- 
                Notifications
    You must be signed in to change notification settings 
- Fork 1.4k
Highlight non-matching globs as errors or normal #599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Conversation
| highlights+=($reply) | ||
| elif (( $#globs )); then | ||
| local glob | ||
| local -a files; files=($~arg(NY1)) | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Y1) is new in 5.x.  In versions that don't have it, any ** in there could be very expensive to compute (and of course it'll be recomputed every self-insert).
$~foo performs filename generation which can eval arbitrary code via *(+foo).  We specifically avoid it in _zsh_highlight_main_highlighter_expand_path.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep. The globs we match are all safe, but we don't parse any of the unsafe globs. This feature can't happen until all unsafe globs are recognized. Sorry, must have been tired.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure I follow. We shouldn't blacklist dangerous globs, but whitelist known-good ones.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I agree whitelisting is better, we would first have to recognize all globs in order to only allow whitelisted ones. Or we could whitelist safe globs and non-globbing characters and assume anything else is dangerous.
| elif (( $#globs )); then | ||
| local glob | ||
| local -a files; files=($~arg(NY1)) | ||
| if ! [[ -e $files[1] ]]; then | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor issue, but we could avoid the stat by simply checking $#files (it'll 0 or 1 so no need for the faster $+files[1]).
Obviously needs tests, doc updates, and
files=($~arg(NY1))is fragile, but what do you think of the idea? BasicallyWill highlight
?asunknown-tokenif no_match is set and not highlight at all otherwise.