Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bugfix: deny empty positional arguments in all commands #312

Merged
merged 1 commit into from
Oct 18, 2023

Conversation

vkhoroz
Copy link
Member

@vkhoroz vkhoroz commented Oct 11, 2023

We expected this function to be provided by Cobra, but it does not make that check. So, before the some commands accepting positional arguments allowed values like "" or ''. These are affectively empty strings, that is equivalent to no value in all or commands.

As a matter of fact, some commands were panicking on this, some failing on API level with 400, 401, 404, 405, or 500 errors. The exact error which happened seems quite random. In the worst case this could lead to bad behavior, although I found no such use case.

This disallows erroneous (empty) positional arguments once and for all commands. All (random) misbehaving commands I tried are now fixed.

We expected this function to be provided by Cobra, but it does not make that check.
So, before the some commands accepting positional arguments allowed values like "" or ''.
These are affectively empty strings, that is equivalent to no value in all or commands.

As a matter of fact, some commands were panicking on this, some failing on API level with 400, 401, 404, 405, or 500 errors.
The exact error which happened seems quite random.
In the worst case this could lead to bad behavior, although I found no such use case.

This disallows erroneous (empty) positional arguments once and for all commands.
All (random) misbehaving commands I tried are now fixed.

Signed-off-by: Volodymyr Khoroz <volodymyr.khoroz@foundries.io>
@vkhoroz vkhoroz requested review from doanac and mike-sul October 11, 2023 16:55
@vkhoroz vkhoroz self-assigned this Oct 11, 2023
@vkhoroz
Copy link
Member Author

vkhoroz commented Oct 12, 2023

A fix is a bit more complex because of spf13/cobra#216 & spf13/cobra#252

@vkhoroz
Copy link
Member Author

vkhoroz commented Oct 12, 2023

If Cobra mainteiners accept this fix: spf13/cobra#2044 - the workaround may be removed.

@vkhoroz vkhoroz merged commit 398be14 into main Oct 18, 2023
7 checks passed
@vkhoroz vkhoroz deleted the vkhoroz-deny-empty-args branch October 18, 2023 14:13
vkhoroz added a commit that referenced this pull request Nov 14, 2023
We upgraded cobra to 1.8.0 with #329.
So we can use its fix for persistent hooks traversal spf13/cobra#2044,
instead of our workaround for it from #312.

Signed-off-by: Volodymyr Khoroz <volodymyr.khoroz@foundries.io>
vkhoroz added a commit that referenced this pull request Nov 14, 2023
We upgraded cobra to 1.8.0 with #329.
So we can use its fix for persistent hooks traversal spf13/cobra#2044,
instead of our workaround for it from #312.

Signed-off-by: Volodymyr Khoroz <volodymyr.khoroz@foundries.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants