Update to v1.3.0

Makefile

@@ -1,12 +1,13 @@
 NAME=portstreelint
 SOURCES=src/${NAME}/__init__.py src/${NAME}/main.py src/${NAME}/library.py \
-        src/${NAME}/load_data.py src/${NAME}/check_categories.py src/${NAME}/check_comment.py \
-        src/${NAME}/check_description_file.py src/${NAME}/check_installation_prefix.py \
-        src/${NAME}/check_maintainer.py src/${NAME}/check_marks.py src/${NAME}/check_plist.py \
-        src/${NAME}/check_port_path.py src/${NAME}/check_unchanging_ports.py \
-        src/${NAME}/check_vulnerabilities.py src/${NAME}/check_www_site.py \
-        src/${NAME}/show_categories.py src/${NAME}/show_maintainers.py \
-        src/${NAME}/show_notifications.py src/${NAME}/show_summary.py
+        src/${NAME}/load_config.py src/${NAME}/load_data.py src/${NAME}/check_categories.py \
+        src/${NAME}/check_comment.py src/${NAME}/check_description_file.py \
+        src/${NAME}/check_installation_prefix.py src/${NAME}/check_maintainer.py \
+        src/${NAME}/check_marks.py src/${NAME}/check_plist.py src/${NAME}/check_port_path.py \
+        src/${NAME}/check_unchanging_ports.py src/${NAME}/check_vulnerabilities.py \
+        src/${NAME}/check_www_site.py src/${NAME}/show_categories.py \
+        src/${NAME}/show_maintainers.py src/${NAME}/show_notifications.py \
+        src/${NAME}/show_summary.py
 
 # Default action is to show this help message:
 .help:

README.md

@@ -19,12 +19,14 @@ portstreelint - FreeBSD ports tree lint
 
 ## SYNOPSIS
 **portstreelint**
-\[--tree|-t DIR\]
+\[--nocfg|-n\]
+\[--gencfg|-g FILE\]
 \[--show-cat|-C\]
 \[--show-mnt|-M\]
 \[--cat|-c LIST\]
 \[--mnt|-m LIST\]
 \[--port|-p LIST\]
+\[--tree|-t DIR\]
 \[--plist NUM\]
 \[--broken NUM\]
 \[--deprecated NUM\]
@@ -101,23 +103,35 @@ It's possible to change the default values for PLIST_FILES abuse,
 BROKEN_since, DEPRECATED_since, FORBIDDEN_since and Unchanged_since
 with the *--plist*, *--broken*, *--deprecated*, *--forbidden* and
 *--unchanged* options, followed by a number of files for the first
-one and a number of days for the others.
+one and a number of days for the others. And you can select a port
+tree in a location other than */usr/ports* with the *--tree|-t*
+option.
 
 Finally, there's a *--output|-o* option to generate a CSV delimited
 file with the per-maintainer findings to a specified filename. This
 allows for automated processing of the results, such as, for example,
 sending warning emails, storing results and displaying only diffs
 since previous run...
 
+For convenience, you can put your favourite options in a
+configuration file, which will be read before processing the
+environment and the command line, unless you use the *--nocfg|-n*
+option. You can generate a default configuration file with the
+*--gencfg|-g* option followed by a filename. This file also offers
+full control over the checks to perform, and a way to discard
+false-positive vulnerabilities.
+
 ### OPTIONS
 Options | Use
 ------- | ---
---tree\|-t DIR|Ports directory (default=/usr/ports)
+--nocfg\|-n|Don't use the configuration file
+--gencfg\|-g FILE|Generate a default configuration file in FILE
 --show-cat\|-C|Show categories with ports count
 --show-mnt\|-M|Show maintainers with ports count
 --cat\|-c LIST|Select only the comma-separated categories in LIST
 --mnt\|-m LIST|Select only the comma-separated maintainers in LIST
 --port\|-p LIST|Select only the comma-separated ports in LIST
+--tree\|-t DIR|Set ports directory (default=/usr/ports)
 --plist NUM|Set PLIST_FILES abuse to NUM files
 --broken NUM|Set BROKEN since to NUM days
 --deprecated NUM|Set DEPRECATED since to NUM days
@@ -139,16 +153,20 @@ If the system's *PORTSDIR* environment variable is set, it'll be used instead of
 default "/usr/ports". But the *--tree|-t DIR* option will still override it.
 
