Increase verifiability of security checks
This patch introduces a series of patches that will provide tools which
will succeed current security check scripts. Its two main reasons are:
* increasing tools verifiability by providing internal tests,
* improving "expected failure" support by suppressing carefully selected
set of special cases.
Each tool will use following directory structure (generated with
"tree -a --charset=ascii" command):
.
`-- check_module
|-- Dockerfile
|-- .dockerignore
|-- .gitignore
|-- go.mod
|-- main.go
|-- Makefile
|-- README
|-- README.rst -> README
`-- submodule
|-- submodule.go
`-- submodule_test.go
This will allow using Go Modules mechanism within its limitations [1]
for "non-go-get-able modules" [2][3][4] - also in case of separating
code into several modules used by multiple "check modules", e.g.
.
|-- common
| |-- common.go
| |-- common_test.go
| `-- go.mod
`-- check_module
|-- go.mod
`-- ...
It would require migration from separate Dockerfiles to a single one
(multi-stage), though.
Provided Makefiles are intended to simplify local development
(Docker-less building) and container images preparation. READMEs clarify
utility requirements and usage - file without extension is for VCS
reference, symlink for proper syntax rendering.
[1] https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository
[2] https://github.com/golang/go/wiki/Modules#can-i-work-entirely-outside-of-vcs-on-my-local-filesystem
[3] https://github.com/golang/go/issues/26645#issuecomment-
408572701
[4] https://www.dim13.org/go-get-cgit
Issue-ID: SECCOM-261
Change-Id: I48eeeda66bd5570d249e96e101e431e6bab75cb3
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Code Review / integration.git / commit