Do not allow empty name in package ID spec #13152
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
r? @weihanglo (rustbot has picked a reviewer for you, use r? to override) |
rustbot
added
the
S-waiting-on-review
weihanglo
reviewed
Dec 11, 2023
Signed-off-by: hi-rustin <[email protected]>
Signed-off-by: hi-rustin <[email protected]>
Signed-off-by: hi-rustin <[email protected]>
Signed-off-by: hi-rustin <[email protected]>
Signed-off-by: hi-rustin <[email protected]>
Rustin170506
force-pushed
the
rustin-patch-empty-name
branch
from
bdfa10e
to
1248522
Compare
Rustin170506
commented
Dec 11, 2023
| @@ -98,6 +98,9 @@ impl PackageIdSpec { | |||
| Some(version) => Some(version.parse::<PartialVersion>()?), | |||
| None => None, | |||
| }; | |||
| if name.is_empty() { | |||
| bail!("package ID specification must have a name: `{spec}`"); | |||
| } | |||
| validate_package_name(name, "pkgid", "")?; | |||
There was a problem hiding this comment.
Maybe we should put the empty check into this function?
There was a problem hiding this comment.
That seems like where it should belong but we already have that check be separate for manifests
let package_name = package.name.trim();
if package_name.is_empty() {
bail!("package name cannot be an empty string")
}
validate_package_name(package_name, "package name", "")?;This makes me think some more investigation is needed.
Note: empty feature names were disallowed as of #12928 but that was because we relied on the behavior of our TOML parser to disallow it which wasn't conformant behavior.
There was a problem hiding this comment.
I have checked all the references for this function and it seems okay to include the check in the validate_package_name. However, I have also discovered some bugs in those places. For example, if you attempt to type cargo add @1.2.3, you will receive a panic instead of an error. Therefore, I suggest we move forward with this pull request first. Once that's done, I can work on moving it into the validate_package_name and also add tests to cover these problematic cases. This PR is more focused on fixing bugs from package ID spec.
There was a problem hiding this comment.
As a heads up, I'm looking at touching the name validation code as well, so it'll be good to coordinate so we don't cause each other a lot of pain
There was a problem hiding this comment.
Got it. I will prioritize ensuring that empty names are not allowed. I will make sure I only change one thing each time and do not bring any off-topic changes. Hope that can help.
Rustin170506
changed the title
|
@bors r+ |
bors
added
S-waiting-on-bors
bors
added a commit
that referenced
this pull request
Dec 12, 2023
Do not allow empty name in package ID spec
|
💔 Test failed - checks-actions |
bors
added
S-waiting-on-review
|
The CI is broken by rust-lang/rust@f481596 |
|
I am working on fixing it. |
This was referenced Dec 12, 2023
|
@epage Could you please merge it again? Thanks! |
|
@bors r+ |
|
💡 This pull request was already approved, no need to approve it again.
|
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
bors
added a commit
that referenced
this pull request
Dec 13, 2023
fix: Fill in more empty name holes ### What does this PR try to resolve? This is a follow up to #13152 and expands on work done in #12928. This is also part of #12801 as I am refactoring how we do validation so that it parts of it can move into the schema, removing the last dependency the schema has on the rest of cargo. ### How should we test and review this PR? This prevents empty registry names which should be fine for the same reason as preventing empty feature names in #12928, that this was a regression due to changes in toml parsers ### Additional information
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 16, 2023
Update cargo 10 commits in 1aa9df1a5be205cce621f0bc0ea6062a5e22a98c..37bc5f0232a0bb72dedd2c14149614fd8cdae649 2023-12-12 14:52:31 +0000 to 2023-12-15 18:33:31 +0000 - docs(home): prepare the changelog for 0.5.9 (rust-lang/cargo#13177) - refactor: Pull name validation into `util_schemas` (rust-lang/cargo#13166) - chore(deps): bump zerocopy from 0.7.29 to 0.7.31 (rust-lang/cargo#13174) - Replace SHGetFolderPathW with SHGetKnownFolderPath (rust-lang/cargo#13173) - chore(bump-check): dont check `home` against beta/stable branches (rust-lang/cargo#13167) - fix: Fill in more empty name holes (rust-lang/cargo#13164) - Do not allow empty name in package ID spec (rust-lang/cargo#13152) - chore(deps): update rust crate openssl to 0.10.61 (rust-lang/cargo#13159) - `all-static` feature should include `vendored-libgit2` (rust-lang/cargo#13134) - doc/registry-web-api: Adjust success response code documentation (rust-lang/cargo#13160) r? ghost
