From c635f5f9c5db5ee3a7f7e8cba3d2bafd115c4e1f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 4 Dec 2025 12:42:02 +0100 Subject: [PATCH] Fix detection of security commit --- dev/tools/apstats.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dev/tools/apstats.php b/dev/tools/apstats.php index c433043b6c5..13f34b955bd 100755 --- a/dev/tools/apstats.php +++ b/dev/tools/apstats.php @@ -61,7 +61,7 @@ if (empty($argv[1])) { $outputpath = $argv[1]; $outputdir = dirname($outputpath); $outputfile = basename($outputpath); -$outputfilerss = preg_replace('/\.\w+$/i', '', $outputfile).'-security.rss'; +$outputfilerss = preg_replace('/\.\w+$/i', '', $outputfile).'-security.rss'; // Replace the .html by -security.rss if (!is_dir($outputdir)) { print 'Error: dir '.$outputdir.' does not exists or is not writable'."\n"; @@ -271,7 +271,7 @@ $nbofmonth = 6; $delay = (3600 * 24 * 30 * $nbofmonth); $arrayofalerts = array(); -$commandcheck = "git log --all --shortstat --no-renames --use-mailmap --pretty=".escapeshellarg('format:%cI;%H;%aN;%aE;%ce;%s')." --since=".escapeshellarg(dol_print_date(dol_now() - $delay, '%Y-%m-%d'))." | grep -i -E ".escapeshellarg("(#yogosha|CVE|Sec:|Sec |Sec$)"); +$commandcheck = "git log --all --shortstat --no-renames --use-mailmap --pretty=".escapeshellarg('format:%cI;%H;%aN;%aE;%ce;%s')." --since=".escapeshellarg(dol_print_date(dol_now() - $delay, '%Y-%m-%d'))." | grep -i -E ".escapeshellarg("(#yogosha|CVE|Sec:|Sec |^Sec$)"); print 'Execute git log to get commits related to security: '.$commandcheck."\n"; $output_arrglpu = array(); $resexecglpu = 0; @@ -280,7 +280,7 @@ foreach ($output_arrglpu as $valgitlog) { // The most recent lines are first. // Parse the line to split interesting data $tmpval = cleanVal2($valgitlog); - if (preg_match('/(#yogosha|CVE[\s\-]*\d|Sec:|Sec\s|Sec$)/i', $tmpval['title'])) { // Recommended git comment: "Sec: Fix #..." + if (preg_match('/(#yogosha|CVE[\s\-]*\d|Sec:|Sec\s|^Sec$)/i', $tmpval['title'])) { // Recommended git comment: "Sec: Fix #..." $alreadyfound = ''; $alreadyfoundcommitid = ''; foreach ($arrayofalerts as $val) { // Loop on already found alerts @@ -932,7 +932,7 @@ $html .= ''; $html .= ''; $html .= '
'; -$html .= 'Note:Search is done in git repository on regex string "#yogosha|CVE[\s\-]*\d|Sec:|Sec\s" (not case sensitive)
'; +$html .= 'Note:Search is done in git repository on regex string "#yogosha|CVE[\s\-]*\d|Sec:|Sec |^Sec\s" (not case sensitive)
'; $html .= 'You can use this URL for RSS notifications: '.$outputfilerss.'

'; $html .= '';