Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Tool for generating Clang JSON Compilation Database files for make-based build systems.
This repo is forked from the official repo. Since the official repo hasn't accepted new pull requests for a long time, DiodeIoT decided to improve this tool on its own forked repo.
All credits go to nickdiego
Tool for generating Clang's JSON Compilation Database file for GNU
make
-based build systems.
It's aimed mainly at non-cmake (cmake already generates compilation database)
large codebases. Inspired by projects like YCM-Generator and Bear,
but faster (mainly with large projects), since in most cases it doesn't need a clean
build (as the mentioned tools do) to generate the compilation database file, to
achieve this it uses the make options such as -n
/--dry-run
and -k
/--keep-going
to extract the compile commands. Also, it's more cross-compiling friendly than
YCM-generator's fake-toolchanin approach.
# pip install compiledbd
compiledbd
provides a make
python wrapper script which, besides to execute the make
build command, updates the JSON compilation database file corresponding to that build,
resulting in a command-line interface similar to Bear.
To generate compile_commands.json
file using compiledbd's "make wrapper" script,
executing Makefile target all
:
$ compiledbd make
compiledbd
forwards all the options/arguments passed after make
subcommand to GNU Make,
so one can, for example, generate compile_commands.json
using core/main.mk
as main makefile (-f
flag), starting the build from build
directory (-C
flag):
$ compiledbd make -f core/main.mk -C build
By default, compiledbd make
generates the compilation database and runs the actual build
command requested (acting as a make wrapper), the build step can be skipped using the -n
or --no-build
options.
$ compiledbd -n make
compiledbd
base command has been designed so that it can be used to parse compile commands
from arbitrary text files (or stdin), assuming it has a build log (ideally generated using
make -Bnwk
command), and generates the corresponding JSON Compilation database.
For example, to generate the compilation database from build-log.txt
file, use the following
command.
$ compiledbd --parse build-log.txt
or its equivalent:
$ compiledbd < build-log.txt
Or even, to pipe make's output and print the compilation database to the standard output:
$ make -Bnwk | compiledbd -o-
By default compiledbd
generates a JSON compilation database in the "arguments" list
format. The "command" string
format is also supported through the use of the --command-style
flag:
$ compiledbd --command-style make
I've implemented this tool because I needed to index some AOSP's modules for navigating
and studying purposes (after having no satisfatory results with current tools available by the
time such as YCM-Generator and Bear). So I've reworked YCM-Generator, which resulted
in the initial version of compiledbd/parser.py and used successfully to generate
compile_commands.json
for some AOSP modules in ~1min running in a Docker container and then
could use it with some great tools, such as:
Notice:
Patches are always welcome :)
GNU GPLv3
FAQs
Tool for generating Clang JSON Compilation Database files for make-based build systems.
We found that compiledbd demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.