-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: extending external configs #236
Comments
+1 for this. It'd be very helpful for enforcing organizational coding styles. |
+1 |
Quoting the specification:
You can have a global .editorconfig in you home directory and extend it in your project dir, and also have a editorconfig file in every subdir of your project. I guess this is the closes thing to the feature you request. |
@gilmrjc This does not solve the problem. I need to extend |
Can't bundle it together with tslint settings because of that :( |
Still needed! |
I assume editorconfig settings are much simpler than eslint/tslint, and |
@hax Exstensibility is always better than copy-pasting |
@editorconfig/board-member Surprisingly we didn't have much discussion on this... I personally think this can be a good extension allowing large projects to modulize their
to switch between different coding styles. However, I think this should be motivated for languages other than C/C++ as well, since I haven't seen another language using significantly standard different coding styles. Thoughts? |
In general I like the idea. But what about security? Are absolute paths allowed, or required? Is One might say that we only have some basic settings that go into a And since it is possible to add there own tags, like for instance the Roslyn compiler for .Net, basically the sky is the limit. So security should always something to think about. Although you can say that when somebody adds his own tags it is their responsibility to think about security. Anyway, we should be very specific about what is allowed and what not. Remember #360 / #361 |
@ffes That's a true concern: We will get the system overly complicated. If we are not motivated enough, I would prefer not supporting |
Hi all, it looks like this hasn't progressed. I'd be happy to help out. It looks like |
@mrmckeb are you going to look into this? |
Hi @sorenhoyer, I was waiting for a response from the team - I can still see this being useful for many people. |
I do agree. Pretty useful especially for sharing editor configs between multiple projects. Edit: Look at browserslist, stylelint, eslint or commitlint etc.. They all provide an option to extend configs. |
@xuhdev, @ffes - Since interest in this problem is continuing, I would like to propose that we may open a formal discussion about a include-functionality. I am very curious about the intended use-cases since i think it will be a bit of work to create a solution which is performant, safe and meeting a users expectation. In my current opinion there is (at least) one EC-file in the repository which should be configured the way the repo-owners want their code being formatted. Having external dependencies which might change eventually may disrupt the repo's intentional formatting. |
I agree -- do you think it would solve the concern by limiting the included file to be no higher than the directory level of the including |
I don't know (yet) - as @ffes mentioned i'd fear a directory-traversal attack. Currently my main pain-point is that i don't see a case where a repo-owner would prefer implicit over explicit EC-rules. Because that's probably the reason why most of the repos (i worked with) have a This could be a starting-point for further research: |
... |
@florianb I think there are some sensible defaults that I'd like to see enforced. This is particularly valuable if you work in an organisation with many projects. I don't think this is hard to set up per project, but it would be great to inherit company defaults - for both new projects and updates to existing projects. It also ensures consistency. There are approaches we could take as an organisation of course, like populating the file with defaults via a custom package, and updating files (trying to take into account user changes). Does anyone have any other ideas on how this could be solved without having config extension? |
I can think of two options for various use cases. In the following,
Requesters of this feature, what say you? Neither of these ideas is a panacea, but both avoid requiring plugins to implement a system as complex as eslint's. |
I think those are great suggestions, and we'll likely go with the second as we don't configure developer environments to that level. |
Do symlinks committed to git from a unix system work properly when checked out on a windows system and vice versa? Trying to answer my own question, it seems to depend on configuring windows and git to make it work: https://stackoverflow.com/a/59761201 I wonder what the situation is with version control systems other than git as well. |
@vith Those are good questions --- I unfortunately do not know for sure. I do know that symlinks work fine for me on Cygwin running in Windows, which is my primary npm environment. Edit In git repos, my experience is that symlinks checked in from Cygwin check out fine on Linux, and vice versa. |
I'd argue that any developer on Windows should try to use WSL if they can, but I don't think we can say that WSL/Cigwin/etc is a solution to that problem sadly. So perhaps that brings us back to the config question. Could we overcome concerns of a directory-traversal attack? It seems to me that the implementations (editor plugins, etc.) themselves would need to handle this, rather than the config. |
@mrmckeb thank you very much - i see your point. And absolutely valid, the implementations should disallow misuse as a last resort. But that's a new issue - i think EditorConfig should be way more strict and explicit about it's implementation. And thinking about past discussions this is very hard to achieve since we have a multitude of different platforms with different abilities. Currently it seems we found some kind of sweet spot where most of the tools using EditorConfig are actually able to support its feature set. And i am sorry i have to say it like this for my perspective: we (or at least some of us) are thinking hard about ways to improve the standard to better support and represent gaining requirements. But it takes its time to do that right. To come back to the issue - what is actually the issue? I became mislead by "request[ing a feature for] extending external configs" which is already an solution. For a lot of reasons that's not easy to do. But the further discussion showed the real pain point is, how provide a standardized editorconfig to a group of users? And this should really not be so much of a problem. To answer @raveclassic first intent: Why not adding These hooks are available on many platforms and package managers. If you drive an organization you already have to provide a dev-environment, don't you (i do)? How do you provide settings and tooling at all? |
Based on the above, my understanding is that we are looking for a way of reading .editorconfig files outside a repo's tree without using symlinks (which may be dicey on vanilla Windows). I note that the discussion above has been about specific files. However, .editorconfig files are currently identified by the directory that contains them. What if we built on that foundation? I propose a top-level property called First-draft specification text (edited) ## File Processing
...
