SVN for developers (avoid all svn Error: 155005 Error: 150002 Error: 200009 Error: 155007)

2

This blog will help you “prevent” all the svn shit you and your team have been going thru.
– As a developer I care for coding, a tool is to help me make things easier. svn helps, but has its own pitfalls. I have managed to find a organized way of doing things that help me keep things clean.
– As a manager, I cant let my dev’s fall into the trap of svn issues.

You and me both know that a troublesome svn commit can kill your evening. Right ?

So I’ll try to explain and go into detail of every step explaining “why” too, but you dont have to understand why. Just follow the steps and you should be fine.

Create 3 directories (checkout, wip and bb)
wip stands for work in progress, you knew that.. didn’t u..
bb stands for buddy build

1) You use “svn checkout” to get your project from the svn server.
2) Now dont start work, copy these files to your “wip” directory. Do all that you want to here.
3) When you are ready to checkin, create a subdirectory in your bb directory. May be call it YYYYMMDD. In this directory create wip and checkout directory.
4) copy stuff from the wip directory to your bb/YYYYMMDD/wip directory
5) in your checkout directory, run a “svn update” so that you get the latest from svn
6) copy the project from your checkout directory to your bb/YYYYMMDD/checkout directory
7) Now, open a directory compare tool, meld, araxis merge or beyond compare. On the left keep your bb/YYYYMMDD/checkout directory and on the right keep you bb/YYYYMMDD/wip directory
8) Move only “files” from your right to left, DO NOT move directories. Delete files in your checkout directory if need be
9) Copy your bb/YYYYMMDD/checkout directory to your checkout directory and overwrite your checkout folder
10) Build the bb/YYYYMMDD/checkout directory to ensure that you dont mess up the build.
11) in your checkout directory do a ‘svn status’.

This is where the fun starts
For every ? do a svn add file/directory name
For every ! do a svn delete file/directory name

12) Do a ‘svn status’ again unless you get a M, A or a D against all the files (MAD). If you have a MAD, then you are ready for commit.
13) ‘svn commit -m “your message”‘. It will work :).

Now, why create so many directories.
– checkout is obvious, you want to get the latest and best from svn folder
– wip is obvious, you want to work somewhere, with no worries to get screwed by a svn update
– bb, is not obvious, a file/folder compare can screw up very easily. If you move a file from left to right instead of right to left, you are screwed. you can loose all your changes in your wip folder.
– why step 9, you ask, since you dont want to check in .class files and .obj files right ?
– why only copy files and NOT directories. Since svn maintains the state of your file/directories in a hidden folder .svn. If you copy directories, you can overwrite your checkout folder and mess things up.

More details for the people who want to know about the svn commands.
svn checkout – will check out the files from the project.
Here you will edit your source files, unit test to ensure that u have all covered. By now you have 3 things to worry about.
1) Someone else make checkins to the same project you are working on.
2) Someone made changes to your source files
3) You may break them, or they may break you.

svn status – will check the status of your files. Ideally you should just have a M, A or a D before each file name. M, meaning modified file, A meaning this file was added to your directory and D, meaning a file was deleted.

svn status -u – will do that sanity check for you. It will return a list of files with the result of the sanity test. The character denotes the status of the file you have checked out.
U means the server has a more later checkin of the file, from the last time you checkedout/updated the local working repository
G means that svn can automatically merge the files (the changes are in different parts of the source code)
C There are conflicts, same part of the code has been modified by a different dev on the svn server. This needs to be merged manually.

(CVS guys please note : cvs update does both status and update of svn, so get used to using status and update separately on svn).

For every file labelled C on the svn status output, 3 files will be created .mine (file before editing), .rold (file after editing), .rnew (updated file from svn server)

One more change is made, to your original source file. Markers are added to your orignial code to identify what code was yours and what has come from the svn server.

