Disable allow_abbrev from Python scripts using argparse

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

https://www.trustedfirmware.org/projects/mbed-tls/

Other

5.24k stars 2.56k forks source link

Disable allow_abbrev from Python scripts using argparse #9294

Open juhaylinen opened 3 months ago

juhaylinen commented 3 months ago

Description

Python's argparse library, by default, allows shortening of command line arguments. This can introduce silent failures when shortened commands are used and another command is added to the script which uses that name.

This change sets ArgumentParser parameter allow_abbrev to False.

PR checklist

[x] changelog not required
[x] 3.6 backport #9295
[x] 2.28 backport #9296
[x] tests not required

juhaylinen commented 3 months ago

Added backports to 3.6 and 2.28 and created PR https://github.com/Mbed-TLS/mbedtls-framework/pull/29 to update the scripts in the framework submodule.

gilles-peskine-arm commented 3 months ago

Please add a commit to update the framework submodule to the head of https://github.com/Mbed-TLS/mbedtls-framework/pull/29. We'll ask you to update that commit again when the framework pull request is merged. We currently need this process to deal with the CI in the framework repository, we're still working on improving the automation.

gilles-peskine-arm commented 3 months ago

I'm removing needs-design-approval because I haven't heard any objections.

juhaylinen commented 4 weeks ago

Hi @gilles-peskine-arm, Is the anything I can do to move this forward?

gilles-peskine-arm commented 4 weeks ago

Nothing, I'm afraid. We need to find review bandwidth and that's always a problem.

juhaylinen commented 1 week ago

Rebased