-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not allow empty name in package ID spec #13152
Conversation
r? @weihanglo (rustbot has picked a reviewer for you, use r? to override) |
Signed-off-by: hi-rustin <[email protected]>
Signed-off-by: hi-rustin <[email protected]>
Signed-off-by: hi-rustin <[email protected]>
Signed-off-by: hi-rustin <[email protected]>
Signed-off-by: hi-rustin <[email protected]>
bdfa10e
to
1248522
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔢 Self-check
@@ -98,6 +98,9 @@ impl PackageIdSpec { | |||
Some(version) => Some(version.parse::<PartialVersion>()?), | |||
None => None, | |||
}; | |||
if name.is_empty() { | |||
bail!("package ID specification must have a name: `{spec}`"); | |||
} | |||
validate_package_name(name, "pkgid", "")?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we should put the empty check into this function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That seems like where it should belong but we already have that check be separate for manifests
let package_name = package.name.trim();
if package_name.is_empty() {
bail!("package name cannot be an empty string")
}
validate_package_name(package_name, "package name", "")?;
This makes me think some more investigation is needed.
Note: empty feature names were disallowed as of #12928 but that was because we relied on the behavior of our TOML parser to disallow it which wasn't conformant behavior.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have checked all the references for this function and it seems okay to include the check in the validate_package_name. However, I have also discovered some bugs in those places. For example, if you attempt to type cargo add @1.2.3
, you will receive a panic instead of an error. Therefore, I suggest we move forward with this pull request first. Once that's done, I can work on moving it into the validate_package_name and also add tests to cover these problematic cases. This PR is more focused on fixing bugs from package ID spec.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As a heads up, I'm looking at touching the name validation code as well, so it'll be good to coordinate so we don't cause each other a lot of pain
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it. I will prioritize ensuring that empty names are not allowed. I will make sure I only change one thing each time and do not bring any off-topic changes. Hope that can help.
@bors r+ |
Do not allow empty name in package ID spec
💔 Test failed - checks-actions |
The CI is broken by rust-lang/rust@f481596 |
I am working on fixing it. |
@epage Could you please merge it again? Thanks! |
@bors r+ |
💡 This pull request was already approved, no need to approve it again.
|
☀️ Test successful - checks-actions |
fix: Fill in more empty name holes ### What does this PR try to resolve? This is a follow up to #13152 and expands on work done in #12928. This is also part of #12801 as I am refactoring how we do validation so that it parts of it can move into the schema, removing the last dependency the schema has on the rest of cargo. ### How should we test and review this PR? This prevents empty registry names which should be fine for the same reason as preventing empty feature names in #12928, that this was a regression due to changes in toml parsers ### Additional information
Update cargo 10 commits in 1aa9df1a5be205cce621f0bc0ea6062a5e22a98c..37bc5f0232a0bb72dedd2c14149614fd8cdae649 2023-12-12 14:52:31 +0000 to 2023-12-15 18:33:31 +0000 - docs(home): prepare the changelog for 0.5.9 (rust-lang/cargo#13177) - refactor: Pull name validation into `util_schemas` (rust-lang/cargo#13166) - chore(deps): bump zerocopy from 0.7.29 to 0.7.31 (rust-lang/cargo#13174) - Replace SHGetFolderPathW with SHGetKnownFolderPath (rust-lang/cargo#13173) - chore(bump-check): dont check `home` against beta/stable branches (rust-lang/cargo#13167) - fix: Fill in more empty name holes (rust-lang/cargo#13164) - Do not allow empty name in package ID spec (rust-lang/cargo#13152) - chore(deps): update rust crate openssl to 0.10.61 (rust-lang/cargo#13159) - `all-static` feature should include `vendored-libgit2` (rust-lang/cargo#13134) - doc/registry-web-api: Adjust success response code documentation (rust-lang/cargo#13160) r? ghost
