Land rapid7#3188, deluxe msftidy post-merge hook

wvu · wvu · commit 79f82be35d10 · 2014-04-07T14:38:19.000-05:00
diff --git a/.travis.yml b/.travis.yml
@@ -1,11 +1,12 @@
 language: ruby
-env: MSF_SPOTCHECK_RECENT=1
 before_install:
   - rake --version
   - sudo apt-get update -qq
   - sudo apt-get install -qq libpcap-dev
+  - ln -sf ../../tools/dev/pre-commit-hook.rb ./.git/hooks/post-merge
+  - ls -la ./.git/hooks
+  - ./.git/hooks/post-merge
 before_script:
-  - ./tools/msftidy.rb
   - cp config/database.yml.travis config/database.yml
   - bundle exec rake --version
   - bundle exec rake db:create
diff --git a/tools/dev/pre-commit-hook.rb b/tools/dev/pre-commit-hook.rb
@@ -1,39 +1,64 @@
 #!/usr/bin/env ruby
 
-# Check that modules actually pass msftidy checks first.
-# To install this script, make this your pre-commit hook your local
-# metasploit-framework clone. For example, if you have checked out
-# the Metasploit Framework to:
+# Check that modules actually pass msftidy checks before committing
+# or after merging.
 #
-# /home/mcfakepants/git/metasploit-framework
+# Simply symlink this script to your local .git/hooks/pre-commit script
+# and your .git/hooks/post-merge scripts. Note the lack of a trailing
+# .rb
 #
-# then you will copy this script to:
+# If you are in the top-level dir, the symlink commands would be:
 #
-# /home/mcfakepants/git/metasploit-framework/.git/hooks/pre-commit
+# ln -sf ../../tools/dev/pre-commit-hook.rb .git/hooks/pre-commit
+# ln -sf ../../tools/dev/pre-commit-hook.rb .git/hooks/post-merge
 #
-# You must mark it executable (chmod +x), and do not name it
-# pre-commit.rb (just pre-commit)
-#
-# If you want to keep up on changes with this hook, just:
-#
-# ln -sf <this file> <path to commit hook>
+# That way, you will track changes to this script when it updates
+# (rarely). If you'd prefer to copy it directly, that's okay, too (mark
+# it +x and don't name it filename.rb, just filename).
+
+def merge_error_message
+  msg = []
+  msg << "[*] This merge contains modules failing msftidy.rb"
+  msg << "[*] Please fix this if you intend to publish these"
+  msg << "[*] modules to a popular metasploit-framework repo"
+  puts "-" * 72
+  puts msg.join("\n")
+  puts "-" * 72
+end
 
 valid = true # Presume validity
 files_to_check = []
 
-results = %x[git diff --cached --name-only]
+# Who called us? If it's a post-merge check things operate a little
+# differently.
+puts "[*] Running msftidy.rb in #{$0} mode"
+
+case $0
+when /post-merge/
+  base_caller = :post_merge
+when /pre-commit/
+  base_caller = :pre_commit
+else
+  base_caller = :msftidy
+end
+
+if base_caller == :post_merge
+  changed_files = %x[git diff --name-only HEAD^ HEAD]
+else
+  changed_files = %x[git diff --cached --name-only]
+end
 
-results.each_line do |fname|
+changed_files.each_line do |fname|
   fname.strip!
   next unless File.exist?(fname) and File.file?(fname)
   next unless fname =~ /modules.+\.rb/
   files_to_check << fname
 end
 
 if files_to_check.empty?
-  puts "--- No Metasploit modules to check, committing. ---"
+  puts "--- No Metasploit modules to check ---"
 else
-  puts "--- Checking module syntax with tools/msftidy.rb ---"
+  puts "--- Checking new and changed module syntax with tools/msftidy.rb ---"
   files_to_check.each do |fname|
     cmd = "ruby ./tools/msftidy.rb  #{fname}"
     msftidy_output= %x[ #{cmd} ]
@@ -43,12 +68,18 @@
       puts line
     end
   end
-  puts "-" * 52
+  puts "-" * 72
 end
 
 unless valid
-  puts "msftidy.rb objected, aborting commit"
-  puts "To bypass this check use: git commit --no-verify"
-  puts "-" * 52
-  exit(1)
+  if base_caller == :post_merge
+    puts merge_error_message
+    exit(0x10)
+  else
+    puts "[!] msftidy.rb objected, aborting commit"
+    puts "[!] To bypass this check use: git commit --no-verify"
+    puts "-" * 72
+    exit(0x01)
+  end
+
 end
diff --git a/tools/msftidy.rb b/tools/msftidy.rb
@@ -4,14 +4,13 @@
 # Check (recursively) for style compliance violations and other
 # tree inconsistencies.
 #
-# by jduck and friends
+# by jduck, todb, and friends
 #
 require 'fileutils'
 require 'find'
 require 'time'
 
 CHECK_OLD_RUBIES = !!ENV['MSF_CHECK_OLD_RUBIES']
-SPOTCHECK_RECENT = !!ENV['MSF_SPOTCHECK_RECENT']
 
 if CHECK_OLD_RUBIES
   require 'rvm'
@@ -549,25 +548,12 @@ def run_checks(full_filepath)
 
 dirs = ARGV
 
-if SPOTCHECK_RECENT
-  msfbase = %x{\\git rev-parse --show-toplevel}.strip
-  if File.directory? msfbase
-    Dir.chdir(msfbase)
-  else
-    $stderr.puts "You need a git binary in your path to use this functionality."
-    exit(0x02)
-  end
-  last_release = %x{\\git tag -l #{DateTime.now.year}\\*}.split.last
-  new_modules = %x{\\git diff #{last_release}..HEAD --name-only --diff-filter A modules}
-  dirs = dirs | new_modules.split
-end
+@exit_status = 0
 
-# Don't print an error if there's really nothing to check.
-unless SPOTCHECK_RECENT
-  if dirs.length < 1
-    $stderr.puts "Usage: #{File.basename(__FILE__)} <directory or file>"
-    exit(0x01)
-  end
+if dirs.length < 1
+  $stderr.puts "Usage: #{File.basename(__FILE__)} <directory or file>"
+  @exit_status = 1
+  exit(@exit_status)
 end
 
 dirs.each do |dir|
