Run code safety checks when generating a diff and show results.

Review Request #11907 — Created Jan. 4, 2022 and updated

chipx86
Review Board
release-4.0.x
11904, 11902
reviewboard

The diff viewer now interfaces with the new code safety checkers,
looking for unsafe content during diff generation, before anyone but the
owner is able to view the diff.

Scanners are run per-line, and any warnings or errors from the checker
will be stored along with that line and in a global list in the chunk
generator.

Anything found on a line will cause that line to display a red warning
symbol. Hovering over that will show a summary of what was found. The
top of the file will also show an alert from the safety checker
detailing what was found.

The per-line and per-file information is also available through the Diff
Context API, since it's just part of the resulting file/chunk
information.

The current trojan code safety checker we have deals with
possibly-malicious Unicode characters. As such, there's also support for
highlighting these characters, using a new CSS component, rb-o-duc.
DUCs are Displayed Unicode Characters. They are a simple <span>
containing the codepoint and the character entity.

DUCs default to safely showing the codepoint in a little box, instead of
rendering the character. They can be toggled to render instead, by
setting the -hide-ducs CSS modifier class on the .sidebyside element
for the diff viewer. The render toggling happens purely in CSS.

Hovering over a DUC will show information on the Unicode character. Note
that DUCs are not provided for all Unicode characters, only those that a
code safety checker has highlighted.

The trojan code checker provides the button used for toggling those
characters.

Unit tests pass on Python 2 and 3.

Tested this with the Trojan Source code checker, using the source files
at https://github.com/nickboucher/trojan-source/

Summary
Run code safety checks when generating a diff and show results.

Description From Last Updated

F821 undefined name 'format_html'

reviewbotreviewbot

I'm not sure what this variable name means.

daviddavid

Seems like something that should be logged as well?

daviddavid

This seems like it should be part of a different change. Same with the other JS/CSS related to ducs.

daviddavid
Checks run (1 failed, 1 succeeded)
flake8 failed.
JSHint passed.

flake8

chipx86
Review request changed
david
  1. 
      
  2. I'm not sure what this variable name means.

  3. reviewboard/diffviewer/templatetags/difftags.py (Diff revision 2)
     
     
     
     

    Seems like something that should be logged as well?

  4. reviewboard/static/rb/js/diffviewer/views/diffReviewableView.es6.js (Diff revision 2)
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    This seems like it should be part of a different change. Same with the other JS/CSS related to ducs.

  5. 
      
Loading...