Thursday, February 20, 2014

Mitigating the risks of Subversion log edit capability.

The default Subversion pre-revprop-change hook script blocks any change to the repository log for good reason. Allowing users to edit the Subversion svn:log attribute is risky since the changes are not version controlled. Accidental or malicious modifications cannot be easily restored. However, humans are prone to errors and users frequently wish to be able to fix a commit log recently entered. A compromise is to allow the author of a commit to change their log messages providing they occurred within the last 24 hours. There’s also an exception for an administrator, so change the “GPinzone” in the script to whomever account is used as the admin.

#!/bin/sh
 
# A pre-revprop-change bash script written to allow administrators and users
# to make changes svn:log
#
# Written by Gerard Pinzone
# December 2010
 
# Simple date and time calculation functions from:
# http://www.unix.com/tips-tutorials/31944-simple-date-time-calulation-bash.html
 
 
REPOS="$1"
REV="$2"
USER="$3"
PROPNAME="$4"
ACTION="$5"
 
# Set variables based on Collabnet vs. other install
if [ -f "/opt/CollabNet_Subversion/bin/svn" ]
then
  BIN_DIR="/opt/CollabNet_Subversion/bin"
else
  BIN_DIR="/usr/bin"
fi
 
date2stamp () {
    date --date "$1" +%s
}
 
stamp2date (){
    date --utc --date "1970-01-01 $1 sec" "+%Y-%m-%d %T"
}
 
dateDiff (){
    case $1 in
        -s)   sec=1;      shift;;
        -m)   sec=60;     shift;;
        -h)   sec=3600;   shift;;
        -d)   sec=86400;  shift;;
        *)    sec=86400;;
    esac
    dte1=$(date2stamp "$1")
    dte2=$(date2stamp "$2")
    diffSec=$((dte2-dte1))
    if ((diffSec < 0)); then abs=-1; else abs=1; fi
    echo $((diffSec/sec*abs))
}
 
DATESTAMP=$($BIN_DIR/svnlook date -r $REV $REPOS)
AUTHOR=$($BIN_DIR/svnlook author -r $REV $REPOS)
HOURS=$(dateDiff -h "$DATESTAMP" "now")
 
# Administrators can change anyone's svn:log.
if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:log" -a "$USER" = "GPinzone" ]; then exit 0; fi
 
# Allow users to change own svn:log for 24 hours.
if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:log" -a "$USER" = "$AUTHOR" -a "$HOURS" -lt "24" ]; then exit 0; fi
 
# Error message for svn:log changes that do not meet above criteria.
if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:log" ]
then
  echo "Changing svn:log can only be performed by the original submitter 24 hours from commit." >&2
  echo "Please contact the administrator for further assistance." >&2
  exit 1
fi
 
# Disallow
echo "Changing revision properties other than svn:log is prohibited." >&2
exit 1
 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)