[Console] [Completion] Make bash completion run in non interactive mode #47394
Conversation
carsonbot
changed the title
|
this should bump the completion version, to make users regenerate their completion script. |
|
I'm not sure, it's not really an API change, and the last bugfixes did not bump the version either? |
|
I might be wrong but if we run non-interactively would this not potentially run untrusted code from plugins as root during completion ? would this not open up a security hole ? Or is there no plugin possible during autocompletion workflow, now and in the foreseeable future ? |
|
Which plugins are you talking about ? |
|
Sorry I was not very clear. I am coming from composer/composer#11024, so I was referring to composer plugins. I am not aware of whether composer plugins run or not during bash completion. But I know that the fact that composer warns against running as root is, partly, because plugins are third party code that might/should be considered dangerous. So I was wondering if this patch, which will allow running bash completion as root, might indirectly allow untrusted plugin code to also be run as root without warnings? I realize this is specific to composer, and this might be up to composer to implement something to prevent that, if necessary. But I thought it might be interesting to consider before this merging third PR nonetheless. |
|
Yes it is a valid point however indeed something to handle on the composer end. Right now plug-ins are loaded during completion. I thought of disabling them for perf reason initially but then figured this might also cause things to break depending on the plug-in. Disabling them for root probably makes sense tho, unless COMPOSER_ALLOW_ROOT (or whatever the env was called) is set. |
|
Thank you @Seldaek. |
…ractive mode (Seldaek) This PR was merged into the 6.2 branch. Discussion ---------- [Console] [Completion] Make zsh completion run in non interactive mode | Q | A | ------------- | --- | Branch? | 6.2 | Bug fix? | yes | New feature? | no <!-- please update src/**/CHANGELOG.md files --> | Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files --> | Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead --> | License | MIT | Doc PR | symfony/symfony-docs#... <!-- required for new features --> Port #47394 to 6.2 for zsh Commits ------- 4e5add4 [Console] [Completion] Make zsh completion run in non interactive mode
…eractive mode (Seldaek) This PR was merged into the 6.1 branch. Discussion ---------- [Console] [Completion] Make fish completion run in non interactive mode | Q | A | ------------- | --- | Branch? | 6.1 | Bug fix? | yes | New feature? | no <!-- please update src/**/CHANGELOG.md files --> | Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files --> | Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead --> | License | MIT | Doc PR | symfony/symfony-docs#... <!-- required for new features --> Port #47394 to 6.1 for fish Commits ------- 25ab956 [Console] [Completion] Make fish completion run in non interactive mode
Refs composer/composer#11024
Composer does prompt in some contexts, and that blocks/freezes the completion as it runs in an interactive context but is not actually visible. Explicitly setting it to be non interactive seems to be the fix to me.
TODO: