From c02aabc10925ebbb79de72219fddbb6ec38ec309 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 13 Sep 2024 09:25:46 +0200
Subject: [PATCH] make: add lint-acl and finish first script iteration #7821

---
 Makefile                 |  5 ++++-
 Scripts/dashboard-acl.sh | 47 ++++++++++++++++++++++++++++++++++------
 2 files changed, 44 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index 629038199..8dbf90915 100644
--- a/Makefile
+++ b/Makefile
@@ -395,6 +395,9 @@ lint-model:
 		done; \
 	done
 
+lint-acl:
+	@${.CURDIR}/Scripts/dashboard-acl.sh
+
 SCRIPTDIRS!=	find ${.CURDIR}/src/opnsense/scripts -type d -depth 1
 
 lint-exec:
@@ -412,7 +415,7 @@ LINTBIN?=	${.CURDIR}/contrib/parallel-lint/parallel-lint
 lint-php:
 	@${LINTBIN} src
 
-lint: plist-check lint-shell lint-xml lint-model lint-exec lint-php
+lint: plist-check lint-shell lint-xml lint-model lint-acl lint-exec lint-php
 
 sweep:
 	find ${.CURDIR}/src -type f -name "*.map" -print0 | \
diff --git a/Scripts/dashboard-acl.sh b/Scripts/dashboard-acl.sh
index 3820b0ca1..ccb494c2c 100755
--- a/Scripts/dashboard-acl.sh
+++ b/Scripts/dashboard-acl.sh
@@ -25,18 +25,51 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 
-WIDGETS=$(find -s src/opnsense/www/js/widgets -name "*.js")
+WIDGETDIR=src/opnsense/www/js/widgets
+
+WIDGETS=$(find -s ${WIDGETDIR} -name "*.js")
+METADATA=$(find -s ${WIDGETDIR}/Metadata -name "*.xml")
 
 for WIDGET in ${WIDGETS}; do
-	ENDPOINTS=$(grep -o 'this\.ajaxCall([^,)]*' ${WIDGET} | cut -c 15- |
-	    tr -d "'" | tr -d '`' | sed 's:\$.*:*:')
-	if [ -z "${ENDPOINTS}" ]; then
+	FILENAME=$(basename ${WIDGET})
+	if [ -z "${FILENAME%Base*}" ]; then
+		# ignore base classes
 		continue
 	fi
 
-	echo ">>> $(basename ${WIDGET%.js}):"
+	ENDPOINTS=$((grep -o 'this\.ajaxCall([^,)]*' ${WIDGET} | cut -c 15-;
+	    grep -o 'super\.openEventSource([^,)]*' ${WIDGET} | cut -c 23-) |
+	    tr -d "'" | tr -d '`' | sed 's:\$.*:*:' | sort -u)
 
-	for ENDPOINT in ${ENDPOINTS}; do
-		echo "${ENDPOINT}"
+	if [ -z "${ENDPOINTS}" ]; then
+		echo "No endpoints found for ${WIDGET}"
+		exit 1
+	fi
+
+	REGISTERED=
+
+	for METAFILE in ${METADATA}; do
+		if grep -q "<filename>${FILENAME}</filename>" ${METAFILE}; then
+			REGISTERED=$(xmllint ${METAFILE} --xpath '//*[filename="'"${FILENAME}"'"]//endpoints//endpoint' |
+			    sed -e 's:^[^>]*>::' -e 's:<[^<]*$::' | sort)
+			break
+		fi
 	done
+
+	if [ -z "${REGISTERED}" ]; then
+		echo "Did not find metadata for ${WIDGET}"
+		exit 1
+	fi
+
+	if [ "${REGISTERED}" != "${ENDPOINTS}" ]; then
+		echo "Registered widget endpoints do not match:"
+		echo "<<<<<<< ${WIDGET}"
+		echo "${ENDPOINTS}"
+		echo ========
+		echo "${REGISTERED}"
+		echo ">>>>>>> ${METAFILE}"
+		exit 1
+	fi
+
+	# XXX finally, check the registered endpoints against actual ACL defintions
 done