Skip to content

Messages prefixed with # bypass linting #2827

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cyberbiont opened this issue Oct 19, 2021 · 3 comments
Closed

Messages prefixed with # bypass linting #2827

cyberbiont opened this issue Oct 19, 2021 · 3 comments
Labels
enhancement

Comments

@cyberbiont
Copy link

To reproduce:

1 use config that should always return an error for any commit message:

module.exports = {
   rules: {
       'my-rule': [2, 'always'],
   },
   plugins: [
       {
          rules: {
              'my-rule': () => {
                 return [false, `error!`];
              },
          },
       },
   ],
};

2
run
echo '#message' | npx commitlint
(results in error)

3
open .git/COMMIT_EDITMSG file and put there

#message

or make a commit git commit -m '#message'

4
run
npx commitlint --edit --verbose
(result: found no problems; expected result: error)

This causes any commit message that starts with # to bypass linting when using commitlint in commit-msg hook!
Probably it happens because commitlint does not properly read .git/COMMIT_EDITMSG contents (message starting with # is regarded as comment?)

Your Environment

git version 2.32.0
@commitlint/[email protected]
node v14.17.5
@escapedcat
Copy link
Member

Might be related to #78
# is being parsed as a comment and won't count for rules I guess.
Doubt we would try to take care of this.

@cyberbiont
Copy link
Author

This defeats the purpose of using commitlint to enforce messages code style (especially when using ClickUp)
But whatever the code style is, anyone can bypass it just by prepending commit message with #, thus adding an offending commit to the history.

I think this can be fixed by special treating just for the first line of .git/COMMIT_EDITMSG when commitlint is used with --edit flag
Because when commit is made with 'git commit -m' it usually means that it is a one line message

@escapedcat
Copy link
Member

escapedcat commented Oct 20, 2021
edited
Loading

I get your point.

anyone can bypass it just by prepending commit message with #, thus adding an offending commit to the history.

Anyone can just use --no-verify anyways.

Because when commit is made with 'git commit -m' it usually means that it is a one line message

Not sure about other peoples workflows. But happy if you want to dig into this.

This might duplicate #846, what do you think?
When tackling this we also need to pay attention to: #2351 / commentChar-option

@escapedcat escapedcat mentioned this issue Jun 5, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Milestone
No milestone
Development

No branches or pull requests
2 participants
@escapedcat @cyberbiont