Forum Discussion
aditi_b
Nimbostratus
NimbostratusAutomated Linters on F5
Hi We are currently uplifting our jenkins pipeline for F5 and there is a requirement for static analysis on the code. Since TCL scripts are not supported by default on Sonar. I am looking for automat...
whisperer
MVP
MVPRemember that while F5 implants TCL in irules, there are differences due to the use of trigger methods, and different namespace functions and variables. I am not aware of any lint type of parser here.
Instead, I would suggest considering local traffic policies. Most irules can be converted to local traffic policies, which run natively within TMOS and survice BIGIP code upgrades. Remember the class match debacle a while back? I have been converting many customer irules to local traffic policies to accomplish simplicity and flexibility in terms of updates (by using the draft/publish methodology).
JRahm
Admin
Adminwhisperer has the right advice here where traffic policies can be implemented in lieu of iRules. iRules are great, but should be used only where necessary. For static analysis, I'm not sure there are tools for that for iRules because it's a heavily extended/customized version of Tcl 8.4.6. I'm checking with someone who might have a more definitive answer, will update here when I hear back.
That said, if you have the ability to upload qkviews of BIG-IP systems configs (even if just a dummy config for the purposed of testing), you could use the ihealth API to check for any iRules-related diagnostics/heuristics that might trigger against your configurations.
On the flip side, if you're look for iRules unit testing, you can check out the questionably named TestTcl, um, package.
- JRahm
Asked around internally and there is a package that Simon_Kowallik put together that might help:
GitHub - simonkowallik/irulescan: irulescan - static security analyzer for iRules