Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cider-connect improvements #3410

Merged
merged 2 commits into from
Aug 18, 2023
Merged

cider-connect improvements #3410

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2df4bf4
Check `.nrepl-port`-like files for liveness
vemv Aug 14, 2023
4b49255
Describe `cider-locate-running-nrepl-ports`
vemv Aug 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
### Changes

- [#3390](https://github.com/clojure-emacs/cider/issues/3390): Enhance `cider-connect` to show all nREPLs available ports, instead of only Leiningen ones.
- [#3408](https://github.com/clojure-emacs/cider/issues/3408): `cider-connect`: check `.nrepl-port`-like files for liveness, hiding them if they don't reflect an active port.
- Preserve the `:cljs-repl-type` more reliably.
- Improve the presentation of `xref` data.
- `cider-test`: only show diffs for collections.
Expand Down
16 changes: 11 additions & 5 deletions nrepl-client.el
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -254,12 +254,18 @@ PARAMS is as in `nrepl-make-buffer-name'."
(make-obsolete 'nrepl-extract-port 'nrepl-extract-ports "1.5.0")

(defun nrepl--port-from-file (file)
"Attempts to read port from a file named by FILE."
"Attempts to read port from a file named by FILE.

Discards it if it can be determined that the port is not active."
(when (file-exists-p file)
(with-temp-buffer
(insert-file-contents file)
(replace-regexp-in-string "\n\\'" "" ;; remove any trailing newline, so that our UIs look better.
(buffer-string)))))
(let ((port-string (with-temp-buffer
(insert-file-contents file)
(string-trim-right (buffer-string)))))
(if (eq system-type 'windows-nt)
port-string
(when (not (equal ""
(shell-command-to-string (concat "lsof -i:" port-string))))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know the possibility of not having lsof installed on a Linux machine is low (maybe it comes by default in OSX, but that is not the case in every Linux distribution). But if it isn't installed, shell-command-to-string will return a non-empty string with an error similar to:

"/bin/bash: line 1: lsof: command not found
"

which will make the above code assume that port-string is a "alive", even if we couldn't check that it is.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review!

I actually considered that.

If there's no lsof installed, the only reasonable option we have is to allow the port, instead of excluding it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't splicing arbitrary file contents into a shell command in this manner introduce some sort of vulnerability?

Not that I have a specific threat model in mind, but it might at least help to sanitize the input (eg. matching against a basic "^\\d+$" regexp)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do that, thanks!

Most of all it would seem a good way to ensure the command being run is reasonable (e.g. not an empty string or non-numeric contents)

port-string)))))


;;; Bencode
Expand Down
13 changes: 13 additions & 0 deletions test/cider-tests.el
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -701,4 +701,17 @@
;; kill server
(delete-process (get-buffer-process client-buffer)))))))

(describe "cider-locate-running-nrepl-ports"
(it "Concatenates values from different sources"
(spy-on 'file-exists-p :and-return-value t)
(spy-on 'cider--running-lein-nrepl-paths :and-return-value '(("lein" "1234")))
(spy-on 'cider--running-local-nrepl-paths :and-return-value '(("local" "2345")))
(spy-on 'cider--running-non-lein-nrepl-paths :and-return-value '(("non-lein" "3456")))
(spy-on 'clojure-project-dir :and-return-value #'identity)
(spy-on 'cider--path->path-port-pairs :and-return-value '(("from-dir" "4567")))
(spy-on 'directory-file-name :and-call-fake #'identity)
(spy-on 'file-name-nondirectory :and-call-fake #'identity)
(expect (cider-locate-running-nrepl-ports "from-dir")
:to-equal '(("from-dir" "4567") ("lein" "1234") ("local" "2345") ("non-lein" "3456")))))

;;; cider-tests.el ends here
Loading