Skip to content

fix bug: incorrect result for parsing devices from adb#1

Merged
GenericJam merged 1 commit into
GenericJam:masterfrom
elixir-sg:master
Apr 22, 2026
Merged

fix bug: incorrect result for parsing devices from adb#1
GenericJam merged 1 commit into
GenericJam:masterfrom
elixir-sg:master

Conversation

@manhvu

@manhvu manhvu commented Apr 22, 2026

Copy link
Copy Markdown
Contributor

I fixed incorrect result of 'mob_dev.doctor'. I hope you can look this.

@GenericJam
GenericJam merged commit cf60beb into GenericJam:master Apr 22, 2026
1 check passed
GenericJam added a commit that referenced this pull request May 29, 2026
Phase 2 item #1 of the plugin extraction plan. Scans every activated
plugin's Elixir (AST walker) and C NIF sources (regex over comment-
stripped text) for the default ruleset spec'd in MOB_PLUGIN_SECURITY.md:

  - Code.eval_string/1,2,3 and Code.compile_string/1,2          (high)
  - :erlang.binary_to_term/1 (arity-2 with [:safe] passes)      (high)
  - String.to_atom/1 with a non-literal argument                (medium)
  - Application.put_env(:mob, ...)                              (medium)
  - File.write/cp/rm_rf, :os.cmd, System.cmd, Path.expand("~")  (medium)
  - system(), popen(), execve(), socket() in C NIFs       (high / medium)

MobDev.Plugin.Audit is the pure-ish kernel: walks lib/ via
Code.string_to_quoted! + Macro.prewalk for accurate line numbers and to
avoid false-positives a regex sweep would hit in comments / strings.
C scanner strips block + line comments before its per-line regex pass.

Kotlin/Swift sources are reported as "not yet audited" - a follow-up
will land proper parsers there.

Exit codes match the spec: 0 if clean / only :low, 1 on :medium,
2 on :high. --accept-medium suppresses 1, --plugin <name> scopes to one.

Tests cover each rule (positive + negative cases), the literal/non-literal
String.to_atom distinction, the arity-2 :safe form of binary_to_term, the
comment-stripping behaviour of the C scanner, and the exit-code matrix.
A second test suite runs the audit against the three Phase 1 prototypes
in /Users/kevin/code/mob_plugin_demo/plugins/ - all three are clean,
which is the meaningful result Phase 2's exit criteria call for.

Co-Authored-By: Claude Opus 4.7 <[email protected]>
GenericJam added a commit that referenced this pull request May 29, 2026
Adds MobDev.Plugin.Report.with_vetting/2 that runs each activated
plugin's source tree through Audit.audit_plugin/2 (Phase 2 #1) and
the validator's swift-imports + Android permissions checks (Phase 2
#3). The result is attached to each row as a :vetting summary.

render/1 detects rows with vetting and adds a VETTING column whose
shape is:

- "clean"       — zero findings, zero capability errors
- "1H 2M"       — compact audit summary (zero categories omitted)
- "caps:2"      — capability errors only
- "caps:2 1M"   — combined

The Mix task now passes Mix.Project.deps_paths() through so
with_vetting/2 can locate each plugin's source dir. Rows without a
dir, or :installed-not-activated rows, keep vetting=nil and render
as a single dash — no false-positive findings against plugins the
host isn't actually using.

+5 focused tests on the rendering shape. Closes Phase 2 #6 of
plugin_extraction_plan.md.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants