fix: readfile() config binding for single-quote-safe registry (#112, based on #144)#185
Merged
Conversation
…#112 single-quote fix #144 fixed the .param set single-quote bug in identities/join/whoami but scoped around the shared agmsg_registered_projects helper (overriding it locally instead). Fix the shared helper itself the same way — readfile() + json_valid guard, path/type interpolated with '' escaping — and drop the local overrides so all registry reads go through one corrected path.
The #112 readfile()-based binding passed Git Bash paths (/d/a/agmsg/...) straight to sqlite3.exe's readfile(), a native binary that can't open them — readfile() returned NULL, identity resolution found nothing, and whoami reported not_joined on Windows (caught by the powershell launcher smoke on the windows-latest required leg). Add agmsg_sql_readfile_path() to storage.sh (cygpath -w on Windows, mirroring delivery.sh's sql_readfile_path) and route the four registry readfile() sites through it. resolve-project.sh sources storage.sh so its scan — reached by actas-claim.sh and friends that don't source it directly — has the helper too. No-op off Windows (cygpath absent).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #112 — the shared team-registry scripts bound
config.jsoninto sqlite3 via a.param set :json '<config>'dot-command, and the sqlite3 shell tokenizer doesn't honour SQL''escaping, so any config value containing a single quote (e.g. a project path or agent name with an apostrophe) broke identity resolution and join.Based on @mvanhorn's #144 — their commit is carried here as the base (credited), rebased onto current
mainand reconciled with #180 (the sqlite CRLF fix, which had landed on the sameidentities.sh/join.sh/whoami.sh/test_team.batsin the meantime).Changes
.param set :json '<config>'site inidentities.sh,join.sh,whoami.shtoreadfile('<path>')+CAST AS TEXT+ ajson_validguard; interpolate the path / type / name values as SQL string literals with''doubling. (@mvanhorn)agmsg_registered_projectsinlib/resolve-project.shhad the same.param setbug. fix: Bind single-quote-containing config values via readfile() instead of .param set #144 worked around it with a local override injoin.sh/whoami.sh; instead this fixes the shared helper itself and drops the overrides, so every registry read goes through one correctedreadfile()path.agmsg_sqlite_memfor scalar captures, inlinetr -d '\r'for the-separatorrow readers).test_team.batsblocks: @mvanhorn's single-quote tests and the Team names can escape teams/ via path traversal #140 path-traversal tests.Tests
Full bats suite green on macOS/Linux (358 pass; the only failure is the pre-existing
test_watch.batswatermark flake). The single-quote regression tests (whoami: resolves project paths / team and agent names containing single quotes, incl.O'Brien) pass. No.param setremains in the registry scripts.Supersedes #144. Fixes #112. Refs #180, #140.
Co-authored-by: mvanhorn mvanhorn@gmail.com