[Freeipa-devel] [PATCH] 0015 Only split CSV strings once
Petr Viktorin
pviktori at redhat.com
Fri Mar 16 11:55:20 UTC 2012
On 03/15/2012 08:55 PM, Rob Crittenden wrote:
> Petr Viktorin wrote:
>> https://fedorahosted.org/freeipa/ticket/2227 (Unable to add certain sudo
>> commands to groups). What an interesting bug to get :)
>>
>>
>> One problem with our CSV splitting is that it's not idempotent
>> (baskslashes are "eaten" when there are escaped commas), but when we
>> forward a call it gets done on both the client and the server. The
>> attached patch fixes that in a somewhat hacky way. It's not a complete
>> fix for the issue though, for that I need to ask what to do.
>>
>>
>> Some Params use the CSV format when we just need a list of
>> comma-separated values. Our flavor of CSV does escaping in two different
>> ways. This is pretty bad for predictability, least-surprise,
>> documentation, ...
>>
>> To recap, the two ways are escaping (escaped commas are ignored,
>> backslashes also need to be escaped) and quoting (values are optionally
>> enclosed in double quotes, to include a '"' in a quoted string, use
>> '""').
>> Escaping is good because users are used to it, but currently literal
>> backslashes need to be doubled, making multivalue syntax different from
>> single-value syntax, even if there are no commas in the value.
>> Quoting is weird, but complete by itself so it doesn't also need
>> escaping.
>>
>> Do we need to use both? Is this documented somewhere? Some of our tests
>> check only for one, some assume the other. Users are probably even more
>> confused.
>>
>>
>> If we only keep one of those, the fix for #2227 should be quite easy.
>> If not (backwards compatibility), we need to document this properly,
>> test all the corner cases, and fix the UI to handle CSV escaping.
>> Since it's subtly broken in lots of places, maybe it's best to break
>> backwards compatibility and go for a simple solution now.
>>
>> Anyway, if I want to do a proper fix, CSV handling should be only done
>> on the client. Unfortunately turning off CSV handling in the server will
>> break the UI, which at places uses `join(',')` (no escaping commas, no
>> single place to change it), even though it can just send a list.
>
> I'm with Honza, not too keen on the _forwarded_call part. I'd rather you
> do a mix of comparing self.env.in_server and whether the value is a
> basestring to determine if we need to split it.
This was a hack necessary because the WebUI relied on server-side
splitting (in a few cases, and it did not escape correctly). Now that
Petr Vobornik's patch 99 is in, it is unnecessary.
This discussion thread has an updated patch (0015-03); what I'm
attaching now builds on top of that to add several new changes in tests.
To summarize it: the splitting is only done in the client; from the RPC
call on no CSV magic is involved at all.
Please tell me your reasons for basestring checking. I think it's
entirely unnecessary and just adds complexity.
In the rest of the framework a string, as a parameter value, has the
same effect as a list of that one string. Why break this?
We are concerned about the API here, not the command line. Shortcuts to
save the user's keystrokes in the common case should *not* win over
predictability and making sure the easier way is the correct, robust way
to do it. Compare -- with basestring checking:
some_command(arg=escape_commas(some_string))
- is correct
some_command(arg=[some_string])
- is also correct
some_command(arg=some_string)
- is WRONG because the string is not escaped
- but is the easiest solution!
The problem is much worse because it is subtle: it only affects values
with commas and backslashes, so *the wrong solution would work* in most
of the cases.
And I can assure you plugin writers *would* pick the wrong way if it
would usually work. Our own web UI had examples.
Contrast to my proposed behavior:
some_command(arg=some_string)
- is correct
some_command(arg=[some_string])
- is also correct
some_command(arg=escape_commas(some_string))
- is wrong, but doesn't make much sense because at this level you
don't have to worry about CSV at all
Basestring checking would add unnecessary complexity for both us *and*
the plugin writer. The only case it would make it easier for the plugin
writer is if the plugin took CSV values -- but why force a random
format, tailored for our specific frontend, into RPC clients?
The client should translate the command line into a RPC call. There's no
reason to arbitrarily expect the server to do part of the job.
> I'm not sure why this is broken out of normalize. Isn't this normalizing
> the incoming values into something more sane?
"Normalization" implies it's an idempotent operation, which CSV
splitting is not (at least its current incarnation, without the
basestring checking):
r"a,b\,c" splits to ["a", "b,c"] which splits to ["a", "b", "c"]
-----
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0015-04-Only-split-CSV-in-the-client.patch
Type: text/x-patch
Size: 14022 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120316/c81a1542/attachment.bin>
More information about the Freeipa-devel
mailing list