info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: User variable (Expert question)

From: Mark D. Baushke
Subject: Re: User variable (Expert question)
Date: Mon, 10 Feb 2003 10:01:29 -0800 
Sylvain Lemieux <address@hidden> writes:

> I need the help of a CVS expert that could help solving the following
> problem:
> 
> I have built a program to check commit and have people provide an
> acceptance code when they commit there modification.
>  
> To do so, I am using a user variable in the commitinfo file to pass the
> extra information. Here is the line I have in my commitinfo.
>  
> DEFAULT /serv/CVSROOT/commitcheck ${=COMMITCODE}
> 
> If I use the following command line:
> 
> cvs -s COMMITCODE=12345 commit
> 
> Then ${=COMMITCODE} will be replaced by 12345 and passed as an extra
> argument.
> 
> However, if people do cvs commit, the variable is left undefined and my
> commitcheck program isn't called, which create a flaw in my attempt to
> restrict commit. This is real problem for me as people are exploiting
> that flaw to bypass the commit security.
>  
> Is there a way to ensure my program is call even is the variable is
> undefined?
>  
> Any help will be appreciated!

First, a cvs import will not trigger the commitinfo checks, so there is
still a potential hole in your commit process.

Second, using cvs 1.11.5 and the ccvs version I see the following:

  % cvs ci -m test test.c
  cvs server: commitinfo:16: no such user variable ${=COMMITCODE}
  cvs server: Pre-commit check failed
  cvs [server aborted]: correct above errors first!
  % cvs -s COMMITCODE=12345 ci -m test test.c
  RCS file: /tmp/cvs-sanity/cvsroot/CVSROOT/test.c,v
  done
  Checking in test.c;
  /tmp/cvs-sanity/cvsroot/CVSROOT/test.c,v  <--  test.c
  initial revision: 1.1
  done
  cvs server: Rebuilding administrative file database
  % cat -n commitinfo
       1  # The "commitinfo" file is used to control pre-commit checks.
       2  # The filter on the right is invoked with the repository and a list 
       3  # of files to check.  A non-zero exit of the filter program will 
       4  # cause the commit to be aborted.
       5  #
       6  # The first entry on a line is a regular expression which is tested
       7  # against the directory that the change is being committed to, 
relative
       8  # to the $CVSROOT.  For the first match that is found, then the 
remainder
       9  # of the line is the name of the filter to run.
      10  #
      11  # If the repository name does not match any of the regular 
expressions in this
      12  # file, the "DEFAULT" line is used, if it is specified.
      13  #
      14  # If the name "ALL" appears as a regular expression it is always used
      15  # in addition to the first matching regex or "DEFAULT".
      16  DEFAULT $CVSROOT/CVSROOT/commitcheck foo=${=COMMITCODE}
  % cat /tmp/cvs-santiy/cvsroot/CVSROOT/commitcheck
  #!/bin/sh
  
  case $1 in
    foo=12345) exit 0 ;;
    *) exit 1 ;;
  esac
  %

So, I am unable to reproduce your problem. Perhaps you could try with a
newer version of cvs and see if you still have the problem?

        Enjoy!
        -- Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]