repoquery: Properly sanitize queryformat strings #1861
Conversation
| 'buildtime', 'size', 'downloadsize', 'installsize', | ||
| 'provides', 'requires', 'obsoletes', 'conflicts', | ||
| 'sourcerpm', 'description', 'summary', 'license', 'url', | ||
| 'reason') |
There was a problem hiding this comment.
Now the list is in two places - ALLOWED_QUERY_TAGS and QUERY_TAGS. Could one of them be somehow generated from the other?
What do you think?
There was a problem hiding this comment.
Definitely. Something like (
diff --git a/dnf/cli/commands/repoquery.py b/dnf/cli/commands/repoquery.py
index 098ee836..83023aca 100644
--- a/dnf/cli/commands/repoquery.py
+++ b/dnf/cli/commands/repoquery.py
@@ -443,7 +443,7 @@ class RepoQueryCommand(commands.Command):
def run(self):
if self.opts.querytags:
- print(QUERY_TAGS)
+ print("\n".join(ALLOWED_QUERY_TAGS))
return
self.cli._populate_update_security_filter(self.opts)) would work. I just noticed that QUERY_TAGS was formatted in a rather specific way and thought it might better to keep it that way. Are you okay with the above solution?
There was a problem hiding this comment.
It prints almost 30 lines of output which seems too much to me. Maybe wrapping it using textwrap module? It creates almost identical output like original code:
print('\n'.join(textwrap.wrap(', '.join(ALLOWED_QUERY_TAGS))))
Or generate it the other way round? ALLOWED_QUERY_TAGS = QUERY_TAGS.replace('\n', ' ').split(', ')
There was a problem hiding this comment.
I think printing each on its own line is nice. It mirrors that behavior of rpm --querytags and makes it easy to grep for a field name. Otherwise, I think your first solution is better than generating it the other way around.
There was a problem hiding this comment.
OK then, let's go with "rpm compatible" solution then.
There was a problem hiding this comment.
See bb69114
EDIT: I force pushed to fix a commit message typo and thus there's a new commit hash
|
Also the failing unit test Lines 130 to 137 in 45a06f9 AttributeError exception any more.
|
|
I've improved the unit tests in d2e3593 |
gotmax23
changed the title
Previously, dnf repoquery --qf allowed looking up arbitrary attributes
of the dnf.package.Package objects in the query and e.g. the current
Base via the .base attribute. This checks that %{FOO} is a valid query
string as per `dnf repoquery --querytags`. If it isn't, rpm2py_format
will leave a literal "%{FOO}".
Before:
``` console
$ dnf repoquery dnf --qf='%{base}' --latest=1 --arch=noarch -q
<dnf.cli.cli.BaseCli object at ...>
```
After:
``` console
$ dnf repoquery dnf --qf='%{base}' --latest=1 --arch=noarch -q
%{base}
```
= changelog =
msg: repoquery: Properly sanitize queryformat strings
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2140884
- Use PackageWrapper() with rpm2py_format like the actual code does - Add better testing for illegal/nonexistent attributes.
See rpm-software-management/dnf#1861 for details about the output change.
|
Thank you for the patch. The test of |
See rpm-software-management/dnf#1861 for details about the output change.
|
Follow-up to this in #1922. |
Previously, dnf repoquery --qf allowed looking up arbitrary attributes of the dnf.package.Package objects in the query and e.g. the current Base via the .base attribute. This checks that %{FOO} is a valid query string as per
dnf repoquery --querytags. If it isn't, rpm2py_format will leave a literal "%{FOO}".Before:
After:
= changelog =
msg: repoqury: Properly sanitize queryformat strings
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2140884