cider-connect improvements
#3410
Conversation
| (if (eq system-type 'windows-nt) | ||
| port-string | ||
| (when (not (equal "" | ||
| (shell-command-to-string (concat "lsof -i:" port-string)))) |
There was a problem hiding this comment.
I know the possibility of not having lsof installed on a Linux machine is low (maybe it comes by default in OSX, but that is not the case in every Linux distribution). But if it isn't installed, shell-command-to-string will return a non-empty string with an error similar to:
"/bin/bash: line 1: lsof: command not found
"
which will make the above code assume that port-string is a "alive", even if we couldn't check that it is.
There was a problem hiding this comment.
Thanks for the review!
I actually considered that.
If there's no lsof installed, the only reasonable option we have is to allow the port, instead of excluding it.
There was a problem hiding this comment.
Wouldn't splicing arbitrary file contents into a shell command in this manner introduce some sort of vulnerability?
Not that I have a specific threat model in mind, but it might at least help to sanitize the input (eg. matching against a basic "^\\d+$" regexp)
There was a problem hiding this comment.
Let's do that, thanks!
Most of all it would seem a good way to ensure the command being run is reasonable (e.g. not an empty string or non-numeric contents)
|
The changes look good, but your branch has to be rebased on top of the current |
vemv
force-pushed
the
3408--cider-connect-improvements
branch
from
9de86cf
to
4b49255
Compare
|
Thanks 🍻 |
.nrepl-port-like files for livenesscider-connectimprovements #3408cider-locate-running-nrepl-portsCheers - V