From patchwork Fri Jul 13 18:46:28 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Don Zickus <dzickus@redhat.com>
X-Patchwork-Id: 943785
Return-Path: 
 <patchwork-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41S1xP3k4gz9s0n
	for <incoming@patchwork.ozlabs.org>;
	Sat, 14 Jul 2018 04:46:49 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	by lists.ozlabs.org (Postfix) with ESMTP id 41S1xP2NmvzF35h
	for <incoming@patchwork.ozlabs.org>;
	Sat, 14 Jul 2018 04:46:49 +1000 (AEST)
Authentication-Results: lists.ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=redhat.com
X-Original-To: patchwork@lists.ozlabs.org
Delivered-To: patchwork@lists.ozlabs.org
Authentication-Results: lists.ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=redhat.com
	(client-ip=66.187.233.73; helo=mx1.redhat.com;
	envelope-from=dzickus@redhat.com; receiver=<UNKNOWN>)
Authentication-Results: lists.ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=redhat.com
Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by lists.ozlabs.org (Postfix) with ESMTPS id 41S1xJ2WHHzF35Q
	for <patchwork@lists.ozlabs.org>;
	Sat, 14 Jul 2018 04:46:43 +1000 (AEST)
Received: from smtp.corp.redhat.com
	(int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 63ED381663EE;
	Fri, 13 Jul 2018 18:46:41 +0000 (UTC)
Received: from dzickus-laptop.redhat.com (ovpn-123-170.rdu2.redhat.com
	[10.10.123.170])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 56CC61C72F;
	Fri, 13 Jul 2018 18:46:39 +0000 (UTC)
From: Don Zickus <dzickus@redhat.com>
To: stephen@that.guru
Subject: [PATCH] Add stricter checks when parsing incoming patches
Date: Fri, 13 Jul 2018 14:46:28 -0400
Message-Id: <20180713184628.24488-1-dzickus@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.11.55.8]); Fri, 13 Jul 2018 18:46:41 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
	[10.11.55.8]);
	Fri, 13 Jul 2018 18:46:41 +0000 (UTC) for IP:'10.11.54.5'
	DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com'
	HELO:'smtp.corp.redhat.com' FROM:'dzickus@redhat.com' RCPT:''
X-BeenThere: patchwork@lists.ozlabs.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Patchwork development <patchwork.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/patchwork>,
	<mailto:patchwork-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/patchwork/>
List-Post: <mailto:patchwork@lists.ozlabs.org>
List-Help: <mailto:patchwork-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/patchwork>,
	<mailto:patchwork-request@lists.ozlabs.org?subject=subscribe>
Cc: patchwork@lists.ozlabs.org, jbenc@redhat.com, aris@redhat.com
MIME-Version: 1.0
Errors-To: patchwork-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Patchwork"
	<patchwork-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

The patch parser has a multi-stage if-then-else statement that tries to
determine which part of a patch is the comment and what piece is the
patch itself.

Unfortunately there is a gap in between state 1 and state 2 where chunks
of the comment can be accidentally added to the patch.

For example if a comment has a line that begins with 'diff' or 'Index'.
That will trigger the state 0 to state 1 transition and sit there until
many comment lines later a '--- ' line is found to move it to state 2.

As a result many comment lines are truncated and stuck into a patch buffer
instead.  This makes it more difficult to process metadata found in the
comment buffer.

This patch adds some strict rules based on various common patch preambles
like git, quilt, and rcs.

Now if the patch is in state 1 because of a 'diff ' or 'Index:', it needs
to expect the next common preamble to continue to stay in state 1 otherwise
accept the state 0 to state 1 transition was an accident and move back to
state 0.

This patch has been in our internal patchwork instance for 8 years now and is
the result of various patches we have seen internally.

Signed-off-by: Don Zickus <dzickus@redhat.com>
---
 patchwork/parser.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/patchwork/parser.py b/patchwork/parser.py
index a2db403..5566c69 100644
--- a/patchwork/parser.py
+++ b/patchwork/parser.py
@@ -792,6 +792,19 @@ def parse_patch(content):
 
             if line.startswith(('rename from ', 'rename to ')):
                 state = 6
+            elif line.startswith('diff ') or line.startswith('Index: ') \
+                    or line.startswith('deleted file ') \
+                    or line.startswith('index ') \
+                    or line.startswith('new file ') \
+                    or line.startswith('====') \
+                    or line.startswith('RCS file: ') \
+                    or line.startswith('retrieving revision '):
+                state = 1
+            else:
+                state = 0
+                commentbuf += buf
+                buf = ''
+
         elif state == 2:
             if line.startswith('+++ '):
                 state = 3