[Bug 4417] New: non-tty prompt echoing could break dumb output parsing

Mon Oct 20 09:39:16 CDT 2014

http://bz.selenic.com/show_bug.cgi?id=4417

          Priority: urgent
            Bug ID: 4417
                CC: mads at kiilerich.com, mercurial-devel at selenic.com,
                    mpm at selenic.com, pierre-yves.david at ens-lyon.org
          Assignee: bugzilla at selenic.com
           Summary: non-tty prompt echoing could break dumb output parsing
          Severity: bug
    Classification: Unclassified
                OS: All
          Reporter: yuya at tcha.org
          Hardware: All
            Status: UNCONFIRMED
           Version: 3.2-rc
         Component: Mercurial
           Product: Mercurial

Since 9ab18a912c44, prompt response is written to stdout if stdin is not
a tty.  It might break third-party scripts that parses the output after
prompt.

Possible example:

$ hg out -Txml -q --config ui.interactive=True http://example.org/
http authorization required for http://example.org/
realm: xxx
user: foo
password:
<?xml version="1.0"?>
...

A dumb script could do:

1. skip stdout until "user: "
2. write user name "foo\n"
3. skip stderr until "password:"
4. write password
5. parse the rest of stdout as XML and crash because of "foo\n"

I'm not sure whether this violates the compatibility rule.
"hg outgoing" is a log-like command, but prompt lines might be
out of the scope.

http://mercurial.selenic.com/wiki/CompatibilityRules#Commands

-- 
You are receiving this mail because:
You are on the CC list for the bug.