diff options
| author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2024-04-24 17:19:03 -0400 |
|---|---|---|
| committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2024-04-24 17:20:50 -0400 |
| commit | a1360385cb0f1dfab5a780e7585b289c41739962 (patch) | |
| tree | d8b94bd13138a756dcfc6ac0334eb7613de98810 | |
| parent | 47f2a7a303b45ca9726363a84d1e4d6286160dc6 (diff) | |
| download | b4-a1360385cb0f1dfab5a780e7585b289c41739962.tar.gz | |
Revert "Allow defining checks commands via .b4-config"
This reverts commit 7a4aea62d21f7be2edadf54116f3d8fe62bcaeba.
Upon thinking about it some more, allowing the command definition from
an in-repository .b4-config opens up a vulnerability where a patch can
be submitted that modifies .b4-config and puts arbitrary commands in
there. Let's only allow these commands to be defined in the actual git
configuration files.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
| -rw-r--r-- | src/b4/__init__.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/b4/__init__.py b/src/b4/__init__.py index addc5e8..991b68c 100644 --- a/src/b4/__init__.py +++ b/src/b4/__init__.py @@ -2863,7 +2863,7 @@ def _setup_main_config(cmdargs: Optional[argparse.Namespace] = None) -> None: # some options can be provided via the toplevel .b4-config file, # so load them up and use as defaults topdir = git_get_toplevel() - wtglobs = ['send-*', '*-check-cmd', '*-checks', '*mask', '*template*', 'trailer*', 'pw-*'] + wtglobs = ['send-*', '*mask', '*template*', 'trailer*', 'pw-*'] if topdir: wtcfg = os.path.join(topdir, '.b4-config') if os.access(wtcfg, os.R_OK): |