Block control codes and truncate longer configuration text blocks (#4436

) ## Change All control codes in the range [0x0, 0x20) and the DELETE control code 0x7F (with the exceptions of the tab, line feed, and carriage return characters) will result in an error from the YAML parser. An alternative solution is to convert them to their control pictures, but it was decided that it was best to fail at this time. The configuration output for each unit during the "show" portion (used by almost all of the commands to display details about the file) will limit the amount of output allowed for any field that comes from an external source. Data from the file will present a warning that it was truncated just below its output. If anything is truncated, an overall "error" will be output as well.
microsoft · May 1, 2024 · 457f84b · 457f84b
1 parent 2b185be
commit 457f84b
Show file tree

Hide file tree

Showing 20 changed files with 815 additions and 410 deletions.
diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
@@ -349,6 +349,7 @@ und
 UNICODESTRING
 uninstalling
 Unmarshal
+unskipped
 untimes
 updatefile
 updatemanifest

diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -116,6 +116,7 @@ ECustom
 EFGH
 EFile
 efileresource
+EMalicious
 endregion
 ENDSESSION
 EPester

diff --git a/src/AppInstallerCLICore/Resources.h b/src/AppInstallerCLICore/Resources.h
@@ -128,6 +128,8 @@ namespace AppInstaller::CLI::Resource
         WINGET_DEFINE_RESOURCE_STRINGID(ConfigurationWarning);
         WINGET_DEFINE_RESOURCE_STRINGID(ConfigurationWarningPromptApply);
         WINGET_DEFINE_RESOURCE_STRINGID(ConfigurationWarningPromptTest);
+        WINGET_DEFINE_RESOURCE_STRINGID(ConfigurationWarningSetViewTruncated);
+        WINGET_DEFINE_RESOURCE_STRINGID(ConfigurationWarningValueTruncated);
         WINGET_DEFINE_RESOURCE_STRINGID(ConfigureCommandLongDescription);
         WINGET_DEFINE_RESOURCE_STRINGID(ConfigureCommandShortDescription);
         WINGET_DEFINE_RESOURCE_STRINGID(ConfigureShowCommandLongDescription);

