Question: Debug or non-debug build for serious shell scripting? #118
Comments
|
It appears wren-cli does validate parameters though not on the C side. For example, opening a file: // io.wren
foreign class File {
...
static openWithFlags(path, flags) {
ensureString_(path)
ensureInt_(flags, "Flags")
var fd = Scheduler.await_ { open_(path, flags, Fiber.current) }
return new_(fd)
}
...
static ensureString_(path) {
if (!(path is String)) Fiber.abort("Path must be a string.")
}
static ensureInt_(value, name) {
if (!(value is Num)) Fiber.abort("%(name) must be an integer.")
if (!value.isInteger) Fiber.abort("%(name) must be an integer.")
if (value < 0) Fiber.abort("%(name) cannot be negative.")
}
...
}I've always thought of wren-cli as more of a toy or example (much like wren.io/try). I mean since privacy isn't that strong there is nothing stopping a user from doing: File.open_("junk", "junk", "junk")
File.new_("and more junk")So in a go-based wren-cli that I am working on, I actually have a publicly available set of modules with classes that wrap around foreign classes in a private module (see here) and a class with static methods meant to validate parameters like so: class Validate {
static Num(v, name) {
if (!(v is Num)) Fiber.abort("Expected 'Num' for '%(name)'.")
}
static Int(v, name) {
if (!(v is Num) || !v.isInteger) Fiber.abort("Expected integer for '%(name)'.")
}
static PositiveInt(v, name) {
if (!(v is Num) || !v.isInteger || v < 0) Fiber.abort("Expected positive integer for '%(name)'.")
}
static String(v, name) {
if (!(v is String)) Fiber.abort("Expected 'String' for '%(name)'")
}
static Bool(v, name) {
if (!(v is bool)) Fiber.abort("Expected 'Bool' for '%(name)'")
}
static Fn(v, arity, name) {
if (!(v is Fn) || v.arity != arity) Fiber.abort("Expected 'Fn' with %(arity) parameters for '%(name)'")
}
static Type(v, type, name) {
if (!(v is type)) Fiber.abort("Expected '%(type)' for '%(name)'")
}
}so I can have much safer public classes and modules looking like this: class File {
construct openWithFlags(name, flag, perm) {
Validate.String(name, "name")
Validate.Int(flag, "flag")
Validate.Int(perm, "perm")
import "sys:os" for File // sys:os is only importable by certain built in modules
_file = File.new(name, flag, perm)
}
...
}The other benefit to checking on the wren is it's easier (at least I think so) to check that a value is of a certain class type in wren since we have access to the |
Link? What's the license for that Validate code? I think we should add it to the CLI or failing that Wren Essentials - seems it's quite useful for building robust APIs and should just be included. |
|
Deleted my whole comment, I'm still reading the C code, ugh...
Agree, doing this in Wren makes more sense than C. |
Ah I haven't made a repo yet though it should be under the Unlicense license or MIT when I get around to doing it. |
|
@CrazyInfin8 I borrowed this as foundation for use with wren-console. Closing this issue as asked and answered. |
In working on
Process.chdirit was brought to my attention how fragile passing the wrong arguments can be with a production Wren build:We don't seem to validate most arguments (looking at Wren CLI codebase) other than the ASSERT guard rails on all the built in
getWrenString, etc. helpers... so I'm wondering... should the advice for people wishing to use Wren as a serious tool for shell scripting be to always use a debug build - for the additional security/error protection guarantees?The text was updated successfully, but these errors were encountered: