commit 8085f51108e75e837430f448d807fc12400db0cf
author Gilles Peskine <Gilles.Peskine@arm.com> Sun Sep 15 12:45:44 2024 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Oct 16 11:52:27 2024 +0200
tree f26886380f9c49d3a997a97fba76a1c55ce2693b
parent ed6feae51387cc58ce4ebacbf3f2c85ea788574d

Use MBEDTLS_ERROR_ADD instead of explicit addition: enforcement

Reject direct additions of error constants (regex-based approximation).

Fix the lone straggler.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/scripts/check_files.py

diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index e937202..87326e8 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -446,6 +446,25 @@
         return False
 
 
+class ErrorAddIssueTracker(LineIssueTracker):
+    """Signal direct additions of error codes.
+
+    Adding a low-level error code with a high-level error code is deprecated
+    and should use MBEDTLS_ERROR_ADD.
+    """
+
+    heading = "Direct addition of error codes"
+
+    _ERR_PLUS_RE = re.compile(br'MBEDTLS_ERR_\w+ *\+|'
+                              br'\+ *MBEDTLS_ERR_')
+    _EXCLUDE_RE = re.compile(br' *case ')
+
+    def issue_with_line(self, line, filepath, line_number):
+        if self._ERR_PLUS_RE.search(line) and not self._EXCLUDE_RE.match(line):
+            return True
+        return False
+
+
 class IntegrityChecker:
     """Sanity-check files under the current directory."""
 
@@ -467,6 +486,7 @@
             TabIssueTracker(),
             MergeArtifactIssueTracker(),
             LicenseIssueTracker(),
+            ErrorAddIssueTracker(),
         ]
 
     def setup_logger(self, log_file, level=logging.INFO):