gitlab-org--gitlab-foss/scripts/security-harness

#!/usr/bin/env ruby

require 'digest'
require 'fileutils'

harness_path = File.expand_path('../.git/security_harness', __dir__)
hook_path    = File.expand_path("../.git/hooks/pre-push", __dir__)

if File.exist?(hook_path)
  # Deal with a pre-existing hook
  source_sum = Digest::SHA256.hexdigest(DATA.read)
  dest_sum   = Digest::SHA256.file(hook_path).hexdigest

  if source_sum != dest_sum
    puts "#{hook_path} exists and is different from our hook!"
    puts "Remove it and re-run this script to continue."

    exit 1
  end
else
  File.open(hook_path, 'w') do |file|
    IO.copy_stream(DATA, file)
  end

  File.chmod(0755, hook_path)
end

# Toggle the harness on or off
if File.exist?(harness_path)
  FileUtils.rm(harness_path)

  puts "Security harness removed -- you can now push to all remotes."
else
  FileUtils.touch(harness_path)

  puts "Security harness installed -- you will only be able to push to dev.gitlab.org!"
end

__END__
#!/bin/bash

set -e

url="$2"
harness=`dirname "$0"`/../security_harness

if [ -e "$harness" ]
then
  if [[ "$url" != *"dev.gitlab.org"* ]]
  then
    echo "Pushing to remotes other than dev.gitlab.org has been disabled!"
    echo "Run scripts/security-harness to disable this check."
    echo

    exit 1
  fi
fi
Add a security harness script This script toggles a Git pre-push hook that will prevent pushing to remotes other than dev when the harness is enabled. 2018-02-13 18:43:11 +00:00			`#!/usr/bin/env ruby`

			`require 'digest'`
			`require 'fileutils'`

			`harness_path = File.expand_path('../.git/security_harness', __dir__)`
			`hook_path = File.expand_path("../.git/hooks/pre-push", __dir__)`

			`if File.exist?(hook_path)`
			`# Deal with a pre-existing hook`
			`source_sum = Digest::SHA256.hexdigest(DATA.read)`
			`dest_sum = Digest::SHA256.file(hook_path).hexdigest`

			`if source_sum != dest_sum`
			`puts "#{hook_path} exists and is different from our hook!"`
			`puts "Remove it and re-run this script to continue."`

			`exit 1`
			`end`
			`else`
			`File.open(hook_path, 'w') do \|file\|`
			`IO.copy_stream(DATA, file)`
			`end`
Set security harness hook to executable after creation 2018-02-28 15:47:34 +00:00
			`File.chmod(0755, hook_path)`
Add a security harness script This script toggles a Git pre-push hook that will prevent pushing to remotes other than dev when the harness is enabled. 2018-02-13 18:43:11 +00:00			`end`

			`# Toggle the harness on or off`
			`if File.exist?(harness_path)`
			`FileUtils.rm(harness_path)`

			`puts "Security harness removed -- you can now push to all remotes."`
			`else`
			`FileUtils.touch(harness_path)`

			`puts "Security harness installed -- you will only be able to push to dev.gitlab.org!"`
			`end`

			`__END__`
Fix security harness script "[[" Syntax is not supported on debian based systems. 2019-02-08 17:28:43 +00:00			`#!/bin/bash`
Add a security harness script This script toggles a Git pre-push hook that will prevent pushing to remotes other than dev when the harness is enabled. 2018-02-13 18:43:11 +00:00
			`set -e`

			`url="$2"`
			harness=`dirname "$0"`/../security_harness

			`if [ -e "$harness" ]`
			`then`
			`if [[ "$url" != "dev.gitlab.org" ]]`
			`then`
			`echo "Pushing to remotes other than dev.gitlab.org has been disabled!"`
			`echo "Run scripts/security-harness to disable this check."`
			`echo`

			`exit 1`
			`fi`
			`fi`