Von: Mohammed Billoo <mab@mab-labs.com>
Gesendet: Donnerstag, 13. August 2020 17:24
An: Bulwahn Lukas, JC-20 <Lukas.Bulwahn@bmw.de>
Cc: Shuah Khan <skhan@linuxfoundation.org>; linux-safety@lists.elisa.tech
Betreff: Re: [linux-safety] [PATCH] coccinelle: misc: Check for hard-coded constants

With regards to the directory name, it wasn't meant to be for this specific group, but a sensible category to put these patches in. In my experience, misc becomes a catch-all for everything else, promotes laziness, and things end up being a mess. Does it make sense to create another directory that contains patches that are specific to catching CWEs (e.g. a directory called "safety" or "safety-critical") that don't obviously fall into the other non-misc directories?

To your questions, here is my opinion...

1. Is the header format in the semantic patch acceptable (i.e. referencing the CWE that this particular semantic patch aims to address)?

Actually, I think we should that for the existing rules as well.

I was thinking of the following format:

# Addresses: CWE-414 ("Missing Lock Check")

or

# Contributes-to: Missing Lock Check [CWE-414]

I think it is good discussion to have with Julia Lawall, Dan Carpenter, Luc Van Oostenryck, Joe Perches, etc. to see how they would want to maintain such information within their tools.


2. Should we create a separate directory for ELISA within coccinelle?

No, we do not structure according to the contributor, then the kernel architecture would be "linus directory", "andrew directory", "shuah directory", etc.

I would suggest that we could roughly structure according the existing structure for coccinelle and the CWE structure.


Lukas

P.S.: We need to set groups.io not to generate HTML emails on responses etc. when we want to engage with the kernel community. Let us check if we get that set up.