bug#35368: [PATCH] Do potentially destructive operations in prepare-commit-msg

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH] Do potentially destructive operations in prepare-commit-msg

Konstantin Kharlamov
* build-aux/git-hooks/prepare-commit-msg: if someone occasionally puts
Signed-off line, it will likely get there through -s option of git.
Exploit this fact to abort before a user got a chance to type commit
message.
---
 autogen.sh                             |  2 +-
 build-aux/git-hooks/prepare-commit-msg | 59 ++++++++++++++++++++++++++
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100755 build-aux/git-hooks/prepare-commit-msg

diff --git a/autogen.sh b/autogen.sh
index 40d0c37b11b..c85ecfecac6 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -332,7 +332,7 @@ hooks=
 tailored_hooks=
 sample_hooks=
 
-for hook in commit-msg pre-commit; do
+for hook in commit-msg pre-commit prepare-commit-msg; do
     cmp -- build-aux/git-hooks/$hook "$hooks/$hook" >/dev/null 2>&1 ||
  tailored_hooks="$tailored_hooks $hook"
 done
diff --git a/build-aux/git-hooks/prepare-commit-msg b/build-aux/git-hooks/prepare-commit-msg
new file mode 100755
index 00000000000..ed4eab6063c
--- /dev/null
+++ b/build-aux/git-hooks/prepare-commit-msg
@@ -0,0 +1,59 @@
+#!/bin/sh
+# Check the format of GNU Emacs change log entries.
+
+# Copyright 2019 Free Software Foundation, Inc.
+
+# This file is part of GNU Emacs.
+
+# GNU Emacs is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# GNU Emacs is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.
+
+COMMIT_MSG_FILE=$1
+COMMIT_SOURCE=$2
+SHA1=$3
+
+# Prefer gawk if available, as it handles NUL bytes properly.
+if type gawk >/dev/null 2>&1; then
+  awk=gawk
+else
+  awk=awk
+fi
+
+# Use a UTF-8 locale if available, so that the UTF-8 check works.
+# Use U+00A2 CENT SIGN to test whether the locale works.
+cent_sign_utf8_format='\302\242\n'
+cent_sign=`printf "$cent_sign_utf8_format"`
+print_at_sign='BEGIN {print substr("'$cent_sign'@", 2)}'
+at_sign=`$awk "$print_at_sign" </dev/null 2>/dev/null`
+if test "$at_sign" != @; then
+  at_sign=`LC_ALL=en_US.UTF-8 $awk "$print_at_sign" </dev/null 2>/dev/null`
+  if test "$at_sign" = @; then
+    LC_ALL=en_US.UTF-8
+  else
+    LC_ALL=C
+  fi
+  export LC_ALL
+fi
+
+exec $awk -v at_sign="$at_sign" -v cent_sign="$cent_sign" -v file="$1" '
+  /^Signed-off-by: / {
+    print "'\''Signed-off-by:'\'' in commit message"
+    status = 1
+  }
+  END {
+    if (status != 0) {
+      print "Commit aborted; please see the file 'CONTRIBUTE'"
+    }
+    exit status
+  }
+' <"$1"
--
2.21.0




Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v2] Do potentially destructive operations in prepare-commit-msg

Konstantin Kharlamov
* build-aux/git-hooks/prepare-commit-msg: if someone occasionally puts
Signed-off line, it will likely get there through -s option of git.
Exploit this fact to abort before a user got a chance to type commit
message.
---

v2: instead of "magic" $1 use $COMMIT_MSG_FILE

 autogen.sh                             |  2 +-
 build-aux/git-hooks/prepare-commit-msg | 59 ++++++++++++++++++++++++++
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100755 build-aux/git-hooks/prepare-commit-msg

diff --git a/autogen.sh b/autogen.sh
index 40d0c37b11b..c85ecfecac6 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -332,7 +332,7 @@ hooks=
 tailored_hooks=
 sample_hooks=
 
