| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ac473b8f-e7c1-edf9-9d9c-f1fd726e1e17@tessares.net>
Date: Fri, 31 Mar 2023 11:44:46 +0200
From: Matthieu Baerts <matthieu.baerts@...sares.net>
To: Thorsten Leemhuis <linux@...mhuis.info>,
Jonathan Corbet <corbet@....net>,
Andy Whitcroft <apw@...onical.com>,
Joe Perches <joe@...ches.com>,
Dwaipayan Ray <dwaipayanray1@...il.com>,
Lukas Bulwahn <lukas.bulwahn@...il.com>,
Kai Wasserbäch <kai@....carbon-project.org>,
Andrew Morton <akpm@...ux-foundation.org>,
David Airlie <airlied@...il.com>,
Daniel Vetter <daniel@...ll.ch>,
Konstantin Ryabitsev <konstantin@...uxfoundation.org>,
Bagas Sanjaya <bagasdotme@...il.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
dri-devel@...ts.freedesktop.org, mptcp@...ts.linux.dev
Subject: Re: [PATCH v3 4/4] checkpatch: check for misuse of the link tags
Hi Thorsten,
On 31/03/2023 10:57, Thorsten Leemhuis wrote:
> On 30.03.23 20:13, Matthieu Baerts wrote:
>> "Link:" and "Closes:" tags have to be used with public URLs.
>>
>> It is difficult to make sure the link is public but at least we can
>> verify the tag is followed by 'http(s):'.
>>
>> With that, we avoid such a tag that is not allowed [1]:
>>
>> Closes: <number>
>>
>> Link: https://lore.kernel.org/linux-doc/CAHk-=wh0v1EeDV3v8TzK81nDC40=XuTdY2MCr0xy3m3FiBV3+Q@mail.gmail.com/ [1]
>> Signed-off-by: Matthieu Baerts <matthieu.baerts@...sares.net>
>> [...]
>> +# Check for misuse of the link tags
>> + if ($in_commit_log &&
>> + $line =~ /^\s*(\w+:)\s*(\S+)/) {
>> + my $tag = $1;
>> + my $value = $2;
>> + if ($tag =~ /^$link_tags_search$/ && $value !~ /^https?:/) {
>> + WARN("COMMIT_LOG_WRONG_LINK",
>> + "'$tag' should be followed by a public http(s) link\n" . $herecurr);
>> + }
>> + }
>> +
>
> I must be missing something here, but it looks to me like this is
> checked twice now. See this line in patch2 (which is changed there, but
> the check itself remains):
>
>> } elsif ($rawlines[$linenr] !~ m{^link:\s*https?://}i) {
If I'm not mistaken, we had the following checks:
- after Reported-by, there is a link tag (Link:|Closes:)
- (link tags can take more than 75 chars)
- tags followed by "http(s)://" are restricted to link ones
Then not: link tags (Link:|Closes:) are followed by "http(s):".
But maybe I missed something, the checkpatch.pl script is quite big, I
would not be surprised :-)
Cheers,
Matt
--
Tessares | Belgium | Hybrid Access Solutions
www.tessares.net
Powered by blists - more mailing lists