From 14e20cae897afda1ed3ecb20b30ca9492e4ee7a0 Mon Sep 17 00:00:00 2001 From: huangxt Date: Sat, 7 Mar 2026 21:04:18 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E5=AE=89=E5=85=A8=E6=80=A7?= =?UTF-8?q?=E6=89=AB=E6=8F=8F=E8=84=9A=E6=9C=AC=EF=BC=8C=E9=81=BF=E5=85=8D?= =?UTF-8?q?=E6=B5=8B=E8=AF=95=E4=BB=A3=E7=A0=81=E8=AF=AF=E6=8A=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 使用 awk 在 #[cfg(test)] 处提前退出,跳过测试代码 - 替换多个 grep -v 管道为单一 awk 处理 - 修复乱码字符 --- .github/scripts/sanity_check.sh | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/.github/scripts/sanity_check.sh b/.github/scripts/sanity_check.sh index ff1c079..97f9b29 100755 --- a/.github/scripts/sanity_check.sh +++ b/.github/scripts/sanity_check.sh @@ -37,13 +37,10 @@ echo "--- 检查 panic/unwrap/expect ---" # - benches/ 和 tests/ 目录 # - 白名单:try_into().unwrap() 用于固定大小切片转换(已知安全) -# 收集 src/ 下所有非测试 .rs 文件中的匹配项 -PANIC_HITS=$(grep -rn 'panic!\|\.unwrap()\|\.expect(' src/ --include='*.rs' \ - | grep -v '#\[cfg(test)\]' \ - | grep -v 'mod tests' \ - | grep -v '// test' \ - | grep -v '#\[test\]' \ - | grep -v 'fn test_' \ +# Reason: 逐行 grep -v 无法排除 #[cfg(test)] 块内部的代码, +# 改用 awk 先将每个文件中 #[cfg(test)] 之后的行全部剥离,再 grep。 +PANIC_HITS=$(find src/ -name '*.rs' -exec awk '/#\[cfg\(test\)\]/{exit} {print FILENAME":"NR":"$0}' {} \; \ + | grep 'panic!\|\.unwrap()\|\.expect(' \ || true) if [ -n "$PANIC_HITS" ]; then @@ -89,11 +86,8 @@ echo "--- 检查硬编码敏感信息 ---" # Reason: 防止私钥、密码等敏感信息被提交到仓库 SENSITIVE_PATTERNS='(private.?key|secret.?key|password|passwd|api.?key|token)\s*=\s*["\x27][^\x27"]+["\x27]' -SENSITIVE_HITS=$(grep -rniE "$SENSITIVE_PATTERNS" src/ --include='*.rs' \ - | grep -v '#\[cfg(test)\]' \ - | grep -v 'mod tests' \ - | grep -v '// test' \ - | grep -v 'fn test_' \ +SENSITIVE_HITS=$(find src/ -name '*.rs' -exec awk '/#\[cfg\(test\)\]/{exit} {print FILENAME":"NR":"$0}' {} \; \ + | grep -iE "$SENSITIVE_PATTERNS" \ || true) if [ -n "$SENSITIVE_HITS" ]; then @@ -132,11 +126,10 @@ fi echo "" echo "--- 检查 unsafe 代码 ---" -UNSAFE_HITS=$(grep -rn 'unsafe' src/ --include='*.rs' \ +UNSAFE_HITS=$(find src/ -name '*.rs' -exec awk '/#\[cfg\(test\)\]/{exit} {print FILENAME":"NR":"$0}' {} \; \ + | grep 'unsafe' \ | grep -v '#!\[forbid(unsafe_code)\]' \ | grep -v '// unsafe' \ - | grep -v '#\[cfg(test)\]' \ - | grep -v 'mod tests' \ || true) if [ -n "$UNSAFE_HITS" ]; then @@ -152,7 +145,7 @@ fi echo "" echo "==========================================" if [ "$ERRORS" -gt 0 ]; then - echo -e " ${RED}发现 $ERRORS 个错��!${NC}" + echo -e " ${RED}发现 $ERRORS 个错误!${NC}" echo "==========================================" exit 1 else