-for hook in commit-msg pre-commit; do
+for hook in commit-msg pre-commit prepare-commit-msg; do
     cmp -- build-aux/git-hooks/$hook "$hooks/$hook" >/dev/null 2>&1 ||
  tailored_hooks="$tailored_hooks $hook"
 done
diff --git a/build-aux/git-hooks/prepare-commit-msg b/build-aux/git-hooks/prepare-commit-msg
new file mode 100755
index 00000000000..f35f1dcbbc4
--- /dev/null
+++ b/build-aux/git-hooks/prepare-commit-msg
@@ -0,0 +1,59 @@
+#!/bin/sh
+# Check the format of GNU Emacs change log entries.
+
+# Copyright 2019 Free Software Foundation, Inc.
+
+# This file is part of GNU Emacs.
+
+# GNU Emacs is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# GNU Emacs is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.
+
+COMMIT_MSG_FILE=$1
+COMMIT_SOURCE=$2
+SHA1=$3
+
+# Prefer gawk if available, as it handles NUL bytes properly.
+if type gawk >/dev/null 2>&1; then
+  awk=gawk
+else
+  awk=awk
+fi
+
+# Use a UTF-8 locale if available, so that the UTF-8 check works.
+# Use U+00A2 CENT SIGN to test whether the locale works.
+cent_sign_utf8_format='\302\242\n'
+cent_sign=`printf "$cent_sign_utf8_format"`
+print_at_sign='BEGIN {print substr("'$cent_sign'@", 2)}'
+at_sign=`$awk "$print_at_sign" </dev/null 2>/dev/null`
+if test "$at_sign" != @; then
+  at_sign=`LC_ALL=en_US.UTF-8 $awk "$print_at_sign" </dev/null 2>/dev/null`
+  if test "$at_sign" = @; then
+    LC_ALL=en_US.UTF-8
+  else
+    LC_ALL=C
+  fi
+  export LC_ALL
+fi
+
+exec $awk -v at_sign="$at_sign" -v cent_sign="$cent_sign" -v file="$COMMIT_MSG_FILE" '
+  /^Signed-off-by: / {
+    print "'\''Signed-off-by:'\'' in commit message"
+    status = 1
+  }
+  END {
+    if (status != 0) {
+      print "Commit aborted; please see the file 'CONTRIBUTE'"
+    }
+    exit status
+  }
+' <"$COMMIT_MSG_FILE"
--
2.21.0




Reply | Threaded
Open this post in threaded view
|

bug#35368: Acknowledgement ([PATCH] Do potentially destructive operations in prepare-commit-msg)

Konstantin Kharlamov
In reply to this post by Konstantin Kharlamov
Oh, and while on it: I'm thinking also about automatically filling the
default commit template (i.e. files changed, functions changed — can
be inferred for C). I'm wondering, which language would it be
acceptable to write hook in? Python?





Reply | Threaded
Open this post in threaded view
|

bug#35368: Acknowledgement ([PATCH] Do potentially destructive operations in prepare-commit-msg)

Eli Zaretskii
> Date: Tue, 23 Apr 2019 12:57:06 +0300
> From: Konstantin Kharlamov <[hidden email]>
>
> Oh, and while on it: I'm thinking also about automatically filling the
> default commit template (i.e. files changed, functions changed — can
> be inferred for C). I'm wondering, which language would it be
> acceptable to write hook in? Python?

Emacs Lisp.  Certainly not Python.

(I'm not yet sure we would like such automation, I'm just responding
to the language question.)



Reply | Threaded
Open this post in threaded view
|

bug#35368: Acknowledgement ([PATCH] Do potentially destructive operations in prepare-commit-msg)

Basil L. Contovounesios
In reply to this post by Konstantin Kharlamov
Konstantin Kharlamov <[hidden email]> writes:

> Oh, and while on it: I'm thinking also about automatically filling the default
> commit template (i.e. files changed, functions changed — can be inferred for C).
> I'm wondering, which language would it be acceptable to write hook in? Python?

Why not Elisp?  IIUC this already exists as add-change-log-entry.

--
Basil



Reply | Threaded
Open this post in threaded view
|

bug#35368: Acknowledgement ([PATCH] Do potentially destructive operations in prepare-commit-msg)

Konstantin Kharlamov


On Вт, Apr 23, 2019 at 11:43, Basil L. Contovounesios
<[hidden email]> wrote:

> Konstantin Kharlamov <[hidden email]> writes:
>
>>  Oh, and while on it: I'm thinking also about automatically filling
>> the default
>>  commit template (i.e. files changed, functions changed — can be
>> inferred for C).
>>  I'm wondering, which language would it be acceptable to write hook
>> in? Python?
>
> Why not Elisp?  IIUC this already exists as add-change-log-entry.