diff --git a/src/AppInstallerCLICore/Workflows/ConfigurationFlow.cpp b/src/AppInstallerCLICore/Workflows/ConfigurationFlow.cpp
diff --git a/src/AppInstallerCLIE2ETests/ConfigureShowCommand.cs b/src/AppInstallerCLIE2ETests/ConfigureShowCommand.cs
@@ -120,5 +120,18 @@ public void ShowDetailsFromHttpsConfigurationFile()
             Assert.AreEqual(0, result.ExitCode);
             Assert.True(result.StdOut.Contains(Constants.TestRepoName));
         }
+
+        /// <summary>
+        /// This test ensures that there is not significant overflow from large strings in the configuration file.
+        /// </summary>
+        [Test]
+        public void ShowTruncatedDetailsAndFileContent()
+        {
+            var result = TestCommon.RunAICLICommand("configure show", $"{TestCommon.GetTestDataFile("Configuration\\LargeContentStrings.yml")} --verbose");
+            Assert.AreEqual(0, result.ExitCode);
+            Assert.True(result.StdOut.Contains("<this value has been truncated; inspect the file contents for the complete text>"));
+            Assert.True(result.StdOut.Contains("Some of the data present in the configuration file was truncated for this output; inspect the file contents for the complete content."));
+            Assert.False(result.StdOut.Contains("Line5"));
+        }
     }
 }
diff --git a/src/AppInstallerCLIE2ETests/TestData/Configuration/LargeContentStrings.yml b/src/AppInstallerCLIE2ETests/TestData/Configuration/LargeContentStrings.yml
@@ -0,0 +1,22 @@
+properties:
+    configurationVersion: 0.2
+    resources:
+      - resource: xE2EMalicious/E2EMalicious
+        id: firstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirst
+        directives:
+          repository: AppInstallerCLIE2ETestsRepo
+          description: "Line1\nLine2\nLine3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3\nLine4\nLine5\nLine6"
+        settings:
+          key: Foo
+          description: "Line1\nLine2\nLine3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3\nLine4\nLine5\nLine6"
+      - resource: Unknown
+        dependsOn:
+          - firstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirstfirst
+        directives:
+          module: UnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknownUnknown
+          repository: AppInstallerCLIE2ETestsRepo
+          description: "Line1\nLine2\nLine3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3\nLine4\nLine5\nLine6"
+        settings:
+          Path: ${WinGetConfigRoot}\ConfigServerUnexpectedExit.txt
+          Content: Contents!
+          description: "Line1\nLine2\nLine3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3Line3\nLine4\nLine5\nLine6"
diff --git a/src/AppInstallerCLIE2ETests/TestData/Configuration/Modules/xE2EMalicious/xE2EMalicious.psd1 b/src/AppInstallerCLIE2ETests/TestData/Configuration/Modules/xE2EMalicious/xE2EMalicious.psd1
@@ -0,0 +1,33 @@
+#
+# Module manifest for module 'xE2ETestResource'
+#
+
+@{
+
+RootModule = 'xE2EMalicious.psm1'
+ModuleVersion = '0.0.0.1'
+GUID = 'a0be43e8-ac22-4244-8efc-7263dfa50b92'
+CompatiblePSEditions = 'Core'
+Author = "WinGet Dev Team"
+CompanyName = 'Microsoft Corporation'
+Copyright = '(c) Microsoft Corporation. All rights reserved.'
+Description = "PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests | PowerShell module with DSC resources for unit tests"
+PowerShellVersion = '7.2'
+FunctionsToExport = @()
+CmdletsToExport = @()
+DscResourcesToExport = @(
+    'E2EMalicious'
+)
+HelpInfoURI = 'https://www.contoso.com/help'
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+    PSData = @{
+        ProjectUri = 'https://github.com/microsoft/winget-cli'
+        IconUri = 'https://www.contoso.com/icons/icon.png'
+    }
+
+}
+
+}
diff --git a/src/AppInstallerCLIE2ETests/TestData/Configuration/Modules/xE2EMalicious/xE2EMalicious.psm1 b/src/AppInstallerCLIE2ETests/TestData/Configuration/Modules/xE2EMalicious/xE2EMalicious.psm1
@@ -0,0 +1,86 @@
+# E2E module with resources.
+
+enum Ensure
+{
+    Absent
+    Present
+}
+
+# This resource just checks if a file is there or not with and if its with the specified content.
+[DscResource()]
+class E2EMalicious
+{
+    [DscProperty(Key)]
+    [string] $Path
+
+    [DscProperty()]
+    [Ensure] $Ensure = [Ensure]::Present
+
+    [DscProperty()]
+    [string] $Content = $null
+
+    [E2EFileResource] Get()
+    {
+        if ([string]::IsNullOrEmpty($this.Path))
+        {
+            throw
+        }
+
+        $fileContent = $null
+        if (Test-Path -Path $this.Path -PathType Leaf)
+        {
+            $fileContent = Get-Content $this.Path -Raw
+        }
+
+        $result = @{
+            Path = $this.Path
+            Content = $fileContent
+        }
+
+        return $result
+    }
+
+    [bool] Test()
+    {
+        $get = $this.Get()
+
+        if (Test-Path -Path $this.Path -PathType Leaf)
+        {
+            if ($this.Ensure -eq [Ensure]::Present)
+            {
