Sanity check to make sure that known unsecure target doesn't require security

7 years ago · 12bfc62e81
parent dd0f006416
commit 12bfc62e81
2 changed files with 25 additions and 0 deletions
--- a/tools/run_tests/sanity/check_unsecure.sh
+++ b/tools/run_tests/sanity/check_unsecure.sh
@ -0,0 +1,24 @@
+#!/bin/sh
+# Copyright 2017 gRPC authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+set -e
+
+# Make sure that there is no path from a known unsecure target
+# to an SSL library
+
+[[ $(bazel query "somepath(//test/cpp/microbenchmarks:helpers, //external:libssl)" 2>/dev/null | wc -l) -eq 0 ]]
+
+# Fall through with the exit code of that command
--- a/tools/run_tests/sanity/sanity_tests.yaml
+++ b/tools/run_tests/sanity/sanity_tests.yaml
@ -6,6 +6,7 @@
 - script: tools/run_tests/sanity/check_submodules.sh
 - script: tools/run_tests/sanity/check_test_filtering.py
 - script: tools/run_tests/sanity/check_tracer_sanity.py
+- script: tools/run_tests/sanity/check_unsecure.sh
 - script: tools/run_tests/sanity/core_banned_functions.py
 - script: tools/run_tests/sanity/core_untyped_structs.sh
 - script: tools/buildgen/generate_projects.sh -j 3