Skip to content

Fix crashes in MatchSpec, VersionSpec parsing #12014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 2, 2022
Merged

Fix crashes in MatchSpec, VersionSpec parsing #12014

merged 6 commits into from
Nov 2, 2022

Conversation

pkmooreanaconda
Copy link
Contributor

@pkmooreanaconda pkmooreanaconda commented Oct 25, 2022
edited
Loading

Description

This PR attempts to address the set of crashes referenced in #11999. These fixes are intended to be minimal in order to reduce the chances of unintended MatchSpec behavior changes. The changes can be split into three commits:

  1. Regex-In-MatchSpec related fixes: These fixes wrap attempts to compile regular expressions built from user input in order to catch regular expressions and raise InvalidMatchSpec with an informative error message instead.

  2. version.py fix: Fix a bug in handling the "local version separator (+)." I've made a minimal correction to this code which makes versions like "+", "+a", "+1", and "+1.2" invalid. These cases are invalid because it doesn't make sense to only specify a local version. Cases like "1.2+", "1+", "a+" are already caught as invalid.

  3. "==" fix: "==" was unintentionally treated differently than "<=" and ">=" due to some weird translation code (link). This meant that cases line "numpy<=" and "numpy>=" would raise an error while "numpy==" would crash. I made a small fix to bypass the translation code in the "numpy==" case so invalid version "==" can reach the existing error handling code like its friends. The way this is handled is very weird. We allow the strings "<=", ">=" and (now) "==" to be considered versions for a while after parsing and catch them later on with an "invalid operator" error. But that's a job for another time.

Checklist

  • Add a file to the news directory (using the template) for the next release's release notes?
  • Add / update necessary tests?
  • Add / update outdated documentation?

@pkmooreanaconda pkmooreanaconda self-assigned this Oct 25, 2022
@conda-bot
Copy link
Contributor

We require contributors to sign our Contributor License Agreement and we don't have one on file for @pkmooreanaconda.

In order for us to review and merge your code, please e-sign the Contributor License Agreement PDF. We then need to manually verify your signature. We will ping the bot to refresh the PR status when we have confirmed your signature.

@kenodegard
Copy link
Contributor

@conda-bot check

@conda-bot conda-bot added the cla-signed [bot] added once the contributor has signed the CLA label Oct 25, 2022
@pkmooreanaconda pkmooreanaconda changed the title Fix regex related crash in MatchSpec Fix crashes in MatchSpec, VersionSpec parsing Oct 27, 2022
@pkmooreanaconda pkmooreanaconda marked this pull request as ready for review October 28, 2022 16:35
@pkmooreanaconda pkmooreanaconda requested a review from a team as a code owner October 28, 2022 16:35
@pkmooreanaconda pkmooreanaconda added in-progress issue is actively being worked on type::bug describes erroneous operation, use severity::* to classify the type labels Oct 28, 2022
chenghlee
chenghlee previously requested changes Oct 28, 2022
View reviewed changes
@jezdez
Copy link
Member

jezdez commented Nov 1, 2022

@pkmooreanaconda I just noticed that your GPG isn't uploaded on GitHub, making your commits unverified, could you rectify that?

kenodegard
kenodegard requested changes Nov 1, 2022
View reviewed changes
Copy link
Contributor

@kenodegard kenodegard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nits, since we don't want to change behavior here let's move the = discussion into a new issue/spike.

@pkmooreanaconda @kenodegard
Clean up news item, small format string fixes
006dda3 
Co-authored-by: Ken Odegard <kodegard@anaconda.com>
@kenodegard kenodegard mentioned this pull request Nov 1, 2022
Closed
5 tasks
@kenodegard kenodegard requested a review from chenghlee November 1, 2022 21:16
@pkmooreanaconda pkmooreanaconda dismissed chenghlee’s stale review November 2, 2022 15:47

Will research this issue outside of this PR.

@pkmooreanaconda pkmooreanaconda merged commit 275a21f into conda:main Nov 2, 2022
@pkmooreanaconda pkmooreanaconda mentioned this pull request Nov 7, 2022
Closed
2 tasks
jeskowagner pushed a commit to jeskowagner/conda that referenced this pull request Nov 9, 2022
@pkmooreanaconda @kenodegard @jeskowagner
Fix crashes in MatchSpec, VersionSpec parsing (conda#12014)
46789fe 
* Fix regex related crash in MatchSpec

* Fix crash related to mishandling of local version separator

* Fix crash related to mishandling of "=="

* Clean up news item, small format string fixes

Co-authored-by: Ken Odegard <kodegard@anaconda.com>
@github-actions github-actions bot added the locked [bot] locked due to inactivity label Nov 3, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kenodegard kenodegard kenodegard approved these changes

@chenghlee chenghlee chenghlee approved these changes

Assignees

@pkmooreanaconda pkmooreanaconda

Labels
cla-signed [bot] added once the contributor has signed the CLA in-progress issue is actively being worked on locked [bot] locked due to inactivity type::bug describes erroneous operation, use severity::* to classify the type
Projects
🧭 Planning
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pkmooreanaconda @conda-bot @kenodegard @jezdez @chenghlee