+                return $this.Content -eq $get.Content
+            }
+        }
+        elseif ($this.Ensure -eq [Ensure]::Absent)
+        {
+            return $true
+        }
+
+        return $false
+    }
+
+    [void] Set()
+    {
+        if (-not $this.Test())
+        {
+            if (Test-Path -Path $this.Path -PathType Leaf)
+            {
+                if ($this.Ensure -eq [Ensure]::Present)
+                {
+                    Set-Content $this.Path $this.Content -NoNewline
+                }
+                else
+                {
+                    Remove-Item $this.Path
+                }
+            }
+            else
+            {
+                if ($this.Ensure -eq [Ensure]::Present)
+                {
+                    Set-Content $this.Path $this.Content -NoNewline
+                }
+            }
+        }
+    }
+}
diff --git a/src/AppInstallerCLIPackage/Shared/Strings/en-us/winget.resw b/src/AppInstallerCLIPackage/Shared/Strings/en-us/winget.resw
@@ -2889,4 +2889,11 @@ Please specify one of them using the --source option to proceed.</value>
   <data name="MSStoreDownloadPackageNotFound" xml:space="preserve">
     <value>The MSStore package could not be found.</value>
   </data>
+  <data name="ConfigurationWarningSetViewTruncated" xml:space="preserve">
+    <value>Some of the data present in the configuration file was truncated for this output; inspect the file contents for the complete content.</value>
+  </data>
+  <data name="ConfigurationWarningValueTruncated" xml:space="preserve">
+    <value>&lt;this value has been truncated; inspect the file contents for the complete text&gt;</value>
+    <comment>Keep some form of separator like the "&lt;&gt;" around the text so that it stands out from the preceding text.</comment>
+  </data>
 </root>
diff --git a/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj b/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj
@@ -325,6 +325,7 @@
     <ClCompile Include="TestCommon.cpp" />
     <ClCompile Include="WorkflowCommon.cpp" />
     <ClCompile Include="WorkflowGroupPolicy.cpp" />
+    <ClCompile Include="Yaml.cpp" />
     <ClCompile Include="YamlManifest.cpp" />
   </ItemGroup>
   <ItemGroup>
@@ -929,40 +930,34 @@
       <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
     <CopyFileToFolders Include="TestData\Shadow\V1_5\ManifestV1_5-Shadow-DefaultLocale.yaml">
-      <DeploymentContent Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</DeploymentContent>
-      <FileType>Document</FileType>
+      <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
     <CopyFileToFolders Include="TestData\Shadow\V1_5\ManifestV1_5-Shadow-Locale.yaml">
-      <DeploymentContent Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</DeploymentContent>
-      <FileType>Document</FileType>
+      <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
     <CopyFileToFolders Include="TestData\Shadow\V1_5\ManifestV1_5-Shadow-Locale2.yaml">
-      <DeploymentContent Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</DeploymentContent>
-      <FileType>Document</FileType>
+      <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
     <CopyFileToFolders Include="TestData\Shadow\V1_5\ManifestV1_5-Shadow-Shadow.yaml">
-      <DeploymentContent Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</DeploymentContent>
-      <FileType>Document</FileType>
+      <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
     <CopyFileToFolders Include="TestData\Shadow\V1_5\ManifestV1_5-Shadow-Shadow2.yaml">
-      <DeploymentContent Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</DeploymentContent>
-      <FileType>Document</FileType>
+      <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
     <CopyFileToFolders Include="TestData\Shadow\V1_5\ManifestV1_5-Shadow-Installer.yaml">
-      <DeploymentContent Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</DeploymentContent>
-      <FileType>Document</FileType>
+      <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
     <CopyFileToFolders Include="TestData\Node-Merge.yaml">
-      <DeploymentContent Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</DeploymentContent>
-      <FileType>Document</FileType>
+      <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
     <CopyFileToFolders Include="TestData\Node-Merge2.yaml">
-      <DeploymentContent Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</DeploymentContent>
-      <FileType>Document</FileType>
+      <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
     <CopyFileToFolders Include="TestData\Node-Mapping.yaml">
-      <DeploymentContent Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</DeploymentContent>
-      <FileType>Document</FileType>
+      <DeploymentContent>true</DeploymentContent>
+    </CopyFileToFolders>
+    <CopyFileToFolders Include="TestData\ContainsEscapeControlCode.yaml">
+      <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
   </ItemGroup>
   <ItemGroup>

