secnote

The secnote tool.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/secnote

commit f98c5e42bcdb522da15861080eaed77695d6a199
parent c14142920d1cc9c31a133ff7c2fbcef18bf612aa
Author: Joris Vink <joris@coders.se>
Date:   Thu,  2 Jun 2022 00:15:16 +0200

Show new chunks per topic when verifying.

Diffstat:
README.md | 21+++++++++++++++++++++
secnote.c | 88+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------
2 files changed, 87 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md @@ -0,0 +1,21 @@ +# secnote + +WIP + +## notes + +There may be different reasons for marking a section of code as +a secnote. Perhaps a design decision, or a belt and suspender. + +It is hard to classify certain parts of code as security critical +while leaving out other parts. + +Security encompasses the entire code base. + +However, secnote should make it easier to digest code and +understand which parts of it relate to security or potentially +even are security critical without intimate understanding of the code. + +As with everything related to comments and documentation, if it +falls out of touch with reality it will become useless and could +even turn into a security risk. diff --git a/secnote.c b/secnote.c @@ -44,8 +44,8 @@ #define FILE_SEPARATOR \ "===================================================================" -#define TAG_OPEN "@secnote-open" -#define TAG_CLOSE "@secnote-close" +#define TAG_OPEN "\x40secnote-open" +#define TAG_CLOSE "\x40secnote-close" #define MAX(a, b) ((a > b) ? a : b) #define MIN(a, b) ((a < b) ? a : b) @@ -109,6 +109,8 @@ static void file_parse(struct context *, const char *); static int file_read_line(struct file *, char *, size_t); static void file_open(struct file *, const char *, const char *); +static void text_topic_dump(struct context *); +static int text_chunk_new_entries(struct topic *, int *); static void text_topic_write(struct context *, struct topic *); static void text_topic_header(struct context *, struct topic *); @@ -118,8 +120,9 @@ static void load_from_args(struct context *, int, char **); static int dump_parse_entry(struct context *, struct file *, char *); static int dump_parse_topic(struct context *, struct file *, const char *); -static void text_topic_dump(struct context *); +static void topic_entry_free(struct entry *); static void topic_free(struct context *, struct topic *); + static void context_compare(struct context *, struct context *); static struct topic *topic_resolve(struct context *, const char *); @@ -237,6 +240,9 @@ context_compare(struct context *verify, struct context *ondisk) TAILQ_FOREACH(entry, &t1->entries, list) { state = entry_check_state(&t2->entries, entry, &ent); + if (ent != NULL) + TAILQ_REMOVE(&t2->entries, ent, list); + if (state != ENTRY_STATE_SAME && !header) { header = 1; printf("@ %s\n\n", t1->name); @@ -244,19 +250,23 @@ context_compare(struct context *verify, struct context *ondisk) switch (state) { case ENTRY_STATE_SAME: + if (ent != NULL) + topic_entry_free(ent); continue; case ENTRY_STATE_GONE: changes++; - printf("chunk '%s' (%d-%d) not found\n", + printf("!! chunk '%s' (%d-%d) not found\n", entry->file, entry->line_start, entry->line_end); + if (ent != NULL) + topic_entry_free(ent); continue; } changes++; sep = NULL; - printf("chunk '%s' (%d-%d) ", entry->file, + printf("+- chunk '%s' (%d-%d) ", entry->file, entry->line_start, entry->line_end); a = entry->line_end - entry->line_start; @@ -285,8 +295,19 @@ context_compare(struct context *verify, struct context *ondisk) } printf("\n"); + topic_entry_free(ent); } + changes += text_chunk_new_entries(t2, &header); + topic_free(ondisk, t2); + + if (header) + printf("\n"); + } + + TAILQ_FOREACH(t1, &ondisk->topics, list) { + header = 0; + changes += text_chunk_new_entries(t1, &header); if (header) printf("\n"); } @@ -647,32 +668,33 @@ topic_resolve(struct context *ctx, const char *name) static void topic_free(struct context *ctx, struct topic *topic) { - struct line *line, *lnext; - struct entry *entry, *enext; + struct entry *entry; TAILQ_REMOVE(&ctx->topics, topic, list); - for (entry = TAILQ_FIRST(&topic->entries); entry != NULL; - entry = enext) { - enext = TAILQ_NEXT(entry, list); + while ((entry = TAILQ_FIRST(&topic->entries)) != NULL) { TAILQ_REMOVE(&topic->entries, entry, list); + topic_entry_free(entry); + } - for (line = TAILQ_FIRST(&entry->lines); line != NULL; - line = lnext) { - lnext = TAILQ_NEXT(line, list); - TAILQ_REMOVE(&entry->lines, line, list); + free(topic->name); + free(topic); +} - free(line->code); - free(line); - } +static void +topic_entry_free(struct entry *entry) +{ + struct line *line; - free(entry->context); - free(entry->file); - free(entry); + while ((line = TAILQ_FIRST(&entry->lines)) != NULL) { + TAILQ_REMOVE(&entry->lines, line, list); + free(line->code); + free(line); } - free(topic->name); - free(topic); + free(entry->context); + free(entry->file); + free(entry); } static struct entry * @@ -789,6 +811,28 @@ entry_check_state(struct entry_list *head, struct entry *orig, return (ENTRY_STATE_GONE); } +static int +text_chunk_new_entries(struct topic *topic, int *header) +{ + int new; + struct entry *entry; + + new = 0; + + TAILQ_FOREACH(entry, &topic->entries, list) { + if (*header == 0) { + *header = 1; + printf("@ %s\n\n", topic->name); + } + + new++; + printf("++ chunk '%s' (%d-%d) new\n", entry->file, + entry->line_start, entry->line_end); + } + + return (new); +} + static void text_topic_dump(struct context *ctx) {