diff options
| author | Edward Welbourne <edward.welbourne@qt.io> | 2016-09-26 10:10:37 +0200 |
|---|---|---|
| committer | Edward Welbourne <edward.welbourne@qt.io> | 2016-09-28 08:53:54 +0000 |
| commit | 5bd5aab3daf0c30fbf6657fae227d24df53a451a (patch) | |
| tree | 8f8debf7e37f70a035c7de9fb6aa9994852df2b6 /git-hooks | |
| parent | 99283bb2c4470ee2977c3050e467fa0c1d477ab2 (diff) | |
sanitize-commit: check for misguided permissions on new scripts
Even scripts normally shouldn't be executable unless they start with a
suitable #! line (although sometimes they'll be run explicitly via
their interpreter).
Change-Id: I8d3371199d6f51e79f1d9ab051086448ee9c2b95
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Diffstat (limited to 'git-hooks')
| -rwxr-xr-x | git-hooks/sanitize-commit | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/git-hooks/sanitize-commit b/git-hooks/sanitize-commit index 127f9e2..8c218af 100755 --- a/git-hooks/sanitize-commit +++ b/git-hooks/sanitize-commit @@ -530,6 +530,7 @@ my $new_file; my $is_bin; my $maybe_bin; my $is_special; +my $need_hash_bang; my $size; my $check_gen = 0; my $crlf_fail; @@ -591,6 +592,14 @@ while (<DIFF>) { $chunk = 1; } } + if ($lineno == 1 && $need_hash_bang) { + if (/^#! ?\//) { + $need_hash_bang = 0; + } else { + # Can still be valid if run via the right interpreter, so level -1: + complain("Executable file with no initial #! line", "permissions", -1); + } + } $in_plus = 1; if (!$crlf_fail && /\r\n$/) { $crlf_fail = 1; @@ -663,6 +672,7 @@ while (<DIFF>) { $new_file = 0; $maybe_bin = 0; $is_special = 0; + $need_hash_bang = 0; $crlf_fail = $is_bin || defined($cfg{crlf}); $in_plus = 0; $mixws_check = !$merge && !$foreign && $clike && !defined($cfg{mixws}); @@ -710,6 +720,10 @@ while (<DIFF>) { if ($clike || $qmake || $file =~ /\.(ps|pdf|png|qdoc(cconf)?|json)$/) { # Should not be executable. complain("Adding implausibly executable file", "permissions"); + } elsif ($file =~ /\.(py|pm|pl|sh|bash|php)$/ + # i.e. known script suffix; or no suffix at all: + || $file !~ m,[^/.]\.[^/.]+$,) { + $need_hash_bang = 1; } } } |