parser: make lead # in assignment value indicate a comment

technically a # leading a value in an assignment expression is allowed, however people are also using it to a comment at the end of a line. ie. @{var1}=value1 # comment about this value or for a given system this unsurprisingly leads to odd/unexpected behavior when the variable is used. allow rw /@{var1}, expands into allow rw /{value1,#,comment,about,this,value,or,for,a,given,system}, change a leading # as value in an assignment expression to a comment. If the # is really supposed to lead the value, require it to be escaped or in quotes. ie. @{var1}=value1 \#not_a_comment Note: this could potentially break som policy if the # was used as the leading character for a value in an assignment expression, but is worth it to avoid the confusion. Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-08-22 01:57:43 +00:00 · 2024-06-07 16:43:22 -07:00 · 2024-06-07 16:43:22 -07:00 · 8fe75b8e9c
commit 8fe75b8e9c
parent 1ec42d8bec
2 changed files with 21 additions and 1 deletions
--- a/parser/parser_lex.l
+++ b/parser/parser_lex.l
@ -255,9 +255,11 @@ MODES		{MODE_CHARS}+
 WS		[[:blank:]]
 NUMBER		[[:digit:]]+

+ID_FIRST_CHARS	[^ \t\r\n"!,#]
+ID_FIRST	{ID_CHARS}|(,{ID_CHARS}|\\[ ]|\\\t|\\\"|\\!|\\,|\\#)
 ID_CHARS	[^ \t\r\n"!,]
 ID 		{ID_CHARS}|(,{ID_CHARS}|\\[ ]|\\\t|\\\"|\\!|\\,)
-IDS		{ID}+
+IDS		{ID_FIRST}{ID}*
 INC_ID 		[^ \t\r\n"!,<>]|(,[^ \t\r\n"!,<>]|\\[ ]|\\\t|\\\"|\\!|\\,)
 INC_IDS		{INC_ID}+
 POST_VAR_ID_CHARS	[^ \t\n"!,]{-}[=\+]
@ -507,6 +509,12 @@ GT		>
 		yyerror(_("Variable declarations do not accept trailing commas"));
 	}

+	#.*\r?\n	{ /* normal comment */
+		DUMP_AND_DEBUG("comment(%d): %s\n", current_lineno, yytext);
+		current_lineno++;
+		POP();
+	}
+
 	\\\n	{ DUMP_PREPROCESS; current_lineno++ ; }

 	\r?\n	{
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@ -643,6 +643,18 @@ verify_binary_equality "attachment slash filtering" \
                        @{FOO}=/foo
 			   /t @{BAR}/@{FOO} { }"

+# verify comment at end of variable assignment is not treated as a value
+verify_binary_equality "comment at end of set var" \
+                       "/t { /bin/ r, }" \
+                       "@{BAR}=/bin/   #a tail comment
+			   /t { @{BAR} r, }"
+
+verify_binary_equality "value like comment at end of set var" \
+                       "/t { /{bin/,#value} r, }" \
+                       "@{BAR}=bin/   \#value
+			   /t { /@{BAR} r, }"
+
+
 # This can potentially fail as ideally it requires a better dfa comparison
 # routine as it can generates hormomorphic dfas. The enumeration of the
 # dfas dumped will be different, even if the binary is the same