File name extension requirement broke Git hooks

[anttiah]

Prerequisites

• Write a descriptive title.
• Make sure you are able to repro it on the latest released version
• Search the existing issues.
• Refer to the FAQ.
• Refer to Differences between Windows PowerShell 5.1 and PowerShell.

Description

Now that script files must have .ps1 file name extension in Windows, because of #15859, it's no longer possible to have Git hooks written in PowerShell. This is a breaking change!

From Git documentation at https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks (emphasis by me)

To enable a hook script, put a file in the hooks subdirectory of your .git directory that is named appropriately (without any extension) and is executable. From that point forward, it should be called. We’ll cover most of the major hook filenames here.

Git hooks in written in PowerShell have worked flawlessly since the file name exetension requirement was removed in PowerShell 6.x. After the 7.2 release, trying execute a git command that has hooks associated with it results in an error message and commit fails.

Steps to reproduce

Make sure Git is installed with full support for all commands. Meaning that paths

• C:\Program Files\Git\cmd
• C:\Program Files\Git\mingw64\bin
• C:\Program Files\Git\usr\bin

are present in user or system PATH environment variable. Git for Windows installer will do this for you.

Then create a file named pre-commit with content:

#!/usr/bin/env pwsh
Write-Verbose 'Hello from pre-commit hook' -Verbose
exit 0

Note that shebang line is required here because of how Git was ported to Windows.

Make sure the file name does not have any extension and place the file into .git\hooks directory of a local git repository.

Make some changes in the repo and try to commit them. For example: git commit -m "Testing" or use VS Code's version control tab.

Expected behavior

pre-commit hook gets executed:

VERBOSE: Hello from pre-commit hook
[testing ca1faea] Testing
 1 file changed, 1 insertion(+)
 create mode 100644 test.txt

Actual behavior

Commit fails with error message:

Git: Processing -File '.git/hooks/pre-commit' failed because the file does not have a '.ps1' extension. Specify a valid PowerShell script file name, and then try again.

Error details

No response

Environment data

Name                           Value
----                           -----
PSVersion                      7.2.0
PSEdition                      Core
GitCommitId                    7.2.0
OS                             Microsoft Windows 10.0.19043
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Visuals

No response

[anttiah]

I was so upset about this change that I forgot to add repro steps. Sorry for that. I have now added the missing details to the original message.

[iSazonov]

Make sure the file name does not have any extension

Why cannot you add .ps1 extension?

[anttiah]

Why cannot you add .ps1 extension?

As stated in the description, it's required by Git:
https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks

To enable a hook script, put a file in the hooks subdirectory of your .git directory that is named appropriately (without any extension) and is executable. From that point forward, it should be called. We’ll cover most of the major hook filenames here.

[daxian-dbw]

@SteveL-MSFT Was the change required due to security reason? Can you please take a look?

[jborean93]

That's weird at least on Linux it works for me

echo -e '#!/usr/bin/env pwsh\necho "test"' > /tmp/test_script
chmod +x /tmp/test_script

# All 3 below work on 7.2.0
/tmp/test_script
pwsh /tmp/test_script
pwsh -File /tmp/test_script

Maybe it's a problem specific for Windows where shebangs don't usually work and it relies on the file extension to have an associated executable. Still if tools like Mingw/Cygwin/WSL can work with the shebang and still pick up Windows executables then I don't think checking the extension is really ideal.

[anttiah]

That's weird at least on Linux it works for me

This issue originated from #15859 which was for Windows only.

[jborean93]

From the linked PR:

However, Windows doesn't support shebang, so we should be consistent with Windows PowerShell and only allow for scripts with .ps1 extension.

Personally I think pwsh should be consistent everywhere and we can ignore what WinPS did. Especially since WinPS was a bit more restrictive. I don't see a real reason why this would really be beneficial to security.

[SteveL-MSFT]

pwsh -file foo would read the contents of foo and execute it as though you typed it into the console. This is needed on non-Windows for shebang to work correctly. However, on Windows, this could be a security concern as things like checking if a script is signed (and should be executed) only happens for .ps1 files.

I wonder on Windows if it might work to allow for pwsh -file foo, but instead of straight execution, we save it to a temporary .ps1 and then execute that script.

Would be good for Security WG to take a look at such a proposal.

[jborean93]

However, on Windows, this could be a security concern as things like checking if a script is signed (and should be executed) only happens for .ps1 files.

Why not check the signature all the time and not just with the extension? If PowerShell knows it is going to execute a file as a script then it should do the check regardless of whether an extension is present.

[anttiah]

I wonder on Windows if it might work to allow for pwsh -file foo, but instead of straight execution, we save it to a temporary .ps1 and then execute that script.

Not sure about performance impact of that kind of workaround, but in reality it might actually fix this one as well: #9887. Only on Windows, though. I haven't tested that one recently but I'd guess that empty automatic variables is still an issue.