Ok, cool, thanks folks! Yeah, then I'll probably take a look at it.


Btw, somewhat related: if anybody interested, I can share a bit of
config: as I figured, many projects (not Emacs though) require to start
commit message with subsystem they changed, which is often the last
directory name. So some hours ago I made up a global prepare-commit-msg
hook that automatically inserts name of the directory
https://github.com/Hi-Angel/dotfiles/blob/master/.git_hooks/prepare-commit-msg 
(initially I wrote it in sh, but code was too awkward, so I rewrote it
in Python). To make it work globally write in `core` section of
~/.gitconfig the `hooksPath = "~/.git_hooks`





Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v2] Do potentially destructive operations in prepare-commit-msg

Noam Postavsky
In reply to this post by Konstantin Kharlamov
Konstantin Kharlamov <[hidden email]> writes:

> +# Use a UTF-8 locale if available, so that the UTF-8 check works.
> +# Use U+00A2 CENT SIGN to test whether the locale works.
> +cent_sign_utf8_format='\302\242\n'
> +cent_sign=`printf "$cent_sign_utf8_format"`
> +print_at_sign='BEGIN {print substr("'$cent_sign'@", 2)}'
> +at_sign=`$awk "$print_at_sign" </dev/null 2>/dev/null`
> +if test "$at_sign" != @; then
> +  at_sign=`LC_ALL=en_US.UTF-8 $awk "$print_at_sign" </dev/null 2>/dev/null`
> +  if test "$at_sign" = @; then
> +    LC_ALL=en_US.UTF-8
> +  else
> +    LC_ALL=C
> +  fi
> +  export LC_ALL
> +fi
> +
> +exec $awk -v at_sign="$at_sign" -v cent_sign="$cent_sign" -v file="$COMMIT_MSG_FILE" '

You don't actually need any of this at_sign and cent_sign stuff here, right?



Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v2] Do potentially destructive operations in prepare-commit-msg

Konstantin Kharlamov


В Вт, мая 14, 2019 at 13:33, [hidden email] написал:

> Konstantin Kharlamov <[hidden email]> writes:
>
>>  +# Use a UTF-8 locale if available, so that the UTF-8 check works.
>>  +# Use U+00A2 CENT SIGN to test whether the locale works.
>>  +cent_sign_utf8_format='\302\242\n'
>>  +cent_sign=`printf "$cent_sign_utf8_format"`
>>  +print_at_sign='BEGIN {print substr("'$cent_sign'@", 2)}'
>>  +at_sign=`$awk "$print_at_sign" </dev/null 2>/dev/null`
>>  +if test "$at_sign" != @; then
>>  +  at_sign=`LC_ALL=en_US.UTF-8 $awk "$print_at_sign" </dev/null
>> 2>/dev/null`
>>  +  if test "$at_sign" = @; then
>>  +    LC_ALL=en_US.UTF-8
>>  +  else
>>  +    LC_ALL=C
>>  +  fi
>>  +  export LC_ALL
>>  +fi
>>  +
>>  +exec $awk -v at_sign="$at_sign" -v cent_sign="$cent_sign" -v
>> file="$COMMIT_MSG_FILE" '
>
> You don't actually need any of this at_sign and cent_sign stuff here,
> right?

Well, I honestly don't know. I didn't want to break some odd emacs
development usecase, so I took that part of code from the current
`commit-msg`. And if you think it's unnecessary, then it's unnecessary
as well in the current `commit-msg`.





Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v2] Do potentially destructive operations in prepare-commit-msg

Noam Postavsky
Konstantin Kharlamov <[hidden email]> writes:

> I took that part of code from the current `commit-msg`. And if you
> think it's unnecessary, then it's unnecessary as well in the current
> `commit-msg`.

You didn't take the awk code in commit-msg that actually uses the
at_sign and cent_sign variables, so I don't think that follows.




Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v2] Do potentially destructive operations in prepare-commit-msg

Konstantin Kharlamov


В Вт, мая 14, 2019 at 18:09, Noam Postavsky <[hidden email]>
написал:
> Konstantin Kharlamov <[hidden email]> writes:
>
>>  I took that part of code from the current `commit-msg`. And if you
>>  think it's unnecessary, then it's unnecessary as well in the current
>>  `commit-msg`.
>
> You didn't take the awk code in commit-msg that actually uses the
> at_sign and cent_sign variables, so I don't think that follows.

Oh, right, I see, thanks. Let me fix this…





Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v3] Do potentially destructive operations in prepare-commit-msg

Konstantin Kharlamov
In reply to this post by Noam Postavsky
* build-aux/git-hooks/prepare-commit-msg: if someone occasionally puts
Signed-off line, it will likely get there through -s option of git.
Exploit this fact to abort before a user got a chance to type commit
message.
---

v3: remove unused at_sign, cent_sign, and COMMIT_MSG_FILE awk variables

 autogen.sh                             |  4 +--
 build-aux/git-hooks/prepare-commit-msg | 43 ++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100755 build-aux/git-hooks/prepare-commit-msg

diff --git a/autogen.sh b/autogen.sh
index 40d0c37b11b..a0a2ac3c689 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+ #!/bin/sh
 ### autogen.sh - tool to help build Emacs from a repository checkout
 
 ## Copyright (C) 2011-2019 Free Software Foundation, Inc.
@@ -332,7 +332,7 @@ hooks=
 tailored_hooks=
 sample_hooks=
 
-for hook in commit-msg pre-commit; do
+for hook in commit-msg pre-commit prepare-commit-msg; do
     cmp -- build-aux/git-hooks/$hook "$hooks/$hook" >/dev/null 2>&1 ||
  tailored_hooks="$tailored_hooks $hook"
 done
diff --git a/build-aux/git-hooks/prepare-commit-msg b/build-aux/git-hooks/prepare-commit-msg
new file mode 100755
index 00000000000..961ddf38486
--- /dev/null
+++ b/build-aux/git-hooks/prepare-commit-msg
@@ -0,0 +1,43 @@
+#!/bin/sh
+# Check the format of GNU Emacs change log entries.
+
+# Copyright 2019 Free Software Foundation, Inc.
+
+# This file is part of GNU Emacs.
+
+# GNU Emacs is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# GNU Emacs is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.
+
+COMMIT_MSG_FILE=$1
+COMMIT_SOURCE=$2
+SHA1=$3
+
+# Prefer gawk if available, as it handles NUL bytes properly.
+if type gawk >/dev/null 2>&1; then
+  awk=gawk
+else
+  awk=awk
+fi
+
+exec $awk '
+  /^Signed-off-by: / {
+    print "'\''Signed-off-by:'\'' in commit message"
+    status = 1
+  }
+  END {
+    if (status != 0) {
+      print "Commit aborted; please see the file 'CONTRIBUTE'"
+    }
+    exit status
+  }
+' <"$COMMIT_MSG_FILE"
--
2.21.0




Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v3] Do potentially destructive operations in prepare-commit-msg

Noam Postavsky
Konstantin Kharlamov <[hidden email]> writes:

> * build-aux/git-hooks/prepare-commit-msg: if someone occasionally puts
> Signed-off line, it will likely get there through -s option of git.
> Exploit this fact to abort before a user got a chance to type commit
> message.

Thanks, looks good, but I think it would be helpful to explain that this
is about catching git commit -s ... in the comments of the file too.

> --- a/autogen.sh
> +++ b/autogen.sh
> @@ -1,4 +1,4 @@
> -#!/bin/sh
> + #!/bin/sh

This is a typo or something, right?




Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v4] Do potentially destructive operations in prepare-commit-msg

Konstantin Kharlamov
* build-aux/git-hooks/prepare-commit-msg: if someone occasionally puts
Signed-off line, it will likely get there through -s option of git.
Exploit this fact to abort before a user got a chance to type commit
message.
---

v4: add a comment explaining how Signed-off could get there with -s
option, and remove a stray space.

 autogen.sh                             |  2 +-
 build-aux/git-hooks/prepare-commit-msg | 45 ++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100755 build-aux/git-hooks/prepare-commit-msg

diff --git a/autogen.sh b/autogen.sh
index 40d0c37b11b..c85ecfecac6 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -332,7 +332,7 @@ hooks=
 tailored_hooks=
 sample_hooks=
 
