on our own codebase.
Testing:
To validate the functionality of this workflow, we have run several test scans on the codebase and reviewed the results. The workflow successfully compiles the project, identifies issues, and provides actionable insights while reducing noise by excluding certain queries and third-party code.
Deployment:
Once this pull request is merged, the CodeQL workflow will be active and automatically run on every push and pull request to the main branch. To view the results of these code scans, please follow these steps:
1. Under the repository name, click on the Security tab.
2. In the left sidebar, click Code scanning alerts.
Additional Information:
- You can further customize the workflow to adapt to your specific needs by modifying the workflow file.
- For more information on CodeQL and how to interpret its results, refer to the GitHub documentation and the CodeQL documentation.
Signed-off-by: Brian <bayuan@purdue.edu>
|
|
On systems where we aren't getting enough cpu time.
Heuristic check, but probably good enough in practice.
Fixes #282
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
This bug has been there for a long time but probably no-one builds
static extensions because they aren't very useful.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
|
|
- Set jim::lineedit to indicate if line editing is configured
- Ensure that aio tty works even if line editing is disabled
- Skip some tests if line editing is not configured
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
To show that it returns the current values, not just the original values
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
hurd does not return the path for unix domain sockets
via getsockname()
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
socket operation on non-socket gives a different message
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
When the multi-level break/continue support was added in
1b151f816f14b11f1c1ef10b171411e21b9a504e it reused returnLevel,
but this interferred with the return level returned by try/catch.
Use a separate variable for the break/continue level.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
And allow -DJIM_TINY to disable optimisation, and
use that with bootstrap jimsh.
Fixes #273
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Need strings.h for strcasecmp
(Although I don't really think it's necessary to support lower case
versions of signal names. This will probably change).
Fixes #270
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
If pkg-config is not available
Fixes #272
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
This test can be at bit flaky on slower machines
(perhaps running under a VM or qemu).
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Mostly for update bootstrap jimsh
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Without this, readdir() doesn't work properly on some 32 bit platforms
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
And allow current source file to be set
Fixes: #268
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
The checks for -ipv6, -async broke 'socket -commands'
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
In case socket pty, interp are not available
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
set a 5
proc b {} {&a} {
incr a
}
b
Now a is 6 because b captured a by reference instead of by value
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
To add new commands that now support -help, -commands
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
This means we get -commands and usage via -help
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
This means we get -commands and usage via -help
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
This means we get -commands and usage via -help
And update dict2.test for minor difference in usage
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
This means we get -commands and usage via -help
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
This means we get -commands and usage via -help
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Add support for modulo maxarg count. If maxargs is (e.g.) -2, then a
multiple of 2 args is expected.
Also expose Jim_SubCmdArgError() to make it easy to add additional
arg validation but still have subcmd report the usage.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
And add a default implementation of tcl::stdhint to add
hinting for some built-in commands.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
To open, socket and accept
Also document aio getfd
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
And also fix a minor bug that if unable to format the socket address
the file descriptor would be left open.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
socket ?-noclose? ...
open filename ?-noclose? ...
Normally Jim will set O_CLOEXEC on all files and sockets that are opened
however sometimes it is desirable to keep file descriptors open for
child processes. The -noclose flags does this (on supported platforms).
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
This changes especially makes buffered I/O work
with non-blocking channels.
- separate read and write buffering
- support for timeout on blocking read
- read/write on same channel in event loop with buffering
- read buffer is the same across read, gets, copyto
- autoflush non-blocking writes via event loop
- copyto can now copy to any filehandle-like command
- add some copyto tests
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
This is simpler now that we can write to a non-blocking socket
even if it is "full".
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
AIO_KEEPOPEN won't close a channel (such as stdin, stdout)
when the command is deleted/replaced, but an explicit close
will still close the channel.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Now 'constraint cmd|package' is like 'needs' but sets a constraint
The command to 'needs cmd' and 'constraint cmd' can now take
a subcommand to check.
Add 'constraint|needs eval|expr' to make some constraint checks
simpler.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
This changes especially makes buffered I/O work
with non-blocking channels.
- separate read and write buffering
- support for timeout on blocking read
- read/write on same channel in event loop with buffering
- read buffer is the same across read, gets, copyto
- autoflush non-blocking writes via event loop
- copyto can now copy to any filehandle-like command
- add some copyto tests
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
If building on a system with an installed jim.h, we want
to be sure to pick up the local jim headers in preference.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Often the command in a stack trace will be a long script.
This makes it hard to read the stacktrace, so in this case
truncate at the first newline and add ...
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
A typical error message now looks like this:
t4.tcl:2: Error: syntax error in expression: "blah"
Traceback (most recent call last):
File "t4.tcl", line 14
c 1 2 3
File "t4.tcl", line 10, in c
b a c
File "t4.tcl", line 6, in b
a A14
File "t4.tcl", line 2, in a
expr blah
This is produced by stackdump (that can be replaced), called by errorInfo.
Note that now stacktraces (stacktrace, info stacktrace, $opts(-errorinfo)) include
the running command at each level in addition to proc, file, line. In order for
scripts to detect this new format, a new entry tcl_platform entry has been added:
tcl_platform(stackFormat) = 4 (to signify 4 elements per frame)
In addition, instead of building the error stack frame as the stack
is unwound in response to an error, instead the entire current stack trace
is captured by stacktrace. This means that the trace extends beyond the try/catch
right back to the initial interpreter command.
The 'stacktrace' command is now implemented in C based on the same
code that generates the error stacktrace.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Now callers to JimInvokeCommand() are expected to push and eval frame.
Then we no longer need to carry currentScriptObj, argc, argv in the interp
since these are in the current eval frame.
Note that this change simply renames some unused fields in Jim_Interp for ABI
compatibility, but these will be removed in due course.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
|
|
Some 32 bit systems may require explicit use of stat64, etc.
Fixes #263
|