git hub project version retrieval
Question
I am trying to work on a git hub project source code:
https://github.com/esheri3/OWASP-CSRFGuard
However the jar that I am using has manifest looking like this:
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.2
Created-By: 1.6.0_22-b04-307-10M3261 (Apple Inc.)
Project-Lead: Eric Sheridan (eric.sheridan@owasp.org)
Version: 3.0.0.503
The latest jar that I get from the site has the manifest looking like this:
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.3
Created-By: 1.6.0_16-b01 (Sun Microsystems Inc.)
Project-Lead: Eric Sheridan (eric@infraredsecurity.com)
Version: 3.0.0.591
I want to know how can I retrieve the entire code base that created the jar with manifest number of the first one: 3.0.0.503 Not the latest source code, but a past version; so that I can build and modify on my system as per my needs.
I think it is much easier in subversion. Please note that I have cloned the git project on my system. System information: Windows 7, 64 bit msysgit 1.7.10 git extensions installed
Any pointers will be appreciated.
Solution
Find the commit where that file was created. In Github this is easy, because each file is shown with the latest commit that changed it. You can click that commit and get the SHA1.
You can then use that SHA1 to checkout the code at that particular commit:
$ git checkout SHA1
OTHER TIPS
This project has chosen not to tag versions using git. The only sign of a specific "version" is the updating of a file named Owasp.CsrfGuard/build.number
So in theory you need to read the history of this file (e.g. using git log) to see when the build number was set to 503 in that file, then ask git to checkout that specific revision of the whole tree.
It's up to the project owners how they manage version numbers, they could have made things just as difficult in subversion. There seems to be no rhyme or reason in the case of this specific project. The github history jumps straight from 499 to 504. so I would guess that probably build 503 simply never existed except on some developer's local hard disk, which means that they're not actually doing formal version control at all -- just an ad hoc code drop to github.
Unfortunately I was unable to find version 503 but I did find 504. Good luck!
If you run the following command you should be able to get version 504 of the code.
git checkout 04b240c1874c2176cab5fbc662a9676b085d7f1e
Source: Used github blame to see when the version was changed. Blame