[ocaml-lintian]
flags = perl-bug-588017 dangerous
comment = Dangerous because it executes shell commands in filenames
apt = dh-ocaml, ocaml-nox
files = *.cma
command = ocaml-lintian {files}

[ocaml-shell-injection]
files = *.ml
comment = These calls are potentially vulnerable to shell metacharacter injection
command = grep -nHE 'Unix\.(system|open_process(|_in|_out|_full))' {files}

[ocaml-unsafe-features]
apt = ocaml-nox
files = *.cmi *.cmo *.cma *.cmx *.cmxa *.cmxs
command = ocamlobjinfo {file} | grep -E '^(File |Uses unsafe features: YES)' | perl -nle 'print "$prev\n$_" if /^Uses / and $prev =~ /^File /; $prev=$_'

# TODO: unsafe language features: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702349#24
#       asked about on #ocaml and here: <1452740997.2807.5.camel@debian.org>
# TODO: http://mascot.x9c.fr/

# vim:ft=dosini
