%global _empty_manifest_terminate_build 0 Name: python-firehose Version: 0.5 Release: 1 Summary: Library for working with output from static code analyzers License: LGPL2.1 or later URL: https://github.com/fedora-static-analysis/firehose Source0: https://mirrors.nju.edu.cn/pypi/web/packages/9f/85/3a3e436ea1a5f955dc3c6928d14581ade503c0733d1c77b0688c12a83f0b/firehose-0.5.tar.gz BuildArch: noarch %description "firehose" is a Python package intended for managing the results from code analysis tools (e.g. compiler warnings, static analysis, linters, etc). It currently provides parsers for the output of gcc, clang-analyzer, cppcheck, and findbugs. These parsers convert the results into a common data model of Python objects, with methods for lossless roundtrips through a provided XML format. There is also a JSON equivalent. It is available on pypi here: https://pypi.python.org/pypi/firehose and via git from: https://github.com/fedora-static-analysis/firehose The mailing list is: https://admin.fedoraproject.org/mailman/listinfo/firehose-devel Documentation can be read here: http://firehose.readthedocs.io/en/latest/ Firehose is Free Software, licensed under the LGPLv2.1 or (at your option) any later version. It requires Python 2.7 or 3.2 onwards, and has been successfully tested with PyPy. It is currently of alpha quality. The API and serialization formats are not yet set in stone (and we're keen on hearing feedback before we lock things down more). Motivation: http://lists.fedoraproject.org/pipermail/devel/2012-December/175232.html I want to slurp the results from static code analysis into a database, which means coercing all of the results into some common interchange format, codenamed "firehose" (which could also be the name of the database). The idea is a common XML format that all tools can emit that: * describes a warning * gives source-code location of the warning: filename, function, line number. * optionally with a `CWE `_ identifier * potentially with other IDs and URLs, e.g. the ID "SIG30-C" with URL https://www.securecoding.cert.org/confluence/display/seccode/SIG30-C.+Call+only+asynchronous-safe+functions+within+signal+handlers * optionally describes code path to get there (potentially interprocedural across source files), potentially with "state" annotations (e.g. in the case of a reference-counting bug, it's useful to be able to annotate the changes to the refcount). together with a simple Python API for working with the format as a collection of Python objects (creating, write to XML, read from XML, modification, etc) I initially considered using JSON, but went with XML because if multiple tools are going to emit this, it's good to be able to validate things against a schema (see `firehose.rng `_, a RELAX-NG schema). References to source files in the format can include a hash of the source file itself (e.g. SHA-1) so that you can uniquely identify which source file you were talking about. This format would be slurped into the DB for the web UI, and can have other things done to it without needing a server: e.g.: * convert it to the textual form of a gcc compilation error, so that Emacs etc can parse it and take you to the source * be turned into a simple HTML report locally on your workstation Projects using Firehose: * `mock-with-analysis `_ can rebuild a source RPM, capturing the results of 4 different code analysis tools in Firehose format (along with all source files that were mentioned in any report). * The `"firehose" branch `_ of `cpychecker `_ can natively emit Firehose XML reports * https://github.com/paultag/storz/blob/master/wrappers/storz-lintian %package -n python3-firehose Summary: Library for working with output from static code analyzers Provides: python-firehose BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-firehose "firehose" is a Python package intended for managing the results from code analysis tools (e.g. compiler warnings, static analysis, linters, etc). It currently provides parsers for the output of gcc, clang-analyzer, cppcheck, and findbugs. These parsers convert the results into a common data model of Python objects, with methods for lossless roundtrips through a provided XML format. There is also a JSON equivalent. It is available on pypi here: https://pypi.python.org/pypi/firehose and via git from: https://github.com/fedora-static-analysis/firehose The mailing list is: https://admin.fedoraproject.org/mailman/listinfo/firehose-devel Documentation can be read here: http://firehose.readthedocs.io/en/latest/ Firehose is Free Software, licensed under the LGPLv2.1 or (at your option) any later version. It requires Python 2.7 or 3.2 onwards, and has been successfully tested with PyPy. It is currently of alpha quality. The API and serialization formats are not yet set in stone (and we're keen on hearing feedback before we lock things down more). Motivation: http://lists.fedoraproject.org/pipermail/devel/2012-December/175232.html I want to slurp the results from static code analysis into a database, which means coercing all of the results into some common interchange format, codenamed "firehose" (which could also be the name of the database). The idea is a common XML format that all tools can emit that: * describes a warning * gives source-code location of the warning: filename, function, line number. * optionally with a `CWE `_ identifier * potentially with other IDs and URLs, e.g. the ID "SIG30-C" with URL https://www.securecoding.cert.org/confluence/display/seccode/SIG30-C.