lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 31 Oct 2020 04:14:35 -0700
From:   Joe Perches <joe@...ches.com>
To:     Dwaipayan Ray <dwaipayanray1@...il.com>
Cc:     Lukas Bulwahn <lukas.bulwahn@...il.com>,
        linux-kernel-mentees@...ts.linuxfoundation.org,
        linux-kernel <linux-kernel@...r.kernel.org>,
        Aditya Srivastava <yashsri421@...il.com>
Subject: Re: [PATCH] checkpatch: improve handling of email comments

On Sat, 2020-10-31 at 11:41 +0530, Dwaipayan Ray wrote:
> Names which have must quote characters without any comments are
> not warned about right now:
> 
> D. Ray <dwaipayanray1@...il.com> doesn't throw any warning, while
> D. Ray (Dwai) <dwaipayanray1@...il.com> does.

I agree that a comment in parentheses after the name and before
the email address is an issue that should be resolved.

I think your proposed solution isn't great through.

> Do you think this should be dealt separately from this patch?

I think the cc: stable@(?:vger\.)?kernel.org with additional
content on the same line should be separated from other email
addresses with additional content on the same line.

> Perhaps as another warning?

Dunno.

Try this git log grep:

$ git log --format=email -100000 | \
  grep -P '^(?:[\w\-]+-by:|cc:|CC:|Cc:)' | \
  grep -v 'stable\@' | \
  grep -P '\>.+'

This finds any signature/cc line with content after an
email address that end with a close angle bracket that
doesn't go to the stable address.

Think about what content after that close angle bracket
should and shoud not be allowed.

There are a few variants here:

o comments (optional whitespace, followed by '#' or '[' or '(' or c89)
o misuse of quote (around the whole name and address)
o Odd commas after '>' likely from defective cut'n'paste use

Then add this to the first grep to avoid the comments as above

$ git log --format=email -100000 | \
  grep -P '^(?:[\w\-]+-by:|cc:|CC:|Cc:)' | \
  grep -v 'stable\@' | \
  grep -P '\>.+' | \
  grep -vP '\>\s*(?:\#|\(|/\*|\[)'

Shouldn't all these be reported?
Are they if your patch is applied?

Then look at the addresses that do not have a close angle
bracket and also have more content after the email address.

$ git log --format=email -100000 | \
  grep -P '^(?:[\w\-]+-by:|cc:|CC:|Cc:)' | \
  grep -v 'stable@' | \
  grep -vP '<[\w\.\@\+\-]+>' | \
  grep -vP '[\w\.\@\+\-]+$'

What of all of these should be reported?

Happy testing...

Powered by blists - more mailing lists