-for hook in commit-msg pre-commit; do
+for hook in commit-msg pre-commit prepare-commit-msg; do
     cmp -- build-aux/git-hooks/$hook "$hooks/$hook" >/dev/null 2>&1 ||
  tailored_hooks="$tailored_hooks $hook"
 done
diff --git a/build-aux/git-hooks/prepare-commit-msg b/build-aux/git-hooks/prepare-commit-msg
new file mode 100755
index 00000000000..97b30263412
--- /dev/null
+++ b/build-aux/git-hooks/prepare-commit-msg
@@ -0,0 +1,45 @@
+#!/bin/sh
+# Check the format of GNU Emacs change log entries.
+
+# Copyright 2019 Free Software Foundation, Inc.
+
+# This file is part of GNU Emacs.
+
+# GNU Emacs is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# GNU Emacs is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.
+
+COMMIT_MSG_FILE=$1
+COMMIT_SOURCE=$2
+SHA1=$3
+
+# Prefer gawk if available, as it handles NUL bytes properly.
+if type gawk >/dev/null 2>&1; then
+  awk=gawk
+else
+  awk=awk
+fi
+
+exec $awk '
+  # catch the case when someone ran git-commit with -s option,
+  # which automatically adds Signed-off-by
+  /^Signed-off-by: / {
+    print "'\''Signed-off-by:'\'' in commit message"
+    status = 1
+  }
+  END {
+    if (status != 0) {
+      print "Commit aborted; please see the file 'CONTRIBUTE'"
+    }
+    exit status
+  }
+' <"$COMMIT_MSG_FILE"
--
2.21.0




Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v3] Do potentially destructive operations in prepare-commit-msg

Konstantin Kharlamov
In reply to this post by Noam Postavsky


В Ср, мая 15, 2019 at 13:40, [hidden email] написал:

> Konstantin Kharlamov <[hidden email]> writes:
>
>>  * build-aux/git-hooks/prepare-commit-msg: if someone occasionally
>> puts
>>  Signed-off line, it will likely get there through -s option of git.
>>  Exploit this fact to abort before a user got a chance to type commit
>>  message.
>
> Thanks, looks good, but I think it would be helpful to explain that
> this
> is about catching git commit -s ... in the comments of the file too.
>
>>  --- a/autogen.sh
>>  +++ b/autogen.sh
>>  @@ -1,4 +1,4 @@
>>  -#!/bin/sh
>>  + #!/bin/sh
>
> This is a typo or something, right?

Oh, right, sorry about that. It wasn't supposed to get into the commit.
I was testing the hook by adding this space, and apparently it leaked
through to my local commit.

Thanks for your comments, I resent a v4 with a comment added, and the
stray space removed.





Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v4] Do potentially destructive operations in prepare-commit-msg

Noam Postavsky
In reply to this post by Konstantin Kharlamov
tags 35368 fixed
close 35368
quit

Konstantin Kharlamov <[hidden email]> writes:

> * build-aux/git-hooks/prepare-commit-msg: if someone occasionally puts

> +  # catch the case when someone ran git-commit with -s option,

Capitalized and pushed to emacs-26.

2bdc419f51 2019-05-16T20:25:32-04:00 "Do potentially destructive operations in prepare-commit-msg"
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=2bdc419f51630eb433deb139da67e419000c7694




Reply | Threaded
Open this post in threaded view
|

bug#35368: [PATCH v4] Do potentially destructive operations in prepare-commit-msg

Konstantin Kharlamov
Thank you!

On Чт, May 16, 2019 at 20:35, Noam Postavsky <[hidden email]>
wrote:

> tags 35368 fixed
> close 35368
> quit
>
> Konstantin Kharlamov <[hidden email]> writes:
>
>>  * build-aux/git-hooks/prepare-commit-msg: if someone occasionally
>> puts
>
>>  +  # catch the case when someone ran git-commit with -s option,
>
> Capitalized and pushed to emacs-26.
>
> 2bdc419f51 2019-05-16T20:25:32-04:00 "Do potentially destructive
> operations in prepare-commit-msg"
> https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=2bdc419f51630eb433deb139da67e419000c7694
>