New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ruby: Extend FileSystemReadAccess to include more potential sources of input from the filesystem
#7163
base: main
Are you sure you want to change the base?
Conversation
| @@ -110,72 +110,81 @@ module IO { | |||
| * | |||
| * This class includes reads both from shell commands and reads from the | |||
| * filesystem. For working with filesystem accesses specifically, see | |||
| * `IOFileReader` or the `FileSystemReadAccess` concept. | |||
| * `FileReader` or the `FileSystemReadAccess` concept. | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't include File calls anymore though, by the looks of it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What I mean is, this comment implies that FileReader is a subset of IOReader but it seems that they're disjoint. Is that right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I should have updated this comment - it's pretty misleading.
IOReader only includes calls that use the IO class directly - so not any calls involving subclasses like File.
FileReader includes calls using both File and IO - but it excludes calls using IO that "obviously" invoke shell commands such as IO.read("|date") where its argument is a StringlikeLiteral that specifies a shell command. It's not a very precise exclusion, as a shell command could read from a file anyway, or, conversely, a non-StringlikeLiteral argument could refer to something that isn't a filename (e.g. cmd = "|date"; IO.read(cmd)).
I've updated the doc comments on both of these classes to try to make this clearer, relying more on examples than on prose.
Co-authored-by: Harry Maclean <hmac@github.com>
The main aim here is to consider expressions like
IO.new(IO.sysopen("foo.txt", "r"), "r").readas potential reads from a file. We previously would not have considered this as a file read becauseIO.new(IO.sysopen("foo.txt", "r"), "r")was assumed to be some non-file input source. In other words, this changes from under-approximating possible file reads for these cases to over-approximating them.There is some minor restructuring here to support this. In particular,
IOReaderonly deals with theIOmodule directly, andFileReaderis the new name forIOFileReader(extended, as mentioned above).Separately, calls to
{IO,File}::try_convertare no longer considered as a potentialIO/Fileread nodes. Rather, they potentially return anIO/Fileinstance.The text was updated successfully, but these errors were encountered: