You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by br...@apache.org on 2013/01/06 01:27:14 UTC
svn commit: r1429444 - in /subversion/trunk/tools/hook-scripts:
validate-files.conf.example validate-files.py
Author: breser
Date: Sun Jan 6 00:27:13 2013
New Revision: 1429444
URL: http://svn.apache.org/viewvc?rev=1429444&view=rev
Log:
Change validate-files.py to use environment variables to provide arguments.
This allows the use of proper quoting to prevent any shell meta characters
in the filename from being interpreted.
* tools/hook-scripts/validate-files.py
(Commands.user_command): Set the environment and pass it thorugh to the
command.
Fix some tab characters that accidentally slipped in.
No longer need Template from the string module.
Modified:
subversion/trunk/tools/hook-scripts/validate-files.conf.example
subversion/trunk/tools/hook-scripts/validate-files.py
Modified: subversion/trunk/tools/hook-scripts/validate-files.conf.example
URL: http://svn.apache.org/viewvc/subversion/trunk/tools/hook-scripts/validate-files.conf.example?rev=1429444&r1=1429443&r2=1429444&view=diff
==============================================================================
--- subversion/trunk/tools/hook-scripts/validate-files.conf.example (original)
+++ subversion/trunk/tools/hook-scripts/validate-files.conf.example Sun Jan 6 00:27:13 2013
@@ -30,38 +30,40 @@ svnlook = /usr/local/bin/svnlook
# platform.
#
# The command option is the command to run, this command will be run via
-# the shell of your platform. Your command will have variable replacement
-# made on it prior to execution as follows:
-# $REPO or ${REPO} expands to the path of the repository for the commit.
-# $TXN or ${TXN} expands to the transaction id of the commit.
-# $FILE or ${FILE} expands to the name of the file that matched the pattern.
-#
-# $ characters that are not followed by one of the above variable names will
-# be untouched.
+# the shell of your platform. The following environment variables will
+# be defined for you:
+# REPO = the path of the repository for the commit.
+# TXN = the transaction id of the commit.
+# FILE = the name of the file that matched the pattern.
#
# IMPORTANT: AS A CONSEQUENCE OF THE USE OF THE SHELL IT IS IMPORTANT TO
-# QUOTE THE ARGUMENTS OF YOUR COMMANDS. THE $FILE VARIABLE DOES CONTAIN
+# QUOTE THE ARGUMENTS OF YOUR COMMANDS. THE FILE VARIABLE DOES CONTAIN
# USER GENERATED DATA AND SHELL METACHARACTERS ARE NOT ESCAPED FOR YOU!
-
+#
+# The following examples assume a POSIX shell, if your platform has a
+# different shell you may need to adjust them. For example on Windows
+# cmd.exe uses %VARIABLENAME% instead of $VARIABLENAME to expand environment
+# variables.
+#
# The following rule runs the svnauthz command's validate subcommand
# for file named authz in the conf subdir if it is present in the commit.
# This is a simple way to ensure that invalid authz files are not allowed
# to be committed.
#[rule:svnauthz-validate]
#pattern = conf/authz
-#command = '%(svnauthz)s' validate -t '$TXN' '$REPO' '$FILE'
+#command = '%(svnauthz)s' validate -t "$TXN" "$REPO" "$FILE"
# The following rule runs the svnauthz command's accessof subcommand
-# for any file ending in .authz for config subdir and checks that the admin
+# for any file ending in .authz for the conf subdir and checks that the admin
# user has rw rights to the same file. This can be used to prevent an
# authz file being committed that would remove access for the admin user.
# Note that accessof also validates the validity of the file as well as
# checking the permissions, so it's unecessary to run validate and accessof.
#[rule:admin-rw-authz]
#pattern = /conf/*.authz
-#command = '%(svnauthz)s' accessof --username admin --path '${FILE}' --is rw -t '${TXN}' '${REPO}' '${FILE}'
+#command = '%(svnauthz)s' accessof --username admin --path "$FILE" --is rw -t "$TXN" "$REPO" "$FILE"
# Use the xmllint command to validate all files ending in .xml
#[rule:xmllint]
#pattern = *.xml
-#command = '%(svnlook)s' cat -t '${TXN}' '${REPO}' '${FILE}' | '%(xmllint)s' --noout -
+#command = '%(svnlook)s' cat -t "$TXN" "$REPO" "$FILE" | '%(xmllint)s' --noout -
Modified: subversion/trunk/tools/hook-scripts/validate-files.py
URL: http://svn.apache.org/viewvc/subversion/trunk/tools/hook-scripts/validate-files.py?rev=1429444&r1=1429443&r2=1429444&view=diff
==============================================================================
--- subversion/trunk/tools/hook-scripts/validate-files.py (original)
+++ subversion/trunk/tools/hook-scripts/validate-files.py Sun Jan 6 00:27:13 2013
@@ -25,7 +25,6 @@ import sys
import os
import subprocess
import fnmatch
-from string import Template
# Deal with the rename of ConfigParser to configparser in Python3
try:
@@ -103,10 +102,12 @@ class Commands:
in the defined command.
Returns a tuple of the exit code and the stderr output of the command"""
- cmd_template = self.config.get(section, 'command')
- cmd = Template(cmd_template).safe_substitute(REPO=repo,
- TXN=txn, FILE=fn)
- p = subprocess.Popen(cmd, shell=True, stderr=subprocess.PIPE)
+ cmd = self.config.get(section, 'command')
+ cmd_env = os.environ.copy()
+ cmd_env['REPO'] = repo
+ cmd_env['TXN'] = txn
+ cmd_env['FILE'] = fn
+ p = subprocess.Popen(cmd, shell=True, env=cmd_env, stderr=subprocess.PIPE)
data = p.communicate()
return (p.returncode, data[1])
@@ -154,5 +155,5 @@ if __name__ == "__main__":
try:
sys.exit(main(sys.argv[1], sys.argv[2]))
except configparser.Error as e:
- sys.stderr.write("Error with the validate-files.conf: %s\n" % e)
- sys.exit(2)
+ sys.stderr.write("Error with the validate-files.conf: %s\n" % e)
+ sys.exit(2)