Web lists-archives.com

Re: [PATCH] rebase -x: sanity check command




Hi Phillip,

[sorry for the double-send, I dropped the Cc: list by mistake the first
time I replied]

On Tue, 29 Jan 2019, Phillip Wood wrote:

> On 28/01/2019 22:03, Johannes Schindelin wrote:
> > Hi Phillip,
> > 
> > On Mon, 28 Jan 2019, Phillip Wood wrote:
> > 
> >> From: Phillip Wood <phillip.wood@xxxxxxxxxxxxx>
> >>
> >> If the user gives an empty argument to --exec then the rebase starts to
> >> run before erroring out with
> >>
> >>   error: missing arguments for exec
> >>   error: invalid line 2: exec
> >>   You can fix this with 'git rebase --edit-todo' and then run 'git rebase --continue'.
> >>   Or you can abort the rebase with 'git rebase --abort'.
> > 
> > And that's the same if you specify an incorrect command.
> 
> Not quite, the issue is that the todo list is invalid, not that the
> command fails - it never gets that far. Those errors are coming from
> parse_insn_line() and parse_insn_buffer().

Ah! I misunderstood "then the rebase starts to run" part.

So please let me withdraw my objections to catch this error.

However, I still would highly recommend to use `strspn()` to simplify the
code.

Thanks,
Dscho

> > In both cases, I would probably heed the second line of the advice: git
> > rebase --abort.
> > 
> >> Instead check for empty commands before starting the rebase.
> >>
> >> Also check that the command does not contain any newlines as the
> >> todo-list format is unable to cope with multiline commands. Note that
> >> this changes the behavior, before this change one could do
> >>
> >> git rebase --exec='echo one
> >> exec echo two'
> >>
> >> and it would insert two exec lines in the todo list, now it will error
> >> out.
> > 
> > This, however, makes a ton of sense to me.
> > 
> >> diff --git a/builtin/rebase.c b/builtin/rebase.c
> >> index 00de70365e..b6c54b03c1 100644
> >> --- a/builtin/rebase.c
> >> +++ b/builtin/rebase.c
> >> @@ -793,6 +793,24 @@ static void set_reflog_action(struct rebase_options *options)
> >>  	strbuf_release(&buf);
> >>  }
> >>  
> >> +static int check_exec_cmd(const char *cmd)
> >> +{
> >> +	int non_blank = 0;
> >> +
> >> +	while (*cmd) {
> >> +		if (*cmd == '\n')
> >> +			return error(_("exec commands cannot contain newlines"));
> >> +		if (!isspace(*cmd))
> >> +			non_blank = 1;
> >> +		cmd++;
> >> +	}
> >> +
> >> +	if (non_blank)
> >> +		return 0;
> > 
> > We are not in a performance critical path here, so I would prefer the
> > readability of this code:
> > 
> > 	if (strchr(cmd, '\n'))
> > 		return error(...);
> > 
> > And if you *really* must,
> > 
> > 	/* Does the command consist purely of whitespace? */
> > 	if (!cmd[strspn(cmd, " \t\r\n")])
> > 		return error(...);
> > 
> > But as I suggested also in a reply to Junio's answer: where would we stop
> > to validate the commands?
> 
> I'm not trying to validate the command (and I don't think we can/should)
> - just generate a todo list that can be parsed.
> 
> Best Wishes
> 
> Phillip
> 
> > 
> > Ciao,
> > Dscho
> > 
> >> +
> >> +	return error(_("empty exec command"));
> >> +}
> >> +
> >>  int cmd_rebase(int argc, const char **argv, const char *prefix)
> >>  {
> >>  	struct rebase_options options = {
> >> @@ -1130,6 +1148,10 @@ int cmd_rebase(int argc, const char **argv, const char *prefix)
> >>  		}
> >>  	}
> >>  
> >> +	for (i = 0; i < exec.nr; i++)
> >> +		if (check_exec_cmd(exec.items[i].string))
> >> +			exit(1);
> >> +
> >>  	if (!(options.flags & REBASE_NO_QUIET))
> >>  		argv_array_push(&options.git_am_opts, "-q");
> >>  
> >> diff --git a/t/t3404-rebase-interactive.sh b/t/t3404-rebase-interactive.sh
> >> index 7a440e08d8..c98f64eb2d 100755
> >> --- a/t/t3404-rebase-interactive.sh
> >> +++ b/t/t3404-rebase-interactive.sh
> >> @@ -147,6 +147,25 @@ test_expect_success 'rebase -i with the exec command checks tree cleanness' '
> >>  	git rebase --continue
> >>  '
> >>  
> >> +test_expect_success 'rebase -x with empty command fails' '
> >> +	test_when_finished "git rebase --abort ||:" &&
> >> +	test_must_fail git rebase -x "" @ 2>actual &&
> >> +	test_write_lines "error: empty exec command" >expected &&
> >> +	test_i18ncmp expected actual &&
> >> +	test_must_fail git rebase -x " " @ 2>actual &&
> >> +	test_i18ncmp expected actual
> >> +'
> >> +
> >> +LF='
> >> +'
> >> +test_expect_success 'rebase -x with newline in command fails' '
> >> +	test_when_finished "git rebase --abort ||:" &&
> >> +	test_must_fail git rebase -x "a${LF}b" @ 2>actual &&
> >> +	test_write_lines "error: exec commands cannot contain newlines" \
> >> +			 >expected &&
> >> +	test_i18ncmp expected actual
> >> +'
> >> +
> >>  test_expect_success 'rebase -i with exec of inexistent command' '
> >>  	git checkout master &&
> >>  	test_when_finished "git rebase --abort" &&
> >> -- 
> >> 2.20.1
> >>
> >>
> 
>