Question

I am trying to work on a git hub project source code:

https://github.com/esheri3/OWASP-CSRFGuard

However the jar that I am using has manifest looking like this:

Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.2
Created-By: 1.6.0_22-b04-307-10M3261 (Apple Inc.)
Project-Lead: Eric Sheridan (eric.sheridan@owasp.org)
Version: 3.0.0.503

The latest jar that I get from the site has the manifest looking like this:

Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.3
Created-By: 1.6.0_16-b01 (Sun Microsystems Inc.)
Project-Lead: Eric Sheridan (eric@infraredsecurity.com)
Version: 3.0.0.591

I want to know how can I retrieve the entire code base that created the jar with manifest number of the first one: 3.0.0.503 Not the latest source code, but a past version; so that I can build and modify on my system as per my needs.

I think it is much easier in subversion. Please note that I have cloned the git project on my system. System information: Windows 7, 64 bit msysgit 1.7.10 git extensions installed

Any pointers will be appreciated.

Was it helpful?

Solution

Find the commit where that file was created. In Github this is easy, because each file is shown with the latest commit that changed it. You can click that commit and get the SHA1.

You can then use that SHA1 to checkout the code at that particular commit:

$ git checkout SHA1

OTHER TIPS

This project has chosen not to tag versions using git. The only sign of a specific "version" is the updating of a file named Owasp.CsrfGuard/build.number

So in theory you need to read the history of this file (e.g. using git log) to see when the build number was set to 503 in that file, then ask git to checkout that specific revision of the whole tree.

It's up to the project owners how they manage version numbers, they could have made things just as difficult in subversion. There seems to be no rhyme or reason in the case of this specific project. The github history jumps straight from 499 to 504. so I would guess that probably build 503 simply never existed except on some developer's local hard disk, which means that they're not actually doing formal version control at all -- just an ad hoc code drop to github.

Unfortunately I was unable to find version 503 but I did find 504. Good luck!

If you run the following command you should be able to get version 504 of the code.

git checkout 04b240c1874c2176cab5fbc662a9676b085d7f1e

Source: Used github blame to see when the version was changed. Blame

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top