The search shall stop if an EditorConfig file is found
with the root key set to true in the preamble or when
reaching the root filesystem directory.
+
+If the preamble includes a 'search' key specifying a path,
+that path will be canonicalized to an absolute path with no
+symlinks. Any path including a loop
+or that cannot be canonicalized (for any reason)
+will be discarded.
+The canonicalized path will be added at the end
+of the list of directories searched for EditorConfig files
+if that path exists and is readable by the current user. (the basics. You can add to the plugin's search path. Resolving symlinks and making everything absolute right up front makes the rest of the processing simpler. Detecting loops at this stage reduces DoS risk. Finally, both Linux and Windows provide routines to canonicalize.) +Multiple 'search' keys may be given. The paths are
+searched in order the 'search' keys occur in the file.
+However, if a particular canonicalized path has already been
+added to the list of paths, it will not be added again. (a clear rule in case of unintentional duplicates.) +While processing EditorConfig files in 'search' directories,
+ all 'search' keys in those files shall be ignored. (prevent a DoS attack due to combinatorial explosion in malicious What say you all? List of edits
|
This sounds good! I'd probably not use the term "resolved" as in many frameworks this is used to describe a functionality to literally resolve an absolute path, containing dots and stuff, to an absolute path. And i'd like to propose making this more strict like any path must be relative and must consist of real directories (preventing links and linking symbols like single/double-dot). In order to implement that safely i guess it will be necessary to create a safe resolve function and not to pass the string to any os-method directly. |
@florianb sure - let's use "canonicalize" instead, since that is what the OS/library facilities refer to. |
+1 |
Agreed: there are a lot of valid cases when a user what to extend a config outside of the current directory.
So, yea. Otherwise, directory traversal risk is a stuff that no one wants to apply. I do expect some startup IDE not knowing how to deal with it. On the third hand, |
Has there been any movement on this issue? I think shareable configs are widespread, think IDE or lint configurations. I mainly use TypeScript & Rust, and hate creating an editorconfig for every project and maintaining it, and having a shareable config makes life so much easier, especially when working across multiple projects with the same tooling / stack. |
Just wanted to add that we have a desire to include a base .editorconfig in a NuGet package or custom project SDK ( More discussion here: dotnet/roslyn#19028 |
Is there any progress on this? |
We are also still looking for better solutions for this problem. We have many separate repositories in multiple separate VCS solutions and really don't want to have to copy/paste the same file to some 50+ repositories every time we make a change to it. Automating this is a non-trivial task, provides a sub-par experience, and limits local override flexibility (to a lesser degree). It seems like Microsoft is reluctant to add support for this functionality to their editors (VS, VSCode) without the underlying spec having some sort of formal agreement on it, so we're dependent on this in order to continue lobbying for the downstream support we need. |
If you're working with .NET, then you can do quasi-inheritance/extension with .globalconfig (which is a superset of .editorconfig) files and their |
Microsoft don't even follow the official specs in VS, especially |
That works for defining code analysis rule settings, but does not apply to the text editor settings (tabs vs spaces, indent size, new lines/braces, etc.) which is what we're trying to solve here.
Are you sure? It seems like whenever I press enter all the extra whitespace on my current line is trimmed before the editor moves to the next line. Is it possible you're expecting this behavior to apply to all lines in a file on save? I'm not aware of the spec defining the behavior of saving a file, only the behavior of actively editing a file (though admittedly I haven't spent much time with the spec). My curly brace behaviors apply when I create a curly brace, but it doesn't reformat all of the braces in a file if I manually move them to the previous line. Similarly, when I press tab it inserts spaces, but when a file already has tabs it doesn't replace them with spaces unless I manually tell it to. I believe one of my coworkers uses a setting that automatically formats the entire document on save (though this can be somewhat annoying at times).
Interesting, I didn't realize that. Is the VSCode functionality extensible? For example, can the C# Dev Kit for VSCode add .NET-specific functionality to it? |
EditorConfig by design assumes nothing about relationships between projects. (@treyhunner @xuhdev correct me if I'm wrong!) I think that may be part of the communication challenge here. I am hearing two recurring themes in the comments:
😄 Both of those points are supportable, as witness the good arguments on both sides in this issue. My own preference is to resolve #415 and then revisit #482 in view of whatever decisions are made in #415. I think part of the strength of EditorConfig is its simplicity. I think it is worth keeping things simple for use cases that don't need the complexity of features such as config inheritance. |
I agree there's no assumption of relationship between projects here. Allowing referring to an external file would complicate the core libraries quite a bit. (It may not sound so complicated, but a change of requirement to core library would require changes in at least 6 core libraries with totally different implementations.) If we allow this, we would at least have a way to make sure the changes are compatible with the core libraries that do not implement this feature. |
Also ran into this while trying to set up an Ideally I could include an Maybe I can also make a symbolic link for |
I suggest adding some kind of rule to allow extending external configurations like it's done in eslint.
I have different project configurations in external npm package (linters, code inspections, webpack configs, etc.) and as editorconfig is related to codestyle like eslint it would be great to reuse configs in every project.
Example:
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: