Re: [PATCH] pathspec: die on empty strings as pathspec

2017-06-22 Thread Emily Xie 
I ran the tests and none of them failed. Technically, the state of the
index would indeed be different with these new changes, but this
shouldn't be an issue. In the current version, there's one only item
added to the index that ends up getting used in subsequent tests. That
is, foo1, which is tested in: 'git add --chmod=[+-]x stages
correctly'.

With the current code, foo1 gets added to the index with a mode of
100644. When the 'git add --chmod=[+-]x stages correctly' test
executes, it removes foo1 from the working directory, creates a new
foo1, and runs 'git add --chmod=+x'. It then checks if foo1 is in the
index with a file mode of 100755.

Given how things are set up, the tests pass either way. But I think
it'd actually be nicer with the new changes in this patch, as foo1
would not already be in the index by the time  'git add --chmod=[+-]x
stages correctly' executes.

On Sat, Jun 10, 2017 at 1:54 AM, Junio C Hamano  wrote:
>
> Emily Xie  writes:
>
> > diff --git a/t/t3700-add.sh b/t/t3700-add.sh
> > index f3a4b4a..40a0d2b 100755
> > --- a/t/t3700-add.sh
> > +++ b/t/t3700-add.sh
> > @@ -331,9 +331,8 @@ test_expect_success 'git add --dry-run --ignore-missing 
> > of non-existing file out
> >   test_i18ncmp expect.err actual.err
> >  '
> >
> > -test_expect_success 'git add empty string should invoke warning' '
> > - git add "" 2>output &&
> > - test_i18ngrep "warning: empty strings" output
> > +test_expect_success 'git add empty string should fail' '
> > + test_must_fail git add ""
> >  '
>
> Doesn't this affect the tests that follow this step?  We used to
> warn but went ahead and added all of them anyway, but now we fail
> without adding anything, which means that the state of the index
> before and after this patch would be different.
>
> >  test_expect_success 'git add --chmod=[+-]x stages correctly' '

[PATCH] pathspec: die on empty strings as pathspec

2017-06-06 Thread Emily Xie 
An empty string as a pathspec element matches all paths.  A buggy
script, however, could accidentally assign an empty string to a
variable that then gets passed to a Git command invocation, e.g.:

  path=... compute a path to be removed in $path ...
git rm -r "$path"

which would unintentionally remove all paths in the current
directory.

The fix for this issue comprises of two steps. Step 1, which warns
that empty strings as pathspecs will become invalid, has already
been implemented in commit d426430 ("pathspec: warn on empty strings
as pathspec", 2016-06-22).

This patch is step 2. It removes the warning and throws an error
instead.

Signed-off-by: Emily Xie 
Reported-by: David Turner 
---
 pathspec.c | 10 --
 t/t3600-rm.sh  |  5 ++---
 t/t3700-add.sh |  5 ++---
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/pathspec.c b/pathspec.c
index 50f76ff..65e18b1 100644
--- a/pathspec.c
+++ b/pathspec.c
@@ -605,7 +605,7 @@ void parse_pathspec(struct pathspec *pathspec,
 {
struct pathspec_item *item;
const char *entry = argv ? *argv : NULL;
-   int i, n, prefixlen, warn_empty_string, nr_exclude = 0;
+   int i, n, prefixlen, nr_exclude = 0;
 
memset(pathspec, 0, sizeof(*pathspec));
 
@@ -638,12 +638,10 @@ void parse_pathspec(struct pathspec *pathspec,
}
 
n = 0;
-   warn_empty_string = 1;
while (argv[n]) {
-   if (*argv[n] == '\0' && warn_empty_string) {
-   warning(_("empty strings as pathspecs will be made 
invalid in upcoming releases. "
- "please use . instead if you meant to match 
all paths"));
-   warn_empty_string = 0;
+   if (*argv[n] == '\0') {
+   die("empty string is not a valid pathspec. "
+ "please use . instead if you meant to match 
all paths");
}
n++;
}
diff --git a/t/t3600-rm.sh b/t/t3600-rm.sh
index 5f9913b..c787eac 100755
--- a/t/t3600-rm.sh
+++ b/t/t3600-rm.sh
@@ -858,9 +858,8 @@ test_expect_success 'rm files with two different errors' '
test_i18ncmp expect actual
 '
 
-test_expect_success 'rm empty string should invoke warning' '
-   git rm -rf "" 2>output &&
-   test_i18ngrep "warning: empty strings" output
+test_expect_success 'rm empty string should fail' '
+   test_must_fail git rm -rf ""
 '
 
 test_done
diff --git a/t/t3700-add.sh b/t/t3700-add.sh
index f3a4b4a..40a0d2b 100755
--- a/t/t3700-add.sh
+++ b/t/t3700-add.sh
@@ -331,9 +331,8 @@ test_expect_success 'git add --dry-run --ignore-missing of 
non-existing file out
test_i18ncmp expect.err actual.err
 '
 
-test_expect_success 'git add empty string should invoke warning' '
-   git add "" 2>output &&
-   test_i18ngrep "warning: empty strings" output
+test_expect_success 'git add empty string should fail' '
+   test_must_fail git add ""
 '
 
 test_expect_success 'git add --chmod=[+-]x stages correctly' '
-- 
2.8.4

Re: [PATCH] pathspec: warn on empty strings as pathspec

2016-06-24 Thread Emily Xie 
I suppose I got ahead of myself there. :-) Thanks for the
clarification on the process.

On Thu, Jun 23, 2016 at 2:17 AM, Junio C Hamano  wrote:
> Emily Xie  writes:
>
>> Awesome. Thanks, Junio---this is exciting!
>
> No, thank _you_.
>
>> As for step 2: do you have a good sense on the timing? Around how long
>> should I wait to submit the patch for it?
>
> Not so fast.  We'll wait for others to comment first.
>
> I am queuing this change but that does not mean anything more than
> that I am not outright rejecting the idea.
>
> It is possible that others may assess the cost of having to do the
> two-step migration differently, and the list concensus may end up
> being "if it hurts, don't pass an empty string", i.e. we'd better
> without this patch or subsequent second step.  If that happens, the
> first step dies without hitting 'next'.  I'd say we'd wait at least
> for a week.
>
> Otherwise, if the change is received favourably, we'll merge it to
> 'next', do the same waiting for comments.  Repeat the same and then
> merge to 'master'.  After it hits the next feature release (probably
> at around the end of August), the change will be seen by wider
> general public, and at that point we may see strong opposition from
> them with a good argument neither of us thought of why we shouldn't
> do this change, in which case we might have to revise the plan and
> scrap the whole thing.
>
> So, we'll wait and see.
>



-- 
Emily Xie
xie-emily.com
207.399.6370
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] pathspec: warn on empty strings as pathspec

2016-06-22 Thread Emily Xie 
Awesome. Thanks, Junio---this is exciting!

As for step 2: do you have a good sense on the timing? Around how long
should I wait to submit the patch for it?

Otherwise, let me know if there is anything else that I need to do!

- Emily
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] pathspec: warn on empty strings as pathspec

2016-06-22 Thread Emily Xie 
Currently, passing an empty string as a pathspec results in
a match on all paths. This is because a pathspec match is a
leading substring match that honors directory boundaries.
So, just as pathspec "dir/" (or "dir") matches "dir/file",
"" matches "file".

However, this causes problems. Namely, a user's
carelessly-written script could accidentally assign an
empty string to a variable that then gets passed to a Git
command invocation, e.g.:

git rm -r "$path"
git add "$path"

which would unintentionally affect all paths in the current
directory.

The fix for this issue requires a two-step approach. As
there may be existing scripts that knowingly use empty
strings in this manner, the first step simply invokes a
warning that (1) declares using empty strings to
match all paths will become invalid and (2) asks the user
to use "." if their intent was to match all.

For step two, a follow-up patch several release cycles
later will remove the warnings and throw an error instead.

This patch is the first step.