 ## FILES
-The whole port tree under /usr/ports, or the location indicated by the *PORTSDIR*
+The whole port tree under */usr/ports*, or the location indicated by the *PORTSDIR*
 environment variable, or the *--tree|-t* argument:
 - as root, if you have installed portsnap, update to the last version with "portsnap fetch update"
 - or, if you have installed git, clone the latest repository with "git clone https://git.FreeBSD.org/ports.git /usr/ports"
 
 [/usr/ports/INDEX-xx](https://wiki.freebsd.org/Ports/INDEX)
-where xx is the major version of FreeBSD that you are using (as I write this xx=14).
+: where xx is the major version of FreeBSD that you are using (as I write this xx=14).
 - as root, get the last version with "cd /usr/ports ; make fetchindex"
 - or rebuild it from your port tree with "cd /usr/ports ; make index"
 
+${HOME}/.ptlint
+: an [INI-style](https://docs.python.org/3/library/configparser.html#supported-ini-file-structure) configuration file.
+- Generate a default one with the *--gencfg|-g* option and tweak it to your taste.
+
 ## EXIT STATUS
 The **portstreelint** utility exits 0 on success, and >0 if an error occurs.
 

TODO.md

@@ -2,19 +2,15 @@
 Feel free to submit your own ideas!
 
 ## Planned changes
-* Having a configuration file
-  * Limits setting
-  * Checks enabling or disabling
-  * Selection (or exclusion?) of ports, maintainers, categories
-  * Correction of false positives (for example for vulnerability checks)
+* Better Makefiles exploitation by expanding embedded variables when possible locally
+  * Using Make to do the job when there are embedded variables
 
 ## Probable evolutions
-* Improving versions comparison for versions with letters
-* Better Makefiles exploitation by expanding embedded variables when possible locally
-  * Perhaps using Make to do the job when there are embedded variables?
 * Checking distfiles availability
+* Improving versions comparison for versions with letters -> pnu-vuxml change needed
 
 ## Possible evolutions
+* Printing the number of notifications and a congratulation message if everything is OK
 * Checking the existence of domains in maintainer's email addresses
 * Checking the depends fields (extract/patch/fetch/build/run):
   * Between the Index and the Makefiles

