Issue 808477 link

Starred by 1 user

Issue metadata

Status:	Available
Owner:	----
Cc:	dougt@chromium.org rsesek@chromium.org rockot@google.com tsepez@chromium.org dcheng@chromium.org palmer@chromium.org mar...@chromium.org █ nasko@chromium.org
Components:	Infra>Platform>Tricium>Analyzer
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Feature

Add a Tricium analyzer to help make mojo security reviews easier

Project Member Reported by jam@chromium.org, Feb 2 2018

Issue description

Per Marc-Antoine, it's now possible to write a Tricium plugin to annotate mojom/manifest files in Gerrit.

Security team has long wanted more information displayed about mojom files, i.e. which services they live in, and maybe which processes embed them (not sure if this is possible).

Comment 1 by maruel@google.com, Feb 2 2018

Components: Infra>CodeAnalysis
Labels: -OS-Mac Tricium

Comment 2 by qyears...@chromium.org, Feb 2 2018

Summary: Add a Tricium analyzer to help make mojo security reviews easier (was: Add Tricium plugin to help make mojo security reviews easier)

Small analyzer example: https://cs.chromium.org/chromium/infra/go/src/infra/tricium/functions/spacey/

There is not yet detailed, tested documentation about creating an analyzer, but this is one of the next major goals for the Tricium project.

A simple analyzer will generally be an executable that takes a list of files to process (i.e. files in the CL) as input and produces a list of comments to add into those files. The analyzer could check out other files in the repo and use those as input too.