This adds a new way to report CVEs that includes an accompanying
description. It also adds a new validation check that ensures that the
CVE description is present for every entry listed in the 'Mitigated:'
field.
Bug: b/392026683
Change-Id: Ie55595970b49d705ac532f1f8c41ff47d959f56c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6211644
Auto-Submit: Jordan Brown <rop@google.com>
Reviewed-by: Jiewei Qian <qjw@chromium.org>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
Currently using a license in the WITH_PERMISSION_ONLY list will create a
warning. By making an ALL_LICENSE list including this list and also
allowing it when checking for open source compatible licenses, it will
no longer create warnings.
This will enable us to change the current warnings into errors.
Bug: b/388620886
Change-Id: I883a3d3c825f0f1903b62d0b93810218b1f42bb9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6188501
Commit-Queue: Jordan Brown <rop@google.com>
Reviewed-by: Rachael Newitt <renewitt@google.com>
Reciprocal licenses can only be used in open source projects.
This change updates the presubmit validation checks to accept an
optional flag `allow_reciprocal_licenses`. When True, the allowlist is
extended to include reciprocal licenses.
Bug: 385020146
Change-Id: I0374658207bc87ffd74e033762ee4973c6e83b3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6107863
Reviewed-by: Jordan Brown <rop@google.com>
Auto-Submit: Jordan Brown <rop@google.com>
Reviewed-by: Rachael Newitt <renewitt@google.com>
Commit-Queue: Rachael Newitt <renewitt@google.com>
Change the delimiter for license field from allowing complex cases using "and", "or", and "/" to only allowing a single comma separated list of licenses that are in use.
When given a choice of licenses OWNERS should choose the most appropriate and list this one. In nearly all cases this should be 'whichever is the least restrictive'.
Corresponding change in documentation: https://crrev.com/c/6068628
Change-Id: Ic30dfacb9ba586137b9493cec878b636107a55f4
Bug: 311097536
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6055313
Reviewed-by: Jordan Brown <rop@google.com>
Commit-Queue: Rachael Newitt <renewitt@google.com>
Auto-Submit: Jordan Brown <rop@google.com>
Reviewed-by: Rachael Newitt <renewitt@google.com>
Adds support to report line numbers when validation fails.
Change-Id: Iba94c5b3582d7e51f15d266d188909d3a82b75cb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5740963
Reviewed-by: Jordan Brown <rop@google.com>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
Reviewed-by: Anne Redulla <aredulla@google.com>
This CL adds a "early terminate the field based on field value" parser
mechanism to end the field as soon as the field value provides an
unambiguous answer to the question we care about.
This is to prevent over-extraction over certain fields (specifically,
local modifications) which can either be a definitive answer (e.g. No
modification) or multi-line free-form texts (which may contain unknown
fields that we don't care about at this stage).
This mitigates over extraction of README.chromium files like:
```
Local Modifications:
None
How to Uprev:
Steps...
```
Where the old parser would extract "None\n\nHow to Uprev:\nSteps..."
This CL also refactors single line fields to use the same early
termination mechanism since single line field simply ends as soon as
the line is parsed.
Union[Something, None] is changed to Optional[Something] based on
styleguide.
Bug: b/324149233
Change-Id: I3fca80eaceb071263f8ae8730afda230fff0bbb0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5394917
Reviewed-by: Anne Redulla <aredulla@google.com>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
This CL adds a "structured" concept to the parser. In a structured
field, the parser will proactively look for field-like patterns to
start a new field (even if they aren't known fields).
This mitigates the issue when an unknown field immediately
follows a multi-line text field, such as:
URL: https://example.com
UnknownField: abc
And URL field value parses to
"https://example.com<newline>UnknownField:abc".
Bug: b/324149233
Change-Id: I54807bd7b242fc14c679483453ade83f8fd20225
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5379679
Reviewed-by: Anne Redulla <aredulla@google.com>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
This is a reland of commit a1cfc693af
The original commit was reverted do to `ModuleNotFoundError`s. I believe this was due to not specifying `metadata` to be part of the `depot_tools` recipe bundle. I have updated `.gitattributes` for this, and also added `__init__.py` files.
I will put the changes to `presubmit_canned_checks.py` in a later CL, once I can confirm `metadata` is being bundled.
Original change's description:
> [ssci] Added CheckChromiumMetadataFiles in presubmit_canned_checks
>
> Bug: b:277147404
> Change-Id: I14a2f11b256bc85fdfe225443ef533c38463ca3e
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/4796694
> Reviewed-by: Gavin Mak <gavinmak@google.com>
> Reviewed-by: Rachael Newitt <renewitt@google.com>
> Commit-Queue: Anne Redulla <aredulla@google.com>
Bug: b:277147404
Change-Id: Ibd9efd5970a5393c157ca8763f97064d7c167803
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/4803385
Reviewed-by: Rachael Newitt <renewitt@google.com>
Reviewed-by: Gavin Mak <gavinmak@google.com>
Commit-Queue: Anne Redulla <aredulla@google.com>
Jordan
Jiewei Qian
Anne Redulla