man/portstreelint.8

@@ -1,17 +1,19 @@
-.Dd March 23, 2024
+.Dd April 1st, 2024
 .Dt portstreelint 8
 .Os
 .Sh NAME
 .Nm portstreelint
 .Nd FreeBSD ports tree lint
 .Sh SYNOPSIS
 .Nm
-.Op Fl \-tree|\-t Ar DIR
+.Op Fl \-nocfg|\-n
+.Op Fl \-gencfg|\-g Ar FILE
 .Op Fl \-show\-cat|\-C
 .Op Fl \-show\-mnt|\-M
 .Op Fl \-cat|\-c Ar LIST
 .Op Fl \-mnt|\-m Ar LIST
 .Op Fl \-port|\-p Ar LIST
+.Op Fl \-tree|\-t Ar DIR
 .Op Fl \-plist Ar NUM
 .Op Fl \-broken Ar NUM
 .Op Fl \-deprecated Ar NUM
@@ -141,16 +143,34 @@ and
 .Op Fl \-unchanged
 options, followed by a number of files for the first
 one and a number of days for the others.
+And you can select a port tree in a location other than
+.Pa /usr/ports
+with the
+.Op Fl \-tree|\-t
+option.
 .Pp
 Finally, there's a
 .Op Fl \-output|\-o
 option to generate a CSV delimited file with the per\-maintainer
 findings to a specified filename. This allows for automated processing
 of the results, such as, for example, sending warning emails, storing
 results and displaying only diffs since previous run...
+.Pp
+For convenience, you can put your favourite options in a
+configuration file, which will be read before processing the
+environment and the command line, unless you use the
+.Op Fl \-nocfg|\-n
+option. You can generate a default configuration file with the
+.Op Fl \-gencfg|\-g
+option followed by a filename. This file also offers full control
+over the checks to perform, and a way to discard false\-positive
+vulnerabilities.
 .Ss OPTIONS
-.Op Fl \-tree|\-t Ar DIR
-Ports directory (default=/usr/ports)
+.Op Fl \-nocfg|\-n
+Don't use the configuration file
+.Pp
+.Op Fl \-gencfg|\-g Ar FILE
+Generate a default configuration file in FILE
 .Pp
 .Op Fl \-show\-cat|\-C
 Show categories with ports count
@@ -167,6 +187,9 @@ Select only the comma\-separated maintainers in LIST
 .Op Fl \-port|\-p Ar LIST
 Select only the comma\-separated ports in LIST
 .Pp
+.Op Fl \-tree|\-t Ar DIR
+Ports directory (default=/usr/ports)
+.Pp
 .Op Fl \-plist Ar NUM
 Set PLIST_FILES abuse to NUM files
 .Pp
@@ -234,14 +257,23 @@ or, if you have installed git, clone the latest repository with "git clone https
 .El
 .Pp
 .Pa /usr/ports/INDEX\-xx
-where xx is the major version of FreeBSD that you are using
+: where xx is the major version of FreeBSD that you are using
 (as I write this xx=14).
 .Bl -bullet
 .It
 as root, get the last version with "cd /usr/ports ; make fetchindex"
 .It
 or rebuild it from your port tree with "cd /usr/ports ; make index"
 .El
+.Pp
+.Pa ${HOME}/.ptlint
+: an INI\-style configuration file.
+.Bl -bullet
+.It
+Generate a default one with the
+.Op Fl \-gencfg|\-g
+option and tweak it to your taste.
+.El
 .Sh EXIT STATUS
 .Ex -std portstreelint
 .Sh EXAMPLES

setup.cfg

@@ -3,7 +3,7 @@ name = pnu-portstreelint
 description = FreeBSD ports tree lint
 long_description = file: README.md
 long_description_content_type = text/markdown
-version = 1.2.1
+version = 1.3.0
 license = BSD 3-Clause License
 license_files = License
 author = Hubert Tournier

src/portstreelint/check_vulnerabilities.py

@@ -55,7 +55,7 @@ def _debug_versions(port):
 
 
 ####################################################################################################
-def check_vulnerabilities(ports):
+def check_vulnerabilities(ports, excluded_vulnerabilities):
     """ Checks if the port has vulnerabilities reported in VuXML """
     vulns = vuxml.load_vuxml()
     logging.info("Loaded %d vulnerabilities from the FreeBSD VuXML files", len(vulns))
@@ -127,6 +127,11 @@ def check_vulnerabilities(ports):
             counters["Skipped vulnerability checks"] += 1
             continue
 
+        for vid in excluded_vulnerabilities:
+            if vid in vids:
+                vids.remove(vid)
+                logging.debug("Discarded false-positive VuXML vulnerability '%s' for port %s", vid, name)
+
         for vid in vids:
             logging.warning("Found VuXML vulnerability '%s' for port %s", vid, name)
             if not "FORBIDDEN" in port:

src/portstreelint/check_www_site.py

@@ -13,7 +13,7 @@
 
 # Headers and timeout delay for HTTP(S) requests:
 HTTP_HEADERS = {
-    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0",
+    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0",
     "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
     "Accept-Language": "en;q=1.0, en-US;q=0.8, *;q=0.5",
     "Accept-Encoding": "identity",