#559 — Markdown body safety / eval removal: - Add test-issue-create-body-safety.sh: feeds a hostile Markdown body ($(...), backticks, quotes, $vars, pipes) through issue-create.sh and asserts no command substitution runs and the body reaches tea verbatim. - Convert issue-comment.sh from unquoted $(get_gitea_repo_args) word-splitting to an argv array with an explicit loud login-resolution error. - Confirmed: zero eval usages remain across tools/git/*.sh; the other body-carrying wrappers (issue-create, pr-create, issue-edit, issue-assign) already use argv arrays. #560 — host-derived Gitea login + loud failure: - detect-platform.sh: add print_gitea_login_diagnostic and emit it on the get_gitea_login_for_host failure path (stderr only) — names the unresolved host, lists available tea logins, and gives the GITEA_LOGIN override + tea-login-add fix. Replaces the previous silent failure. - Extend test-gitea-login-resolution.sh: assert the diagnostic fires and lists logins, login is derived from origin host for both mosaicstack and usc (scoped second tea mock), and a valid GITEA_LOGIN override is honored. Also gitignore the .mosaic-test-work/ shell-harness scratch dir. Scope: wrapper surface only. All wrapper test harnesses pass locally.
This commit is contained in:
jason.woltje
@@ -169,6 +169,43 @@ raise SystemExit(1)
|
||||
PY
|
||||
}
|
||||
|
||||
# Emit an actionable diagnostic to stderr when no tea login resolves for a host.
|
||||
# Callers that have a working API fallback may ignore the non-zero return of
|
||||
# get_gitea_login_for_host; this turns the previously SILENT failure into a loud,
|
||||
# greppable hint (available logins + override + add-login instructions). Printed to
|
||||
# stderr only, so it never contaminates stdout (the resolved login name) or log
|
||||
# assertions that capture tea/curl invocations.
|
||||
print_gitea_login_diagnostic() {
|
||||
local host="${1:-<unknown>}"
|
||||
local available
|
||||
available=$(
|
||||
command -v tea >/dev/null 2>&1 || { echo "(tea CLI not installed)"; exit 0; }
|
||||
logins_json=$(tea login list --output json 2>/dev/null) || { echo "(could not query tea login list)"; exit 0; }
|
||||
TEA_LOGINS_JSON="$logins_json" python3 - <<'PY'
|
||||
import json, os
|
||||
from urllib.parse import urlparse
|
||||
try:
|
||||
logins = json.loads(os.environ.get("TEA_LOGINS_JSON", "[]"))
|
||||
except Exception:
|
||||
logins = []
|
||||
rows = []
|
||||
for login in logins if isinstance(logins, list) else []:
|
||||
name = str(login.get("name") or login.get("Name") or "")
|
||||
url = str(login.get("url") or login.get("URL") or "")
|
||||
host = urlparse(url).hostname or "?"
|
||||
if name:
|
||||
rows.append(f"{name} (host: {host})")
|
||||
print("; ".join(rows) if rows else "(none configured)")
|
||||
PY
|
||||
)
|
||||
{
|
||||
echo "Error: no Gitea tea login matches host '$host'."
|
||||
echo " Available tea logins: ${available}"
|
||||
echo " Fix: set GITEA_LOGIN to a login whose URL host is '$host',"
|
||||
echo " or add one: tea login add --name <name> --url https://$host --token <token>"
|
||||
} >&2
|
||||
}
|
||||
|
||||
get_gitea_login_for_host() {
|
||||
local host="${1:-}"
|
||||
local login
|
||||
@@ -190,6 +227,7 @@ get_gitea_login_for_host() {
|
||||
return 0
|
||||
fi
|
||||
|
||||
print_gitea_login_diagnostic "$host"
|
||||
return 1
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user