Quoted passwords #13
Quoted passwords #13
Conversation
| @@ -0,0 +1 @@ | |||
| default login abc password ""multi-word password"" | |||
There was a problem hiding this comment.
Should this be "multi-word password", like a string in double-quotes?
Now it is double double-quotes...
| @@ -250,6 +270,14 @@ hostEnt = do | |||
| tok :: P.Parser ByteString | |||
| tok = BC.pack <$> P.many1 notWsChar P.<?> "token" | |||
|
|
|||
| quotedPassword :: P.Parser ByteString | |||
| quotedPassword = do | |||
| BC.pack <$> (P.string "\"\"" *> P.many chars <* P.string "\"\"") | |||
There was a problem hiding this comment.
I thing this should be (P.string "\"" *> P.many chars <* P.string "\"").
| where | ||
| hlp tnam cons = P.try (P.string tnam) *> wsChars1 *> | ||
| (cons <$> tok P.<?> (tnam ++ "-value")) | ||
| hlpPassword = P.try (P.string "password") *> wsChars1 *> | ||
| (PValPassword <$> password P.<?> "password-value") |
There was a problem hiding this comment.
Would it be possible to parametrize hlp by the parser (tok or password) rather than duplicating it into hlpPassword?
|
That makes so much more sense. I don't know why I thought it would have been double double quotes LOL No wonder it seemed weirdly redundant. Will revise tonight. |
|
So I've come across a complication arising from quotes, discovered thanks to QuickCheck: since This seems like an unrealistic/unlikely scenario for the most part, though I can see cases where someone tries to use the library as a pretty printer and botches the file... maybe. The only solution I can think of is to have the password be printed last. Then the only issue would be if there's a double quote in the comments, and comments aren't being checked for in the QC test anyway. I wonder if other implementations have come across this problem at all, or if there are even any other implementations that generate netrc files... Though, amusingly, neovim's syntax highlighting exposes the same problem. It probably isn't a severe issue in practice.
|
|
Maybe a robust way to handle this problem is to change the parser for passwords so that if the password begins with Btw, I notice that CI is broken, I am fixing it in PR #14 on which you can then rebase your PR. |
|
Is there a way to have QC show the output produced by the code under test, i.e. the netsh string? It's a bit difficult to diagnose this particular problem with just the parsed algebra: |
|
Maybe you have to temporarily modify the properties to print extra information. |
|
Quick update: Got that problem fixed, but a password with quotes and a quote in between, e.g. Haven't had too much time to work on this the past week, but I'm still on it! |
Re #12, allows for double-quoted passwords to contain spaces. Escapes backslash and quotes with backslash prefix.
I think I've covered most of the potential backtracking problems with the tests, but please take a look to make sure I'm not missing anything obvious.
The BNF in the blurb is severely complicated by this feature. I'm not too sure whether we should attempt to specify
<value>accurately (in which case I would definitely need assistance), or if we should just expect users to read the remarks underneath.Also, could you please advise on the style and string API usage in
netRcToBuilder? It feels like it could be tidier, and I'm not 100% sure I'm building the strings optimally.Lastly, FParsec recommends against using the monadic form for performance reasons, but I wonder if it might be a bit easier to read than the combinators, i.e.:
Thanks!