feature/goblintAnalyzer

qc_sec_goblint/CONTRIBUTING.md

@@ -0,0 +1,19 @@
+<!--
+SPDX-FileCopyrightText: Copyright contributors to the Software Quality Assurance as a Service (SQAaaS) project.
+
+SPDX-License-Identifier: GPL-3.0-or-later
+-->
+
+# Contributions
+
+Please note the following aspects when sending us your contribution.
+
+## Code contributions
+ * Contributions are expected to:
+    * Be done through pull requests.
+    * Use the convention `feature/<branch>` name for new features.
+    * Use the convention `bugfix/<branch>` name for bug fixes.
+
+## Issues
+ * Before opening a new issue, please double-check first if a mathing
+ issue already exists in the list of [open issues](https://github.com/eosc-synergy/sqaaas-reporting-plugins/issues).

qc_sec_goblint/README.md

@@ -0,0 +1,68 @@
+<!--
+SPDX-FileCopyrightText: Copyright contributors to the Software Quality Assurance as a Service (SQAaaS) project.
+
+SPDX-License-Identifier: GPL-3.0-or-later
+-->
+
+# SQAaaS reporting validator plugin for the goblint/analyzer tool
+
+[![License](https://img.shields.io/github/license/fzhu2e/GraphEM)](https://opensource.org/licenses/GPL-3.0)
+
+* [Description](#description)
+* [Quick start](#quick-start)
+* [Developing and Testing](#development-and-testing)
+* [Contribution](#contribution)
+* [License](#license)
+
+
+## Description
+This plugin validates the output of the [goblint/analyzer](https://github.com/goblint/analyzer) tool."
+
+## Quick start
+The plugin can be installed from this repository using `pip`:
+```
+$ pip install git+https://github.com/EOSC-synergy/sqaaas-reporting-plugins@main#egg=report2sqaaas-plugin-goblint&subdirectory=qc_sec_goblint
+```
+### Configuration
+No additional configuration is needed. The plugin is added to the
+`sqaaas.validators` namespace, which is scoped by the
+[report2sqaaas](https://github.com/eosc-synergy/sqaaas-reporting) application.
+### Trying it out
+The plugin can be readily used through the CLI offered by the
+[report2sqaaas](https://github.com/eosc-synergy/sqaaas-reporting) module:
+```
+$ report2sqaaas goblint goblint/analyzer.stdout
+```
+
+Note that you will need to have the
+[report2sqaaas](https://github.com/eosc-synergy/sqaaas-reporting) module
+deployed in your environment for the plugin to work. To this end, you can
+use the [requirements.txt](requirements.txt) file included with this package:
+```
+$ pip install -r requirements.txt
+```
+
+## Development and Testing
+While on development, deploy the plugin in editable mode:
+```
+pip install -r requirements.txt
+pip install -e .
+```
+
+Use [pytest](https://pytest.org/) module to run the test cases:
+```
+$ pip install -r test-requirements.txt
+$ pytest -svv
+```
+### About validate() method
+The `validate()` method has to be implemented for the tests to pass successfully.
+If pytest returns the exception:
+```TypeError: Can't instantiate abstract class FooValidator with abstract method validate```
+then this means that the method is not implemented in the generated validator class.
+
+
+## Contribution
+Please check our [guidelines](CONTRIBUTING.md) on how to contribute.
+
+## License
+[GNU GENERAL PUBLIC LICENSE v3](LICENSE)

qc_sec_goblint/report2sqaaas_plugins_goblint/main.py

@@ -0,0 +1,95 @@
+# SPDX-FileCopyrightText: Copyright contributors to the Software Quality Assurance as a Service (SQAaaS) project.
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import logging
+import re
+
+from report2sqaaas import utils as sqaaas_utils
+
+logger = logging.getLogger("sqaaas.reporting.plugins.goblint")
+
+
+class goblintValidator(sqaaas_utils.BaseValidator):
+    valid = True
+    threshold = 1
+
+    def validate(self):
+        valid = False
+        data = sqaaas_utils.load_data(self.opts.stdout.strip())
+
+        clean = []
+        categories = []
+        lines = data.splitlines()
+        race = 0
+        race_evidence = "The memory locations evaluation has not been realised"
+        code = 0
+        code_evidence = "The lines of code  evaluation has not been realised"
+        for line in lines:
+            remove1 = line.replace("\x1b[0;34m", "")
+            remove2 = remove1.replace("\u001b[0;0;00m", "")
+            if not (line == remove1 or remove1 == remove2):
+                clean.append(remove2)
+
+        for i in range(len(clean)):
+            line = clean[i]
+            if line[:6] == "[Info]":
+                categories.append(i)
+
+        for i in categories:
+            if "Deadcode" in clean[i]:
+                numbers = [
+                    int(s)
+                    for s in re.findall(
+                        r"\b\d+\b", clean[i + 1] + clean[i + 2] + clean[i + 3]
+                    )
+                ]
+                # dead=(str(clean[i+1]+','+clean[i+2]+','+clean[i+3]))
+                if (
+                    numbers[0] == numbers[2]
+                ):  # numbers[0] is the number of live lines and numbers[2] the total number of lines
+                    code = True
+                    code_evidence = (
+                        "The number of live lines is equal to the total number of lines"
+                    )
+                else:
+                    code_evidence = "The number of live lines is not equal to the total number of lines"
+            if "Race" in clean[i]:
+                numbers = [
+                    int(s)
+                    for s in re.findall(
+                        r"\b\d+\b",
+                        clean[i + 1] + clean[i + 2] + clean[i + 3] + clean[i + 4],
+                    )
+                ]
+                if (
+                    numbers[0] == numbers[3]
+                ):  # numbers[0] is the number of safe memory locations and numbers[3] the total memory locations
+                    race = True
+                    race_evidence = "The number of safe memory locations is equal to the total number of memory locations"
+                else:
+                    race_evidence = "The number of safe memory locations is not equal to the total number of memory locations"
+
+        if race and code:
+            valid = True
+
+        subcriteria = [
+            {
+                "id": "QC.Sec",
+                "valid": race,
+                "description": "Memory locations race safety",
+                "evidence": race_evidence,
+            },
+            {
+                "id": "QC.Sec",
+                "valid": code,
+                "description": "Logical lines of code",
+                "evidence": code_evidence,
+            },
+        ]
+        return {
+            "valid": valid,
+            "subcriteria": subcriteria,
+            "standard": "",
+            "data_unstructured": [race_evidence, code_evidence],
+        }