+Call+only+asynchronous-safe+functions+within+signal+handlers * optionally describes code path to get there (potentially interprocedural across source files), potentially with "state" annotations (e.g. in the case of a reference-counting bug, it's useful to be able to annotate the changes to the refcount). together with a simple Python API for working with the format as a collection of Python objects (creating, write to XML, read from XML, modification, etc) I initially considered using JSON, but went with XML because if multiple tools are going to emit this, it's good to be able to validate things against a schema (see `firehose.rng `_, a RELAX-NG schema). References to source files in the format can include a hash of the source file itself (e.g. SHA-1) so that you can uniquely identify which source file you were talking about. This format would be slurped into the DB for the web UI, and can have other things done to it without needing a server: e.g.: * convert it to the textual form of a gcc compilation error, so that Emacs etc can parse it and take you to the source * be turned into a simple HTML report locally on your workstation Projects using Firehose: * `mock-with-analysis `_ can rebuild a source RPM, capturing the results of 4 different code analysis tools in Firehose format (along with all source files that were mentioned in any report). * The `"firehose" branch `_ of `cpychecker `_ can natively emit Firehose XML reports * https://github.com/paultag/storz/blob/master/wrappers/storz-lintian %package help Summary: Development documents and examples for firehose Provides: python3-firehose-doc %description help "firehose" is a Python package intended for managing the results from code analysis tools (e.g. compiler warnings, static analysis, linters, etc). It currently provides parsers for the output of gcc, clang-analyzer, cppcheck, and findbugs. These parsers convert the results into a common data model of Python objects, with methods for lossless roundtrips through a provided XML format. There is also a JSON equivalent. It is available on pypi here: https://pypi.python.org/pypi/firehose and via git from: https://github.com/fedora-static-analysis/firehose The mailing list is: https://admin.fedoraproject.org/mailman/listinfo/firehose-devel Documentation can be read here: http://firehose.readthedocs.io/en/latest/ Firehose is Free Software, licensed under the LGPLv2.1 or (at your option) any later version. It requires Python 2.7 or 3.2 onwards, and has been successfully tested with PyPy. It is currently of alpha quality. The API and serialization formats are not yet set in stone (and we're keen on hearing feedback before we lock things down more). Motivation: http://lists.fedoraproject.org/pipermail/devel/2012-December/175232.html I want to slurp the results from static code analysis into a database, which means coercing all of the results into some common interchange format, codenamed "firehose" (which could also be the name of the database). The idea is a common XML format that all tools can emit that: * describes a warning * gives source-code location of the warning: filename, function, line number. * optionally with a `CWE `_ identifier * potentially with other IDs and URLs, e.g. the ID "SIG30-C" with URL https://www.securecoding.cert.org/confluence/display/seccode/SIG30-C.+Call+only+asynchronous-safe+functions+within+signal+handlers * optionally describes code path to get there (potentially interprocedural across source files), potentially with "state" annotations (e.g. in the case of a reference-counting bug, it's useful to be able to annotate the changes to the refcount). together with a simple Python API for working with the format as a collection of Python objects (creating, write to XML, read from XML, modification, etc) I initially considered using JSON, but went with XML because if multiple tools are going to emit this, it's good to be able to validate things against a schema (see `firehose.rng `_, a RELAX-NG schema). References to source files in the format can include a hash of the source file itself (e.g. SHA-1) so that you can uniquely identify which source file you were talking about. This format would be slurped into the DB for the web UI, and can have other things done to it without needing a server: e.g.: * convert it to the textual form of a gcc compilation error, so that Emacs etc can parse it and take you to the source * be turned into a simple HTML report locally on your workstation Projects using Firehose: * `mock-with-analysis `_ can rebuild a source RPM, capturing the results of 4 different code analysis tools in Firehose format (along with all source files that were mentioned in any report). * The `"firehose" branch `_ of `cpychecker `_ can natively emit Firehose XML reports * https://github.com/paultag/storz/blob/master/wrappers/storz-lintian %prep %autosetup -n firehose-0.5 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-firehose -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Thu Mar 09 2023 Python_Bot - 0.5-1 - Package Spec generated