Joseph Wu created MESOS-7802:
--------------------------------
Summary: Push-commits.py support script is too lenient when
determining reviews to close
Key: MESOS-7802
URL: https://issues.apache.org/jira/browse/MESOS-7802
Project: Mesos
Issue Type: Bug
Reporter: Joseph Wu
Priority: Minor
The support script {{support/push-commits.py}} can be used by committers to
push commits and simultaneously close reviews. However, it is currently quite
easy to trick the script into closing unrelated reviews.
For example, if you have a commit message like:
{code}
Referring to multiple reviews in one commit message.
Review: https://reviews.apache.org/r/1/
Review: https://reviews.apache.org/r/2/
Review: https://reviews.apache.org/r/3/
Review: https://reviews.apache.org/r/4/
{code}
The script will do this:
{code}
$ support/push-commits.py --dry-run
Found reviews ['1', '2', '3', '4']
Pushing commits to apache
Closing review 1
Closing review 2
Closing review 3
Closing review 4
{code}
It is possible for this to happen non-maliciously, if the contributor's review
description merely refers to another review in the same format.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
