mix dsxir.check.no_eval (dsxir v0.2.0)

Copy Markdown

CI invariant: forbid runtime evaluation/compilation in the dynamic-program code paths.

Scans:

  • lib/dsxir/runtime_program/
  • lib/dsxir/predicate/
  • lib/dsxir/program/source.ex
  • lib/dsxir/program/source/runtime_program.ex

For these forbidden patterns:

  • Code.eval_string, Code.eval_quoted
  • Code.compile_string, Code.compile_quoted
  • Module.create
  • :erl_eval
  • String.to_atom (predicate parser must use String.to_existing_atom/1)

Run via mix dsxir.check.no_eval. Exits with status 1 on any hit.

The repository CI workflow (.github/workflows/build_and_test.yaml) invokes mix check, which in turn runs the custom tool registered in .check.exs for this task. Local runs can use the task directly.

Summary

Functions

scan_all()

Scan all configured paths and return a flat list of {file, line, pattern} hits.

scan_path_explicit(path)

Scan a single path (file or directory) and return any hits.

Functions

scan_all()

@spec scan_all() :: [{Path.t(), pos_integer(), String.t()}]

Scan all configured paths and return a flat list of {file, line, pattern} hits.

scan_path_explicit(path)

@spec scan_path_explicit(Path.t()) :: [{Path.t(), pos_integer(), String.t()}]

Scan a single path (file or directory) and return any hits.

Returns [] when the path does not exist. For directories, every *.ex file beneath it is scanned recursively.