qc_sec_goblint/requirements.txt

@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: Copyright contributors to the Software Quality Assurance as a Service (SQAaaS) project.
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Install report2sqaaas from 'main' branch
+git+https://github.com/EOSC-synergy/sqaaas-reporting@main#egg=report2sqaaas

qc_sec_goblint/setup.cfg

@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: Copyright contributors to the Software Quality Assurance as a Service (SQAaaS) project.
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[metadata]
+# This includes the license file(s) in the wheel.
+# https://wheel.readthedocs.io/en/stable/user_guide.html#including-license-files-in-the-generated-wheel-file
+license_files = LICENSE
+
+[isort]
+profile = black

qc_sec_goblint/setup.py

@@ -0,0 +1,62 @@
+# SPDX-FileCopyrightText: Copyright contributors to the Software Quality Assurance as a Service (SQAaaS) project.
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import os
+from urllib.parse import urlparse
+
+from setuptools import find_packages, setup
+
+
+def load_requirements():
+    """Install dependencies from 'requirements.txt'.
+
+    If the file contains a pip-supported git+https' location for the
+    package, this method transforms it to setuptools' way. Some code has
+    been taken from
+    https://stackoverflow.com/a/53069528
+    """
+    thelibFolder = os.path.dirname(os.path.realpath(__file__))
+    requirementPath = thelibFolder + "/requirements.txt"
+    install_requires = []
+    if os.path.isfile(requirementPath):
+        with open(requirementPath) as f:
+            install_requires = f.read().splitlines()
+    install_requires_filtered = []
+    for req in install_requires:
+        if not req.startswith("#"):
+            url_parsed = urlparse(req)
+            fragment = url_parsed.fragment
+            if fragment:
+                fragment = fragment.split("=")[-1]
+                req = "@".join([fragment, req])
+            install_requires_filtered.append(req)
+
+    return install_requires_filtered
+
+
+setup(
+    name="report2sqaaas-plugin-goblint",
+    version="1.0.0",
+    description="Output validator for the goblint/analyzer tool",
+    author="Ivan Palomo",
+    author_email="[email protected]",
+    url="https://github.com/eosc-synergy/sqaaas-reporting-plugins",
+    # For a list of valid classifiers, see https://pypi.org/classifiers/
+    classifiers=[
+        "Intended Audience :: Developers",
+        (
+            "License :: OSI Approved :: GNU General Public License v3 or later "
+            "(GPLv3+)"
+        ),
+        "Environment :: Plugins",
+        "Development Status :: 3 - Alpha",
+    ],
+    packages=find_packages(),
+    install_requires=load_requirements(),
+    entry_points={
+        "sqaaas.validators": [
+            "goblint = report2sqaaas_plugins_goblint.main:goblintValidator",  # noqa
+        ],
+    },
+)

qc_sec_goblint/test-requirements.txt

@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: Copyright contributors to the Software Quality Assurance as a Service (SQAaaS) project.
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+pytest>=6.2.5
+pytest-dependency>=0.5.1
+# report2sqaaas == 1.2.0
+git+https://github.com/EOSC-synergy/[email protected]#egg=report2sqaaas
+black
+isort

qc_sec_goblint/tests/test_validator.py

@@ -0,0 +1,39 @@
+# SPDX-FileCopyrightText: Copyright contributors to the Software Quality Assurance as a Service (SQAaaS) project.
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from types import SimpleNamespace
+
+import pytest
+from report2sqaaas_plugins_goblint.main import goblintValidator
+
+
+@pytest.fixture
+def goblint_stdout():
+    # FIXME Return a sample tool's stdout as string
+    return ""
+
+
+@pytest.fixture
+def validator_opts(goblint_stdout):
+    class_args = {"validator": "goblint", "stdout": goblint_stdout}
+    return SimpleNamespace(**class_args)
+
+
+@pytest.fixture
+def validator(validator_opts):
+    return goblintValidator(validator_opts)
+
+
+@pytest.mark.dependency()
+def test_is_validate_method_defined(validator_opts):
+    assert goblintValidator(validator_opts).validate()
+
+
+@pytest.mark.dependency(depends=["test_is_validate_method_defined"])
+def test_validate_method_output(validator):
+    result = validator.validate()
+    assert type(result) is dict
+    assert "valid" in list(result)
+    assert "subcriteria" in list(result)
+    assert type(result["subcriteria"]) is list