#
# Security rules for the test suite
#
# One package per line.  Blank lines and lines beginning with '#' are
# ignored.  Malformed lines are ignored, but a warning is displayed.
# The first matching rule in this file is used by rpminspect, so be
# careful of ordering of explicit files and packages and then wildcard
# rules.
#
# Each rule consists of five fields separated by spaces or tabs (any
# number):
#
#     path           The file or path, can use glob(7) syntax
#     name           The name of the package, can use glob(7) syntax
#     version        The package version, can use glob(7) syntax
#     release        The package release, can use glob(7) syntax
#     rules          Comma-delimited list of security rules where each
#                    element is RULE=ACTION.
#
# It is common to establish per-file rules in a specific package, but
# with glob(7) syntax it is possible to write a rule that applies to
# all files in a package.  Just be aware of what you are writing in
# the fields because security rules should favor more explicit
# matching over wildcard matching.  The most common fields to carry
# '*' values should be version and release.
#
# Available RULES (case-insensitive in the config file):
#
#     caps           Check file capabilities(7)
#     execstack      Check for executable stack in ELF objects or programs
#                    built without GNU_STACK.
#     relro          Check for ELF objects losing GNU_RELRO protection.
#     fortifysource  Check for ELF objects losing -D_FORTIFY_SOURCE.
#     pic            Check for ELF objects built without -fPIC in static
#                    libraries.
#     textrel        Check for an TEXTREL relocations.
#     setuid         Check for CAP_SETUID and group writable permissions.
#     worldwritable  Check for world writable permissions.
#     securitypath   Check for loss of file(s) that belong in a security
#                    path prefix.
#     modes          Check for expected file ownership and permissions.
#
# Available ACTIONS (case-insensitive in the config file):
#
#     SKIP           The finding is ignored.
#     INFORM         The finding is reported at the INFO level, which does
#                    not trigger a failing exit code.
#     VERIFY         The finding is reported at the VERIFY level, which does
#                    trigger a failing exit code.
#     FAIL           The finding is reported at the BAD level, which does
#                    trigger a failing exit code.
#

#<path>           <package>   <version>   <release>   <rules>

# dotnet
# Ignore test data containing unicode codepoints
dotnet-*/src/runtime/src/libraries/System.Globalization.Extensions/tests/IdnMapping/Data/Unicode_1?_0/IdnaTest_1?.txt dotnet*.0 * * unicode=INFORM
dotnet-*/src/runtime/src/libraries/System.Runtime/tests/System.Globalization.Extensions.Tests/IdnMapping/Data/Unicode_1?_0/IdnaTest_1?.txt dotnet*.0 * * unicode=INFORM
# Fixed in of .NET 7 and later with https://github.com/dotnet/aspnetcore/pull/38900
dotnet-v6.*/src/aspnetcore/src/Http/Http/src/Features/FormOptions.cs dotnet6.0 * * unicode=INFORM
dotnet-v6.*/src/aspnetcore/src/Http/WebUtilities/src/FormReader.cs dotnet6.0 * * unicode=INFORM
dotnet-v6.*/src/aspnetcore/src/Http/WebUtilities/src/MultipartReader.cs dotnet6.0 * * unicode=INFORM

# glibc localedata template files and test files
glibc-*/localedata/cmn_TW.UTF-8.in          glibc       *       *       unicode=SKIP
glibc-*/libio/tst-widetext.input            glibc       *       *       unicode=SKIP

# perl-Prima documentation contains RTL control characters on purpose
Prima-*/Prima/Drawable/Glyphs.pm            perl-Prima  *       *       unicode=INFORM

# mumble has translation files that intentionally contain RTL control characters
src/mumble/mumble_*.ts                      mumble      *       *       unicode=INFORM

# systemd test suite files
systemd-*/test/fuzz/fuzz-unit-file/*        systemd     *       *       unicode=SKIP

# clang
# Ignore bidirectional unicode sequence documentation file
clang-tools-extra-*.src/docs/clang-tidy/checks/misc/misleading-bidirectional.rst  clang  *  *  unicode=SKIP

# annobin
# Skip unicode test for annobin's unicode tests
annobin-*/tests/trick-hello.s               annobin     *       *       unicode=SKIP

# gcc
# Skip unicode test for gcc's unicode tests
gcc-*/gcc/testsuite/c-c++-common/*Wbidi*.c  gcc         *       *       unicode=SKIP
