ostiwe/go-toml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove CAPABILITY_UNSAFE_POINTER exclusion hack

Browse Source 
Now that capslock is scoped to just the library package (.),
CAPABILITY_UNSAFE_POINTER no longer appears as a false positive.
Add it to FORBIDDEN_CAPS instead, and remove the source-level
unsafe import check and all the grep -v filtering.

https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
This commit is contained in:
Claude
2026-03-24 10:53:59 +00:00
parent cad7681abe
commit 1ac4431db9
1 changed files with 4 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
caps.sh
+4 -21
View File
@@ -18,6 +18,7 @@ FORBIDDEN_CAPS=(
CAPABILITY_NETWORK CAPABILITY_NETWORK
CAPABILITY_CGO CAPABILITY_CGO
CAPABILITY_EXEC CAPABILITY_EXEC
CAPABILITY_UNSAFE_POINTER
) )
capslock_to_baseline() { capslock_to_baseline() {
@@ -43,19 +44,6 @@ check() {
failed=0 failed=0
# Verify go-toml source never directly imports "unsafe".
# Capslock may report CAPABILITY_UNSAFE_POINTER due to stdlib internals
# (e.g. reflect -> unsafe), which is a false positive. Instead of relying
# on capslock for this, we check the source directly.
unsafe_imports=$(find . -name '*.go' -not -name '*_test.go' \
-not -path './vendor/*' -not -path './cmd/*' -not -path './internal/*' \
-exec grep -l '"unsafe"' {} +) || true
if [ -n "$unsafe_imports" ]; then
echo "FORBIDDEN: direct unsafe import found in:"
echo "$unsafe_imports"
failed=1
fi
# Check for forbidden capabilities in current output. # Check for forbidden capabilities in current output.
for cap in "${FORBIDDEN_CAPS[@]}"; do for cap in "${FORBIDDEN_CAPS[@]}"; do
if grep -q "$cap" "$current"; then if grep -q "$cap" "$current"; then
@@ -66,13 +54,8 @@ check() {
done done
# Extract all unique capability names from baseline and current. # Extract all unique capability names from baseline and current.
# Exclude CAPABILITY_UNSAFE_POINTER from comparison — capslock reports it baseline_caps=$(grep -oE 'CAPABILITY_[A-Z_]+' "$BASELINE" | sort -u)
# as a false positive from stdlib internals (reflect, sync, etc. use current_caps=$(grep -oE 'CAPABILITY_[A-Z_]+' "$current" | sort -u)
# unsafe.Pointer internally). Go 1.26+ triggers this due to changes in
# how capslock traces through unclassified reflect functions. The direct
# source check above is the real guard against unsafe usage.
baseline_caps=$(grep -oE 'CAPABILITY_[A-Z_]+' "$BASELINE" | grep -v CAPABILITY_UNSAFE_POINTER | sort -u)
current_caps=$(grep -oE 'CAPABILITY_[A-Z_]+' "$current" | grep -v CAPABILITY_UNSAFE_POINTER | sort -u)
# Check for new capability names not in the baseline. # Check for new capability names not in the baseline.
new_caps=$(comm -13 <(echo "$baseline_caps") <(echo "$current_caps")) new_caps=$(comm -13 <(echo "$baseline_caps") <(echo "$current_caps"))
@@ -91,7 +74,7 @@ check() {
continue continue
fi fi
# Check each capability in current for this package # Check each capability in current for this package
for cap in $(echo "$caps" | tr ', ' '\n' | grep -v '^$' | grep -v CAPABILITY_UNSAFE_POINTER); do for cap in $(echo "$caps" | tr ', ' '\n' | grep -v '^$'); do
if ! echo "$baseline_pkg_caps" | grep -q "$cap"; then if ! echo "$baseline_pkg_caps" | grep -q "$cap"; then
echo "NEW capability for $pkg: $cap" echo "NEW capability for $pkg: $cap"
failed=1 failed=1