To Merge you have the following options
– Manually edit the source file, since you can search the markers, you can identify and play around with the code.
– Use a graphical tool like kdiff3 source.cpp.mine source.cpp.rnew -o source.cpp
– Use tkdiff -conflict source.cpp
– Junk the changes, you dont want changes from the svn server :), svn revert source.cpp

Hope I have kept it simple for you to understand and play round with.

Security Links

0

Web Application Security:
 Advanced SQL Injections in SQL Server Applications
http://www.ngssoftware.com/papers/advanced_sql_injection.pdf
 (more) Advanced SQL Injection
http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf
 One-Way Web Hacking
http://net-square.com/papers/one_way/one_way.html
 Imperva Blind SQL Injection
http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html
 SQL Injection Attacks by Example
http://www.unixwiz.net/techtips/sql-injection.html
 Web Applications and SQL Injection
http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf
 Manipulating Microsoft SQL Server Using SQL Injection
http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf
 HTML Code Injection and Cross-site scripting
http://www.technicalinfo.net/papers/CSS.html

 Kerberos Details:
 http://web.mit.edu/kerberos/www
 

Buffer Overflows:
 Once Upon a Free – Heap Overflows
http://www.phrack.org/phrack/57/p57-0x09
 
Defeating Windows XP SP2 Heap Protection and DEP Bypass
http://www.maxpatrol.com/defeating-xpsp2-heap-protection.pdf
 
Smashing The Stack For Fun And Profit
http://www.insecure.org/stf/smashstack.txt
 
Intro to Shellcoding
http://tigerteam.se/dl/papers/intro_to_shellcoding.pdf
 
 
Books:
Shell Coders handbook.
http://www.amazon.com/exec/obidos/tg/detail/-/0764544683/qid=1116428692/sr=8-1/ref=pd_csp_1/104-3942550-7935958?v=glance&s=books&n=507846
 
Network Security Assessment, O’Reilly
http://www.oreilly.com/catalog/networksa/
Good broad coverage of various NPT areas – good background reading
 
Network Security Hacks, O’Reilly http://www.oreilly.com/catalog/netsechacks/index.html
 
Hacking Exposed 1st Ed. http://www.amazon.com/exec/obidos/search-handle-url/index%3Dstripbooks%3Arelevance-above%26field-keywords%3Dhacking%252520exposed%26store-name%3Dbooks/104-3942550-7935958
(The first edition was probably the best)
 
Hack Proofing your Network 1st Ed.
http://www.amazon.com/exec/obidos/search-handle-url/index%3Dstripbooks%3Arelevance-above%26field-keywords%3Dhack%252520proofing%252520your%252520network%26store-name%3Dbooks/104-3942550-7935958
(Covers some other concepts like buffer overflows etc, gives better insight into mindset)
 
Assembly Language Step-by-Step, Wiley
http://www.amazon.com/exec/obidos/tg/detail/-/0471375233/ref=ase_jeffduntemann-20/104-3942550-7935958?v=glance&s=books
(Good no assumed knowledge start to assembler on x86)
 
SQL Server Security, Osbourne
http://shop.osborne.com/cgi-bin/osborne/0072225157.html
(By NGS, excellent reading on the subject)
 
TCP/IP illustrated
http://www.amazon.com/exec/obidos/tg/detail/-/0201633469/104-3942550-7935958?v=glance
 
Building Internet firewalls, O’Reilly
http://www.greatcircle.com/firewalls-book/
 
O’Reilly ‘Security Warrior’
http://www.oreilly.com/catalog/swarrior/
(Excellent introduction to many topics with some walkthrough examples.)
 
 
Osborne ‘Hacknotes’ series
http://www.amazon.com/exec/obidos/search-handle-url/ref=dp_searchBox_1/104-3942550-7935958?url=index%3Dstripbooks%3Arelevance-above%26dispatch%3Dsearch%26results-process%3Dbin&field-keywords=hacknotes&x=0&y=0
(Thin/portable reference material which includes an entire testing methodology)