Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix IndexError in GitConfigParser When a Quoted Config Value Contains a Trailing New Line #1908

Merged
merged 3 commits into from
Apr 26, 2024
Merged

Fix IndexError in GitConfigParser When a Quoted Config Value Contains a Trailing New Line #1908

merged 3 commits into from
Apr 26, 2024

Conversation

DaveLak
Copy link
Contributor

@DaveLak DaveLak commented Apr 22, 2024

Fixes: #1887

Improve the guarding if check in GitConfigParser's string_decode function to safely handle empty strings and prevent IndexErrors when accessing string elements.

This resolves an IndexError in the GitConfigParser's .read() method when the config file contains a quoted value ending with a new line.

@DaveLak DaveLak mentioned this pull request Apr 22, 2024
Closed
@DaveLak
Fix IndexError in GitConfigParser when config value ends in new line
47e5738 
Improve the guarding `if` check in `GitConfigParser`'s `string_decode`
function to safely handle empty strings and prevent `IndexError`s when
accessing string elements.

This resolves an IndexError in the `GitConfigParser`'s `.read()`
method when the config file contains a quoted value containing a
trailing new line.

Fixes:
gitpython-developers#1887
Byron
Byron approved these changes Apr 23, 2024
View reviewed changes
Copy link
Member

@Byron Byron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for this improvement!

I will merge right after CI is green after applying my tiny patch.

fuzzing/fuzz-targets/fuzz_config.py Outdated Show resolved Hide resolved
fuzzing/fuzz-targets/fuzz_config.py Outdated Show resolved Hide resolved
EliahKagan
EliahKagan reviewed Apr 25, 2024
View reviewed changes
Copy link
Contributor

@EliahKagan EliahKagan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've suggested a small change that I think improves clarity.

Separately from the changes here but relevant to the logic they are a part of, I'm a bit worried about the case where there are two (or more) trailing backslashes, so that removing one of them still leaves a trailing backslash. However, that was present before, and this PR definitely need not be expanded to address it! I'm also not certain I'm right to be worried about that; maybe it is less important to cover, or a part of a separate class of malformed configuration file inputs that are intended to trigger decoding errors.

git/config.py Outdated Show resolved Hide resolved
@Byron
Copy link
Member

Byron commented Apr 26, 2024

I've suggested a small change that I think improves clarity.

Separately from the changes here but relevant to the logic they are a part of, I'm a bit worried about the case where there are two (or more) trailing backslashes, so that removing one of them still leaves a trailing backslash. However, that was present before, and this PR definitely need not be expanded to address it! I'm also not certain I'm right to be worried about that; maybe it is less important to cover, or a part of a separate class of malformed configuration file inputs that are intended to trigger decoding errors.

Thanks for taking another look - admittedly I forgot to merge this PR. Cygwin is the bane of this CI as it takes unnatural amounts of time :/.

Having worked on the gitoxide version of this I can say that this implementation here is more hole than cheese (if that makes sense :)), but it seems to work well enough for the common cases, still. Since GitPython is in maintenance mode, I don't think there is any need to try to improve it beyond fixing bugs.

@Byron Byron merged commit 82bb3bb into gitpython-developers:main Apr 26, 2024
26 checks passed
EliahKagan
EliahKagan reviewed Apr 26, 2024
View reviewed changes
git/config.py
@@ -452,7 +452,7 @@ def _read(self, fp: Union[BufferedReader, IO[bytes]], fpname: str) -> None:
e = None # None, or an exception.

def string_decode(v: str) -> str:
if v[-1] == "\\":
if v and v.endswith("\\"):

This comment was marked as resolved.

Sign in to view

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, for some reason I didn't see that comment! That addresses this proactively and my above comment can be disregarded entirely.

If the code is modified further in the future then the str annotation, which is inconsistent with a None value, could be examined and potentially changed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, I tried to enable branch protections which should enable auto-merge, and thus resolve the issue with long-running CI sometimes preventing a merge in addition to me forgetting to do it later. It didn't yet work for this PR, but I will see for the next one.

@DaveLak DaveLak deleted the fix-issue-1887 branch April 29, 2024 00:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Byron Byron Byron approved these changes

@EliahKagan EliahKagan EliahKagan left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unhandled IndexError when calling .read() on a malformed config file
3 participants
@DaveLak @Byron @EliahKagan