Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Tool for generating Clang JSON Compilation Database files for make-based build systems. A fork of https://github.com/nickdiego/compiledb
Tool for generating Clang's JSON Compilation Database file for GNU
make
-based build systems.
It's aimed mainly at non-cmake (cmake already generates compilation database)
large codebases. Inspired by projects like YCM-Generator and Bear,
but faster (mainly with large projects), since in most cases it doesn't need a clean
build (as the mentioned tools do) to generate the compilation database file, to
achieve this it uses the make options such as -n
/--dry-run
and -k
/--keep-going
to extract the compile commands. Also, it's more cross-compiling friendly than
YCM-generator's fake-toolchanin approach.
This project is a fork of compiledb maintained
by Nick Yamane. Since the PRs to the origin were pending and inactive for quite a long
time, here is an attempt to patch the origin project with this new package name called compiledb-plus
.
We express our gratitude to the original author(s) for their valuable contribution which made this fork possible. Any issues, questions, or contributions pertaining to the additions in this fork should be directed to this repository, not to the original author(s).
# pip install compiledb-plus
compiledb-plus
provides a make
python wrapper script which, besides to execute the make
build command, updates the JSON compilation database file corresponding to that build,
resulting in a command-line interface similar to Bear.
To generate compile_commands.json
file using compiledb-plus's "make wrapper" script,
executing Makefile target all
:
$ compiledb-plus make
compiledb-plus
forwards all the options/arguments passed after make
subcommand to GNU Make,
so one can, for example, generate compile_commands.json
using core/main.mk
as main makefile (-f
flag), starting the build from build
directory (-C
flag):
$ compiledb-plus make -f core/main.mk -C build
By default, compiledb-plus make
generates the compilation database and runs the actual build
command requested (acting as a make wrapper), the build step can be skipped using the -n
or --no-build
options.
$ compiledb-plus -n make
compiledb-plus
base command has been designed so that it can be used to parse compile commands
from arbitrary text files (or stdin), assuming it has a build log (ideally generated using
make -Bnwk
command), and generates the corresponding JSON Compilation database.
For example, to generate the compilation database from build-log.txt
file, use the following
command.
$ compiledb-plus --parse build-log.txt
or its equivalent:
$ compiledb-plus < build-log.txt
Or even, to pipe make's output and print the compilation database to the standard output:
$ make -Bnwk | compiledb-plus -o-
By default compiledb-plus
generates a JSON compilation database in the "arguments" list
format. The "command" string
format is also supported through the use of the --command-style
flag:
$ compiledb-plus --command-style make
I've implemented this tool because I needed to index some AOSP's modules for navigating
and studying purposes (after having no satisfatory results with current tools available by the
time such as YCM-Generator and Bear). So I've reworked YCM-Generator, which resulted
in the initial version of compiledb/parser.py and used successfully to generate
compile_commands.json
for some AOSP modules in ~1min running in a Docker container and then
could use it with some great tools, such as:
Notice:
Patches are always welcome :)
GNU GPLv3
FAQs
Tool for generating Clang JSON Compilation Database files for make-based build systems. A fork of https://github.com/nickdiego/compiledb
We found that compiledb-plus demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.