[lint] Remove no-control-regex #1258
Conversation
|
I think that \n, \r and \t characters are in non-printable ascii and the tests includes them. I guess any password cannot contain them, so we may be able to remove those characters from the tests. |
| @@ -24,6 +24,7 @@ | |||
| "eqeqeq": "warn", | |||
| "no-throw-literal": "warn", | |||
| "semi": "off", | |||
| "no-control-regex": "warn", | |||
There was a problem hiding this comment.
I put this above 'no-extra-semi' to avoid possible merge conflict
|
|
||
| const strWithSpecialChar = '\n\t\r!@#$%^&*(){}[]\\'; | ||
| assert.isNotTrue(containsNonAscii(strWithSpecialChar)); | ||
| const strWithSpecialChar = '!@#$%^&*(){}[]\\'; |
There was a problem hiding this comment.
I removed \n\t\r from the test.
Reasoning:
(1) \r \n
They are CR, LR keys which are 'new line' characters based on each os.
CR(\r), LF(\n)](https://m.blog.naver.com/taeil34/221325864981)
When I hit the 'enter' key, the password quick pick returns, so they are not expected to be included in passwords.
(2) \t
When I hit the 'tab' key, the password quick pick disappears, so it is not expected to be included in passwords.
There was a problem hiding this comment.
Is there any possibility that the key value will be entered through copy and paste?
There was a problem hiding this comment.
Oh.. sure. I tried a random password with tab(0x09, control) and space(0x20, printable), and it distinguished those two characters, allowing login by only copy&paste.
There was a problem hiding this comment.
(For lint's sake) Allowiing \t \n by the rule
It seems \t \n are allows by the eslint's rule even though they are control characters.
https://eslint.org/docs/latest/rules/no-control-regex
The following elements of regular expression patterns are considered possible errors in typing and are therefore disallowed by this rule:
Hexadecimal character escapes from \x00 to \x1F.
Unicode character escapes from \u0000 to \u001F.
Unicode code point escapes from \u{0} to \u{1F}.
Unescaped raw characters from U+0000 to U+001F.
Control escapes such as \t and \n are allowed by this rule.
(For security's sake) More to consider
It seems 0x7f is a special character(delete) too.
There was a problem hiding this comment.
So let me add \n, \r and \t to the regex and see if they are allowed. The other control characters look not good to allow from security's view, IMO.
There was a problem hiding this comment.
❗
I tried with ascii 0x1,0x2 and even 0x18(Cancel) and linux os still accept all those control ascii characters.
0x1 Start of Heading
0x2 Start of Text
0x18 Cancel
There was a problem hiding this comment.
I tried with 0xff(latin y) 0x80(euro sign), which are extended ascii. They are accepted as a linux passwd but I couldn't login to vscode remote with those passwords
src/View/PasswordQuickInput.ts
Outdated
| function containsNonAscii(str: string): boolean { | ||
| return !/^[\u0000-\u007f]*$/.test(str); | ||
| // NOTE Printable ASCII characters have codes ranging from u+0000 to u+007f | ||
| function containsOnlyPrintableAscii(str: string): boolean { |
There was a problem hiding this comment.
From clean code's view,
I changed negation from the function to avoid 'double negation'
This commit enables 'no-control-regex' rule and removes the errors accordingly. ONE-vscode-DCO-1.0-Signed-off-by: dayo09 <[email protected]>
ONE-vscode-DCO-1.0-Signed-off-by: dayo09 <[email protected]>
src/View/PasswordQuickInput.ts
Outdated
| // NOTE | ||
| // | ||
| // u+0000-u+001f: control ascii codes, ascii (ALLOWED) | ||
| // u+0020-u+007f: printable ascii codes, ascii (ALLOWED) | ||
| // u+0080-u+00ff: extended ascii codes, extended ascii (NOT ALLOWED) | ||
| // | ||
| // By experience, Linux os takes all extended ascii characters(u+0000-u+00ff) for passwords, even | ||
| // controll asciis. whereas 'eslint' recommends not using regex including control ascii codes. | ||
| // Therefore, we allow users to put control ascii codes. | ||
| // | ||
| // By experience, the passwords including extended ascii characters are not working when loging in | ||
| // to remote vscode. Therefore, here we allow only 'ascii characters'(0x00-0x7f). |
There was a problem hiding this comment.
@jyoungyun I tried several tests under what you've mentioned, I summarized here what I've found out. It seems that leaving the codes as-is is enough for now. PTAL :-D
ONE-vscode-DCO-1.0-Signed-off-by: dayo09 <[email protected]>
|
@Samsung/one-vscode_committers it's ready. PTAL :-D |
This commit enables 'no-control-regex' rule
and removes the errors accordingly.
ONE-vscode-DCO-1.0-Signed-off-by: dayo09 [email protected]
For #1253