Signed-off-by: Emily Xie 
Reported-by: David Turner 
Mentored-by: Michail Denchev 
Thanks-to: Sarah Sharp  and James Sharp 
---
 pathspec.c | 11 +--
 t/t3600-rm.sh  |  5 +
 t/t3700-add.sh |  5 +
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/pathspec.c b/pathspec.c
index c9e9b6c..02aa691 100644
--- a/pathspec.c
+++ b/pathspec.c
@@ -364,7 +364,7 @@ void parse_pathspec(struct pathspec *pathspec,
 {
struct pathspec_item *item;
const char *entry = argv ? *argv : NULL;
-   int i, n, prefixlen, nr_exclude = 0;
+   int i, n, prefixlen, warn_empty_string, nr_exclude = 0;
 
memset(pathspec, 0, sizeof(*pathspec));
 
@@ -402,8 +402,15 @@ void parse_pathspec(struct pathspec *pathspec,
}
 
n = 0;
-   while (argv[n])
+   warn_empty_string = 1;
+   while (argv[n]) {
+   if (*argv[n] == '\0' && warn_empty_string) {
+   warning(_("empty strings as pathspecs will be made 
invalid in upcoming releases. "
+ "please use . instead if you meant to match 
all paths"));
+   warn_empty_string = 0;
+   }
n++;
+   }
 
pathspec->nr = n;
ALLOC_ARRAY(pathspec->items, n);
diff --git a/t/t3600-rm.sh b/t/t3600-rm.sh
index d046d98..14f0edc 100755
--- a/t/t3600-rm.sh
+++ b/t/t3600-rm.sh
@@ -881,4 +881,9 @@ test_expect_success 'rm files with two different errors' '
test_i18ncmp expect actual
 '
 
+test_expect_success 'rm empty string should invoke warning' '
+   git rm -rf "" 2>output &&
+   test_i18ngrep "warning: empty strings" output
+'
+
 test_done
diff --git a/t/t3700-add.sh b/t/t3700-add.sh
index f14a665..05379d0 100755
--- a/t/t3700-add.sh
+++ b/t/t3700-add.sh
@@ -332,4 +332,9 @@ test_expect_success 'git add --dry-run --ignore-missing of 
non-existing file out
test_i18ncmp expect.err actual.err
 '
 
+test_expect_success 'git add empty string should invoke warning' '
+   git add "" 2>output &&
+   test_i18ngrep "warning: empty strings" output
+'
+
 test_done
-- 
2.8.4

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] pathspec: warn on empty strings as pathspec

2016-06-20 Thread Emily Xie 
For any command that takes a pathspec, passing an empty string will
execute the command on all files in the current directory. This
results in unexpected behavior. For example, git add "" adds all
files to staging, while git rm -rf "" recursively removes all files
from the working tree and index. A two-step implemetation will
prevent such cases.

This patch, as step one, invokes a warning whenever an empty
string is detected as a pathspec, introducing users to the upcoming
change. For step two, a follow-up patch several release cycles later
will remove the warnings and actually implement the change by
throwing an error instead.

Signed-off-by: Emily Xie 
Reported-by: David Turner 
Mentored-by: Michail Denchev 
Thanks-to: Sarah Sharp  and James Sharp 
---
 pathspec.c | 6 +-
 t/t3600-rm.sh  | 6 +-
 t/t3700-add.sh | 4 
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/pathspec.c b/pathspec.c
index c9e9b6c..79e370e 100644
--- a/pathspec.c
+++ b/pathspec.c
@@ -402,8 +402,12 @@ void parse_pathspec(struct pathspec *pathspec,
}
 
n = 0;
-   while (argv[n])
+   while (argv[n]) {
+   if (*argv[n] == '\0')
+   warning(_("empty strings are not valid pathspecs and 
will no longer "
+ "be supported in upcoming releases"));
n++;
+   }
 
pathspec->nr = n;
ALLOC_ARRAY(pathspec->items, n);
diff --git a/t/t3600-rm.sh b/t/t3600-rm.sh
index d046d98..4503a14 100755
--- a/t/t3600-rm.sh
+++ b/t/t3600-rm.sh
@@ -881,4 +881,8 @@ test_expect_success 'rm files with two different errors' '
test_i18ncmp expect actual
 '
 
-test_done
+test_expect_success 'rm empty string should invoke warning' '
+   git rm -rf "" 2>&1 | grep "warning: empty string"
+'
+
+test_done
\ No newline at end of file
diff --git a/t/t3700-add.sh b/t/t3700-add.sh
index f14a665..5dbe8c2 100755
--- a/t/t3700-add.sh
+++ b/t/t3700-add.sh
@@ -207,6 +207,10 @@ test_expect_success POSIXPERM,SANITY 'git add should fail 
atomically upon an unr
! ( git ls-files foo1 | grep foo1 )
 '
 
+test_expect_success 'git add empty string should invoke warning' '
+   git add "" 2>&1 | grep "warning: empty string"
+'
+
 rm -f foo2
 
 test_expect_success POSIXPERM,SANITY 'git add --ignore-errors' '
-- 
2.8.4

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] pathspec: prevent empty strings as pathspecs

2016-06-19 Thread Emily Xie 
Thanks for the quick responses on this patch!

In response to Junio:

> "At least you would need two-step process to introduce a change like
> this to warn the people whose tools and workflows you are breaking.
> That is, (1) in one release, you add code to only detect the case
> you will be changing the behaviour in a later version and give
> warning messages, and (2) in another release that is several release
> cycles later, stop warning and actually change the behaviour

> I do not mind a two-step breaking of compatibility to address this
> issue; I would also understand if the author thinks it is not worth
> the hassle to do so.  The sudden behaviour change with this patch
> alone is however not acceptable, I would think."

I understand your hesitance with the original method. If the agreed
solution is a two-step implementation, I think it would definitely be
worth my time and hasslein part because I'm particularly excited
about the prospect of contributing to Git, but mostly because I do
believe that it would be a good improvement.

Given this, I'll edit the patch and re-submit to only emit warning
messages for now.

- Emily
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] pathspec: prevent empty strings as pathspecs

2016-06-18 Thread Emily Xie 
For any command that takes a pathspec, passing an empty string will
execute the command on all files in the current directory. This
results in unexpected behavior. For example, git add "" adds all
files to staging, while git rm -rf "" recursively removes all files
from the working tree and index. This patch prevents such cases by
throwing an error message whenever an empty string is detected as a
pathspec.

Signed-off-by: Emily Xie 
Reported-by: David Turner 
Mentored-by: Michail Denchev 
Thanks-to: Sarah Sharp  and James Sharp 
---
 pathspec.c | 6 +-
 t/t3600-rm.sh  | 4 
 t/t3700-add.sh | 4 
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/pathspec.c b/pathspec.c
index c9e9b6c..11901a2 100644
--- a/pathspec.c
+++ b/pathspec.c
@@ -402,8 +402,12 @@ void parse_pathspec(struct pathspec *pathspec,
}
 
n = 0;
-   while (argv[n])
+   while (argv[n]) {
+   if (*argv[n] == '\0') {
+   die("Empty string is not a valid pathspec.");
+   }
n++;
+   }
 
pathspec->nr = n;
ALLOC_ARRAY(pathspec->items, n);
diff --git a/t/t3600-rm.sh b/t/t3600-rm.sh
index d046d98..1d7dc79 100755
--- a/t/t3600-rm.sh
+++ b/t/t3600-rm.sh
@@ -791,6 +791,10 @@ test_expect_success 'setup for testing rm messages' '
git add bar.txt foo.txt
 '
 
+test_expect_success 'rm files with empty string pathspec' '
+  test_must_fail git rm ""
+'
+
 test_expect_success 'rm files with different staged content' '
cat >expect <<-\EOF &&
error: the following files have staged content different from both the
diff --git a/t/t3700-add.sh b/t/t3700-add.sh
index f14a665..49cb080 100755
--- a/t/t3700-add.sh
+++ b/t/t3700-add.sh
@@ -207,6 +207,10 @@ test_expect_success POSIXPERM,SANITY 'git add should fail 
atomically upon an unr
! ( git ls-files foo1 | grep foo1 )
 '
 
+test_expect_success 'git add empty string as pathspec must fail' '
+  test_must_fail git add ""
+'
+
 rm -f foo2
 
 test_expect_success POSIXPERM,SANITY 'git add --ignore-errors' '
-- 
2.8.4

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html