Update cargo 10 commits in 1aa9df1a5be205cce621f0bc0ea6062a5e22a98c..37bc5f0232a0bb72dedd2c14149614fd8cdae649 2023-12-12 14:52:31 +0000 to 2023-12-15 18:33:31 +0000 - docs(home): prepare the changelog for 0.5.9 (rust-lang/cargo#13177) - refactor: Pull name validation into `util_schemas` (rust-lang/cargo#13166) - chore(deps): bump zerocopy from 0.7.29 to 0.7.31 (rust-lang/cargo#13174) - Replace SHGetFolderPathW with SHGetKnownFolderPath (rust-lang/cargo#13173) - chore(bump-check): dont check `home` against beta/stable branches (rust-lang/cargo#13167) - fix: Fill in more empty name holes (rust-lang/cargo#13164) - Do not allow empty name in package ID spec (rust-lang/cargo#13152) - chore(deps): update rust crate openssl to 0.10.61 (rust-lang/cargo#13159) - `all-static` feature should include `vendored-libgit2` (rust-lang/cargo#13134) - doc/registry-web-api: Adjust success response code documentation (rust-lang/cargo#13160) r? ghost
Update cargo 10 commits in 1aa9df1a5be205cce621f0bc0ea6062a5e22a98c..37bc5f0232a0bb72dedd2c14149614fd8cdae649 2023-12-12 14:52:31 +0000 to 2023-12-15 18:33:31 +0000 - docs(home): prepare the changelog for 0.5.9 (rust-lang/cargo#13177) - refactor: Pull name validation into `util_schemas` (rust-lang/cargo#13166) - chore(deps): bump zerocopy from 0.7.29 to 0.7.31 (rust-lang/cargo#13174) - Replace SHGetFolderPathW with SHGetKnownFolderPath (rust-lang/cargo#13173) - chore(bump-check): dont check `home` against beta/stable branches (rust-lang/cargo#13167) - fix: Fill in more empty name holes (rust-lang/cargo#13164) - Do not allow empty name in package ID spec (rust-lang/cargo#13152) - chore(deps): update rust crate openssl to 0.10.61 (rust-lang/cargo#13159) - `all-static` feature should include `vendored-libgit2` (rust-lang/cargo#13134) - doc/registry-web-api: Adjust success response code documentation (rust-lang/cargo#13160) r? ghost
Update cargo 11 commits in 1aa9df1a5be205cce621f0bc0ea6062a5e22a98c..1a2666ddd14cf0a255d4ddb61c63531c259a7b39 2023-12-12 14:52:31 +0000 to 2023-12-17 17:53:53 +0000 - chore: downgrade to openssl v1.1.1 (rust-lang/cargo#13179) - docs(home): prepare the changelog for 0.5.9 (rust-lang/cargo#13177) - refactor: Pull name validation into `util_schemas` (rust-lang/cargo#13166) - chore(deps): bump zerocopy from 0.7.29 to 0.7.31 (rust-lang/cargo#13174) - Replace SHGetFolderPathW with SHGetKnownFolderPath (rust-lang/cargo#13173) - chore(bump-check): dont check `home` against beta/stable branches (rust-lang/cargo#13167) - fix: Fill in more empty name holes (rust-lang/cargo#13164) - Do not allow empty name in package ID spec (rust-lang/cargo#13152) - chore(deps): update rust crate openssl to 0.10.61 (rust-lang/cargo#13159) - `all-static` feature should include `vendored-libgit2` (rust-lang/cargo#13134) - doc/registry-web-api: Adjust success response code documentation (rust-lang/cargo#13160) r? ghost
Update cargo 11 commits in 1aa9df1a5be205cce621f0bc0ea6062a5e22a98c..1a2666ddd14cf0a255d4ddb61c63531c259a7b39 2023-12-12 14:52:31 +0000 to 2023-12-17 17:53:53 +0000 - chore: downgrade to openssl v1.1.1 (rust-lang/cargo#13179) - docs(home): prepare the changelog for 0.5.9 (rust-lang/cargo#13177) - refactor: Pull name validation into `util_schemas` (rust-lang/cargo#13166) - chore(deps): bump zerocopy from 0.7.29 to 0.7.31 (rust-lang/cargo#13174) - Replace SHGetFolderPathW with SHGetKnownFolderPath (rust-lang/cargo#13173) - chore(bump-check): dont check `home` against beta/stable branches (rust-lang/cargo#13167) - fix: Fill in more empty name holes (rust-lang/cargo#13164) - Do not allow empty name in package ID spec (rust-lang/cargo#13152) - chore(deps): update rust crate openssl to 0.10.61 (rust-lang/cargo#13159) - `all-static` feature should include `vendored-libgit2` (rust-lang/cargo#13134) - doc/registry-web-api: Adjust success response code documentation (rust-lang/cargo#13160) r? ghost
What does this PR try to resolve?
Do not allow empty names in package ID spec.
See: Rustin170506/cargo-information#63
How should we test and review this PR?
Check unit tests.
Additional information