diff --git a/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj.filters b/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj.filters
@@ -347,6 +347,9 @@
     <ClCompile Include="PackageVersionDataManifest.cpp">
       <Filter>Source Files\Common</Filter>
     </ClCompile>
+    <ClCompile Include="Yaml.cpp">
+      <Filter>Source Files\Common</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="PropertySheet.props" />
@@ -978,5 +981,8 @@
     <CopyFileToFolders Include="TestData\Node-Mapping.yaml">
       <Filter>TestData</Filter>
     </CopyFileToFolders>
+    <CopyFileToFolders Include="TestData\ContainsEscapeControlCode.yaml">
+      <Filter>TestData</Filter>
+    </CopyFileToFolders>
   </ItemGroup>
 </Project>
diff --git a/src/AppInstallerCLITests/Strings.cpp b/src/AppInstallerCLITests/Strings.cpp
@@ -249,7 +249,7 @@ TEST_CASE("Format", "[strings]")
     REQUIRE("First {1}" == Format("{0} {1}", "First"));
 }
 
-TEST_CASE("SplitIntoLines", "[string]")
+TEST_CASE("SplitIntoLines", "[strings]")
 {
     REQUIRE(SplitIntoLines("Boring test") == std::vector<std::string>{ "Boring test" });
     REQUIRE(SplitIntoLines(
@@ -261,7 +261,7 @@ TEST_CASE("SplitIntoLines", "[string]")
         == std::vector<std::string>{ "You want my treasure?", "You can have it!", "I left everything I gathered in one place!", "You just have to find it!" });
 }
 
-TEST_CASE("SplitWithSeparator", "[string]")
+TEST_CASE("SplitWithSeparator", "[strings]")
 {
     std::vector<std::string> test1 = Split("first;second;third", ';');
     REQUIRE(test1.size() == 3);
@@ -285,10 +285,40 @@ TEST_CASE("SplitWithSeparator", "[string]")
     REQUIRE(test4[1] == "spaces");
 }
 
-TEST_CASE("ConvertGuid", "[string]")
+TEST_CASE("ConvertGuid", "[strings]")
 {
     std::string validGuidString = "{4d1e55b2-f16f-11cf-88cb-001111000030}";
     GUID guid = { 0x4d1e55b2, 0xf16f, 0x11cf, 0x88, 0xcb, 0x00, 0x11, 0x11, 0x00, 0x00, 0x30 };
 
     REQUIRE(CaseInsensitiveEquals(ConvertGuidToString(guid), validGuidString));
 }
+
+TEST_CASE("FindControlCodeToConvert", "[strings]")
+{
+    REQUIRE(FindControlCodeToConvert("No codes") == std::string::npos);
+    REQUIRE(FindControlCodeToConvert("Allowed codes: \t\r\n") == std::string::npos);
+    REQUIRE(FindControlCodeToConvert("\x1bSkipped code", 1) == std::string::npos);
+
+    REQUIRE(FindControlCodeToConvert("\x1bUnskipped code") == 0);
+    REQUIRE(FindControlCodeToConvert("Escape code: \x1b") == 13);
+
+    std::string_view allCodes{ "\x0\x1\x2\x3\x4\x5\x6\x7\x8\xb\xc\xe\xf\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f"sv };
+    for (size_t i = 0; i < allCodes.length(); ++i)
+    {
+        REQUIRE(FindControlCodeToConvert(allCodes, i) == i);
+    }
+}
+
+TEST_CASE("ConvertControlCodesToPictures", "[strings]")
+{
+    REQUIRE(ConvertControlCodesToPictures("No codes") == "No codes");
+    REQUIRE(ConvertControlCodesToPictures("Allowed codes: \t\r\n") == "Allowed codes: \t\r\n");
+
+    REQUIRE(ConvertControlCodesToPictures("\x1b Code First") == ConvertToUTF8(L"\x241b Code First"));
+    REQUIRE(ConvertControlCodesToPictures("Escape code: \x1b") == ConvertToUTF8(L"Escape code: \x241b"));
+
+    std::string_view allCodes{ "\x0\x1\x2\x3\x4\x5\x6\x7\x8\xb\xc\xe\xf\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f"sv };
+    std::wstring_view allPictures{ L"\x2400\x2401\x2402\x2403\x2404\x2405\x2406\x2407\x2408\x240b\x240c\x240e\x240f\x2410\x2411\x2412\x2413\x2414\x2415\x2416\x2417\x2418\x2419\x241a\x241b\x241c\x241d\x241e\x241f\x2421"sv };
+
+    REQUIRE(ConvertControlCodesToPictures(allCodes) == ConvertToUTF8(allPictures));
+}
diff --git a/src/AppInstallerCLITests/TestData/ContainsEscapeControlCode.yaml b/src/AppInstallerCLITests/TestData/ContainsEscapeControlCode.yaml
@@ -0,0 +1 @@
+key: "This is the ESCAPE control code: \x1b"