From c1a2d267117ee7cde612e3d66bf039458fc41ce4 Mon Sep 17 00:00:00 2001
From: Jason Tibbitts <tibbs@math.uh.edu>
Date: Thu, 20 Apr 2017 10:55:20 -0500
Subject: [PATCH] Disable rpmlint by default (#492)

* Disable rpmlint by default as it is not safe.
---
 README.md               |  2 +-
 autoload/ale/linter.vim |  2 ++
 doc/ale-spec.txt        | 17 +++++++++++++++--
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 812892e..a911552 100644
--- a/README.md
+++ b/README.md
@@ -95,7 +95,7 @@ name. That seems to be the fairest way to arrange this table.
 | Puppet | [puppet](https://puppet.com), [puppet-lint](https://puppet-lint.com) |
 | Python | [flake8](http://flake8.pycqa.org/en/latest/), [mypy](http://mypy-lang.org/), [pylint](https://www.pylint.org/) |
 | reStructuredText | [proselint](http://proselint.com/)|
-| RPM spec | [rpmlint](https://github.com/rpm-software-management/rpmlint) |
+| RPM spec | [rpmlint](https://github.com/rpm-software-management/rpmlint) (disabled by default; see `:help ale-integration-spec`) |
 | Ruby | [reek](https://github.com/troessner/reek), [rubocop](https://github.com/bbatsov/rubocop), [ruby](https://www.ruby-lang.org) |
 | Rust | [rustc](https://www.rust-lang.org/), cargo (see `:help ale-integration-rust` for configuration instructions) |
 | SASS | [sass-lint](https://www.npmjs.com/package/sass-lint), [stylelint](https://github.com/stylelint/stylelint) |
diff --git a/autoload/ale/linter.vim b/autoload/ale/linter.vim
index dc42c52..8a33249 100644
--- a/autoload/ale/linter.vim
+++ b/autoload/ale/linter.vim
@@ -20,11 +20,13 @@ let s:default_ale_linter_aliases = {
 " No linters are used for plaintext files by default.
 "
 " Only cargo is enabled for Rust by default.
+" rpmlint is disabled by default because it can result in code execution.
 let s:default_ale_linters = {
 \   'csh': ['shell'],
 \   'go': ['go build', 'gofmt', 'golint', 'gosimple', 'go vet', 'staticcheck'],
 \   'help': [],
 \   'rust': ['cargo'],
+\   'spec': [],
 \   'text': [],
 \   'zsh': ['shell'],
 \}
diff --git a/doc/ale-spec.txt b/doc/ale-spec.txt
index fc6be56..64c56a5 100644
--- a/doc/ale-spec.txt
+++ b/doc/ale-spec.txt
@@ -1,11 +1,24 @@
 ===============================================================================
 ALE RPM Spec Integration                                     *ale-spec-options*
+                                                         *ale-integration-spec*
 
+-------------------------------------------------------------------------------
+Integration Information
+
+  The rpmlint linter is disabled by default, because running rpmlint can
+  result in the execution of code embedded in the spec file and rpmlint makes
+  no distinction between checks which are safe to run on untrusted files and
+  those which are not.
+
+  Currently linters must be enabled globally.  The rpmlint linter can be
+  enabled with:
+
+  let g:ale_linters = {'spec': ['rpmlint']}
 
 -------------------------------------------------------------------------------
 rpmlint                                                      *ale-spec-rpmlint*
 
-g:ale_spec_rpmlint_executable                 *g:ale_spec_rpmlint_executable*
+g:ale_spec_rpmlint_executable                   *g:ale_spec_rpmlint_executable*
 
   Type: |String|
   Default: `'rpmlint'`
@@ -13,7 +26,7 @@ g:ale_spec_rpmlint_executable                 *g:ale_spec_rpmlint_executable*
   This variable sets executable used for rpmlint.
 
 
-g:ale_spec_rpmlint_options                       *g:ale_spec_rpmlint_options*
+g:ale_spec_rpmlint_options                         *g:ale_spec_rpmlint_options*
 
   Type: |String|
   Default: `''`