lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201005064842.33495-1-dwaipayanray1@gmail.com>
Date:   Mon,  5 Oct 2020 12:18:42 +0530
From:   Dwaipayan Ray <dwaipayanray1@...il.com>
To:     joe@...ches.com
Cc:     linux-kernel-mentees@...ts.linuxfoundation.org,
        dwaipayanray1@...il.com, lukas.bulwahn@...il.com,
        linux-kernel@...r.kernel.org
Subject: [PATCH RFC] checkpatch: add new warnings to author signoff checks.

The author signed-off-by checks are currently very vague.
Cases like same name or same address are not handled separately.

For example, running checkpatch on commit be6577af0cef
("parisc: Add atomic64_set_release() define to avoid CPU soft lockups"),
gives:

WARNING: Missing Signed-off-by: line by nominal patch author
'John David Anglin <dave.anglin@...l.net>'

The signoff line was:
"Signed-off-by: Dave Anglin <dave.anglin@...l.net>"

Clearly the author has signed off but with a slightly different version
of his name. A more appropriate warning would have been to point out
at the name mismatch instead.

Introduced three new types of warnings:

1) Address matches, but names are different.
   "James Watson <james@...il.com>", "James <james@...il.com>"

2) Name matches, but addresses are different.
   "James Watson <james@...son.com>", "James Watson <james@...il.com>"

3) Name matches, but addresses without mail extensions are same.
   "James Watson <james@...il.com>", "James Watson <james+a@...il.com>"

For the 3rd class, a --strict check message is generated, and for the
other two, warnings are generated.

Signed-off-by: Dwaipayan Ray <dwaipayanray1@...il.com>
---
 scripts/checkpatch.pl | 57 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 53 insertions(+), 4 deletions(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 31624bbb342e..80feb15f93cb 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -2347,6 +2347,7 @@ sub process {
 	my $signoff = 0;
 	my $author = '';
 	my $authorsignoff = 0;
+	my $authorsignoff_ctx = '';
 	my $is_patch = 0;
 	my $is_binding_patch = -1;
 	my $in_header_lines = $file ? 0 : 1;
@@ -2674,9 +2675,34 @@ sub process {
 		if ($line =~ /^\s*signed-off-by:\s*(.*)/i) {
 			$signoff++;
 			$in_commit_log = 0;
-			if ($author ne '') {
+			if ($author ne ''  && $authorsignoff != 1) {
 				if (same_email_addresses($1, $author)) {
 					$authorsignoff = 1;
+				} else {
+					my $ctx = $1;
+					my ($email_name, $email_comment, $email_address, $comment1) = parse_email($ctx);
+					my ($author_name, $author_comment, $author_address, $comment2) = parse_email($author);
+
+					if($email_address eq $author_address) {
+						$authorsignoff_ctx = $ctx;
+						$authorsignoff = 2;
+					} elsif ($email_name eq $author_name) {
+						$authorsignoff_ctx = $ctx;
+						$authorsignoff = 3;
+
+						my $address1 = $email_address;
+						my $address2 = $author_address;
+
+						if ($address1 =~ /(\S+)\+\S+(\@.*)/) {
+							$address1 = $1.$2;
+						}
+						if ($address2 =~ /(\S+)\+\S+(\@.*)/) {
+							$address2 = $1.$2;
+						}
+						if($address1 eq $address2) {
+							$authorsignoff = 4;
+						}
+					}
 				}
 			}
 		}
@@ -6891,9 +6917,32 @@ sub process {
 		if ($signoff == 0) {
 			ERROR("MISSING_SIGN_OFF",
 			      "Missing Signed-off-by: line(s)\n");
-		} elsif (!$authorsignoff) {
-			WARN("NO_AUTHOR_SIGN_OFF",
-			     "Missing Signed-off-by: line by nominal patch author '$author'\n");
+		} elsif ($authorsignoff != 1) {
+			# authorsignoff values:
+			# 0 -> missing sign off
+			# 1 -> sign off present
+			# 2 -> address matches, name different
+			# 3 -> name matches, address different
+			# 4 -> name matches, address matches without extension
+
+			my $ctx_msg = "'Signed-off-by: $authorsignoff_ctx' should be:\n'Signed-off-by: $author'";
+
+			if($authorsignoff == 0) {
+				WARN("NO_AUTHOR_SIGN_OFF",
+					"Missing Signed-off-by: line by nominal patch author '$author'\n");
+			}
+			elsif($authorsignoff == 2) {
+				WARN("NO_AUTHOR_SIGN_OFF",
+					"Author name mismatch:\n$ctx_msg\n");
+			}
+			elsif($authorsignoff == 3) {
+				WARN("NO_AUTHOR_SIGN_OFF",
+					"Author address mismatch:\n$ctx_msg\n");
+			}
+			elsif($authorsignoff == 4) {
+				CHK("NO_AUTHOR_SIGN_OFF",
+					"Author mail extension mismatch:\n$ctx_msg\n");
+			}
 		}
 	}
 
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