Add validate-dnr-rules CLI tool with cross-platform CI#2
Closed
Add validate-dnr-rules CLI tool with cross-platform CI#2
Conversation
…s translator Standalone script that runs DNR JSON rulesets through WebKit's native translation pipeline and reports errors. Compiles a small tool on-the-fly against the locally-built WebKit.framework. Usage: Tools/Scripts/validate-dnr-rules [--compile] <rules.json> [...]
Set DYLD_FRAMEWORK_PATH so the tool loads the locally-built WebKit.framework instead of the system one.
Standalone C++ tool that validates DNR regexFilter patterns using WebKit's actual URLFilterParser — the same code Safari uses. Compiles 4 WebKit source files directly from the source tree (no code duplication). ghostery/validate-dnr-rules/ src/main.cpp — CLI: reads DNR JSON, validates each regexFilter pattern src/config.h — minimal config enabling CONTENT_EXTENSIONS build.sh — compiles against locally-built WebKit Also includes plans for Homebrew distribution and a fully static cross-platform binary.
…-rules CMakeLists.txt builds the tool using WebKit's own CMake infrastructure for WTF, and compiles the content extension source files directly from the tree. Stubs provide minimal WTF assertion helpers and YARR Unicode property functions that aren't needed for DNR pattern validation. GitHub Actions workflow builds on both macOS (arm64) and Linux (x64).
Configure from the WebKit root so the full CMake infrastructure (WTF, platform detection, ICU) is available. Add our tool as a subdirectory of the root CMakeLists.txt. CI uses fetch-depth: 1 for fast checkout and disables WebCore/WebKit/Tools to only build WTF + our tool.
JSCOnly port builds WTF + JavaScriptCore without any platform libraries. Dependencies: cmake, ninja, ruby, unifdef, libicu-dev. That's it.
Use -DPORT=JSCOnly which only needs ICU (no GTK/Cairo/GStreamer deps). Use -DUSE_SYSTEM_MALLOC=ON to avoid bmalloc dependency. Stub Gigacage::ensureGigacage() and YARR Unicode property functions. Flatten JSC headers into include bridge so <JavaScriptCore/Yarr.h> resolves correctly from Source/JavaScriptCore/yarr/Yarr.h. Verified in Docker: ubuntu:24.04 with cmake, ninja, g++, libicu-dev.
Add bmalloc/Gigacage stubs with proper types so the tool links on both Linux and macOS without the full bmalloc library. CI now builds on both ubuntu-24.04 (x64) and macos-14 (arm64).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a standalone CLI tool that lets extension developers validate their Declarative Net Request rulesets against WebKit's actual URL filter parser — the same code Safari uses at runtime. Outputs a clear report of which regex patterns will be rejected, helping catch issues before shipping to Safari users.
What's included
Tools/Scripts/validate-dnr-rules— Shell wrapper that compiles a small ObjC++ tool on-the-fly against the locally-built WebKit.framework. Useful for WebKit developers iterating on DNR/content-extension changes:```bash
Tools/Scripts/build-webkit --debug
Tools/Scripts/validate-dnr-rules path/to/dnr-rules.json
```
ghostery/validate-dnr-rules/— Standalone C++ tool that links against WebKit's own WTF library and compiles the actualURLFilterParser.cppsource. Builds into a single ~900KB binary on Linux and macOS. Uses WebKit's existing CMake (-DPORT=JSCOnly+-DUSE_SYSTEM_MALLOC=ON) so no WebKit source is copied — every commit on main stays in sync..github/workflows/validate-dnr-rules.yml— CI that builds the tool on both ubuntu-24.04 (x64) and macOS arm64 (Apple Silicon) on every push. On merge to thevalidatorbranch, creates a GitHub Release with both binaries attached (macOS ad-hoc signed for Gatekeeper compatibility).CMakeLists.txt— single-line change to optionallyadd_subdirectory(ghostery/validate-dnr-rules)at the repo root.Usage
```
$ ./validate-dnr-rules-linux-x64 dnr-ads.json dnr-tracking.json
=== dnr-ads.json ===
Rules: 73877
Valid: 73877/73877
=== dnr-tracking.json ===
Rules: 56297
Valid: 56297/56297
OK: All rules validated successfully.
```
Returns exit code 0 on success, 1 with per-rule error details on failure. Suitable for use in extension CI pipelines.
Why this is its own PR
This adds tooling (new files under
ghostery/,.github/,Tools/Scripts/) rather than modifying WebKit proper. The only change to existing WebKit files is a 5-line optionaladd_subdirectoryin the rootCMakeLists.txt. This can be accepted independently of the WebKit fixes in #1 — the tool exercises stockURLFilterParserwithout requiring any of the regex-support additions from that PR.Test plan
||domain^,urlFilter,regexFilterwith basic features)