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 16, 2023
Update cargo 10 commits in 1aa9df1a5be205cce621f0bc0ea6062a5e22a98c..37bc5f0232a0bb72dedd2c14149614fd8cdae649 2023-12-12 14:52:31 +0000 to 2023-12-15 18:33:31 +0000 - docs(home): prepare the changelog for 0.5.9 (rust-lang/cargo#13177) - refactor: Pull name validation into `util_schemas` (rust-lang/cargo#13166) - chore(deps): bump zerocopy from 0.7.29 to 0.7.31 (rust-lang/cargo#13174) - Replace SHGetFolderPathW with SHGetKnownFolderPath (rust-lang/cargo#13173) - chore(bump-check): dont check `home` against beta/stable branches (rust-lang/cargo#13167) - fix: Fill in more empty name holes (rust-lang/cargo#13164) - Do not allow empty name in package ID spec (rust-lang/cargo#13152) - chore(deps): update rust crate openssl to 0.10.61 (rust-lang/cargo#13159) - `all-static` feature should include `vendored-libgit2` (rust-lang/cargo#13134) - doc/registry-web-api: Adjust success response code documentation (rust-lang/cargo#13160) r? ghost
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 17, 2023
Update cargo 10 commits in 1aa9df1a5be205cce621f0bc0ea6062a5e22a98c..37bc5f0232a0bb72dedd2c14149614fd8cdae649 2023-12-12 14:52:31 +0000 to 2023-12-15 18:33:31 +0000 - docs(home): prepare the changelog for 0.5.9 (rust-lang/cargo#13177) - refactor: Pull name validation into `util_schemas` (rust-lang/cargo#13166) - chore(deps): bump zerocopy from 0.7.29 to 0.7.31 (rust-lang/cargo#13174) - Replace SHGetFolderPathW with SHGetKnownFolderPath (rust-lang/cargo#13173) - chore(bump-check): dont check `home` against beta/stable branches (rust-lang/cargo#13167) - fix: Fill in more empty name holes (rust-lang/cargo#13164) - Do not allow empty name in package ID spec (rust-lang/cargo#13152) - chore(deps): update rust crate openssl to 0.10.61 (rust-lang/cargo#13159) - `all-static` feature should include `vendored-libgit2` (rust-lang/cargo#13134) - doc/registry-web-api: Adjust success response code documentation (rust-lang/cargo#13160) r? ghost
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 18, 2023
Update cargo 11 commits in 1aa9df1a5be205cce621f0bc0ea6062a5e22a98c..1a2666ddd14cf0a255d4ddb61c63531c259a7b39 2023-12-12 14:52:31 +0000 to 2023-12-17 17:53:53 +0000 - chore: downgrade to openssl v1.1.1 (rust-lang/cargo#13179) - docs(home): prepare the changelog for 0.5.9 (rust-lang/cargo#13177) - refactor: Pull name validation into `util_schemas` (rust-lang/cargo#13166) - chore(deps): bump zerocopy from 0.7.29 to 0.7.31 (rust-lang/cargo#13174) - Replace SHGetFolderPathW with SHGetKnownFolderPath (rust-lang/cargo#13173) - chore(bump-check): dont check `home` against beta/stable branches (rust-lang/cargo#13167) - fix: Fill in more empty name holes (rust-lang/cargo#13164) - Do not allow empty name in package ID spec (rust-lang/cargo#13152) - chore(deps): update rust crate openssl to 0.10.61 (rust-lang/cargo#13159) - `all-static` feature should include `vendored-libgit2` (rust-lang/cargo#13134) - doc/registry-web-api: Adjust success response code documentation (rust-lang/cargo#13160) r? ghost
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 18, 2023
Update cargo 11 commits in 1aa9df1a5be205cce621f0bc0ea6062a5e22a98c..1a2666ddd14cf0a255d4ddb61c63531c259a7b39 2023-12-12 14:52:31 +0000 to 2023-12-17 17:53:53 +0000 - chore: downgrade to openssl v1.1.1 (rust-lang/cargo#13179) - docs(home): prepare the changelog for 0.5.9 (rust-lang/cargo#13177) - refactor: Pull name validation into `util_schemas` (rust-lang/cargo#13166) - chore(deps): bump zerocopy from 0.7.29 to 0.7.31 (rust-lang/cargo#13174) - Replace SHGetFolderPathW with SHGetKnownFolderPath (rust-lang/cargo#13173) - chore(bump-check): dont check `home` against beta/stable branches (rust-lang/cargo#13167) - fix: Fill in more empty name holes (rust-lang/cargo#13164) - Do not allow empty name in package ID spec (rust-lang/cargo#13152) - chore(deps): update rust crate openssl to 0.10.61 (rust-lang/cargo#13159) - `all-static` feature should include `vendored-libgit2` (rust-lang/cargo#13134) - doc/registry-web-api: Adjust success response code documentation (rust-lang/cargo#13160) r? ghost
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR try to resolve?
Do not allow empty names in package ID spec.
See: Rustin170506/cargo-information#63
How should we test and review this PR?
Check unit tests.
Additional information