Comments (10)
rhazn
commented on July 24, 2024
1
Yeah, totally fine I think. I wasn't trying to argue for how a fix might look, more for a long term direction.
from jayvee.
georg-schwarz
commented on July 24, 2024
How is the behavior if you execute the file from one level above? E.g. jv src/mainModel.jv?
from jayvee.
TungstnBallon
commented on July 24, 2024
Sadly, the issue persists.
from jayvee.
georg-schwarz
commented on July 24, 2024
Traced it back to this line of code:
jayvee/libs/interpreter-lib/src/parsing-util.ts
Lines 44 to 49 in d4c8559
I think we'd have to pass the working directory as an argument instead of assuming that the referenced file is at the root level of the working dir.
Still, a design decision we have to make @rhazn @joluj: Do we want to prevent imports from anywhere above (i) the main file or (ii) the dir where the cli was called for security reasons?
from jayvee.
rhazn
commented on July 24, 2024
I wouldn't care and just allow dir traversal freely, I doubt there is much of a security issue there.
from jayvee.
joluj
commented on July 24, 2024
I'd vote for (ii).
I expect that the following monorepo-like folder structure will be used which is not possible with (i):
├── libs
│ └── a.jv
│ └── b.jv
└── apps
└── cool-app-1.jv
└── cool-app-2.jv
from jayvee.
rhazn
commented on July 24, 2024
I think ii is not very nice because it will make programs behave differently depending on the working dir of the interpreter. That is confusing in Python and I'd prefer not to introduce it in JV.
from jayvee.
joluj
commented on July 24, 2024
Ah true, then I'd vote for your initial idea of allowing dir traversal freely 👍
from jayvee.
georg-schwarz
commented on July 24, 2024
From a technical point of view, it is difficult not to restrict directory traversal - at least with our current implementation.
The JayveeWorkspaceManager needs to be initialized with all the workspaces we want the language-server to be aware of. Passing the machine's root is probably not a good idea performance-wise.
That means we'd have to evaluate how to dynamically add (and remove) documents to the WorkspaceManager, depending on where imports point to. This is a larger refactoring, IMO. I'm not sure how well-supported that would be with Langium, but I assume there would be a way.
In conclusion, we should create a feature ticket, IMO, as it exceeds the scope of a bug fix by far and introduces new behavior (having a predefined workspace has been the intended behavior so far).
Besides, we should implement a fix for this ticket that allows (ii) traversing up until the dir is reached where jv was executed from.
from jayvee.
georg-schwarz
commented on July 24, 2024
Perfect! Created #593 for a better long-term solution and will soon push a quick-fix for the bug.
from jayvee.
Related Issues (20)
- Refactoring: read builtin value types from jv files instead creating from code.
- Refactoring: Rename wrappers to adapters
- [BUG] <Deleting rows that contain the delmiter deletes everything>
- [BUG] <Deleting first row>
- Update Monaco Editor to latest Langium Version
- [FEATURE] Multi-file Jayvee
- [BUG] Auto-completion issues (list)
- Formatter: Ensure last empty line
- Restrict usage of `__dirname`
- [FEATURE] Materials Science Domain Extension
- FEATURE - Support for .7z file format in ArchiveInterpreter block HOT 3
- Refactor Name Uniquenes HOT 2
- [FEATURE] `Package` functionality
- [FEATURE] Cell Range Syntax Documentation
- [FEATURE] VSCode Extension: Run pipeline button
- [BUG] Formatter loops sometimes HOT 2
- [BUG] no execution result in composite blocktype
- [FEATURE] Imports from Anywhere on the FS HOT 2
- [FEATURE] Update Langium to 3.1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jayvee.