search

exercism / configlet

The official tool for managing Exercism language track repositories.
https://exercism.org/docs/building/configlet
GNU Affero General Public License v3.0
22 stars 14 forks source link

consider improving some TOCTOU subtleties #603

Open ee7 opened 2 years ago

ee7 commented 2 years ago

For example, if a user:

  1. Runs configlet sync -u --tests -e foo
  2. Waits at the prompt
  3. Changes the tests.toml file for exercise foo in their track directory, e.g. adding include = false to a test.
  4. Continues going through configlet prompts until completion

If I recall correctly, configlet sync still works, and ignores that the file was changed. We could document this, or consider producing a warning if the file was modified since read-time. But it's probably tricky (and not worth trying) to support arbitrary changes to a file that we're asking questions about.

kotp commented 2 years ago
TOCTOU
Tme Of Check to Time Of Use
ErikSchierboom commented 2 years ago

But it's probably tricky (and not worth trying) to support arbitrary changes to a file that we're asking questions about.

I'd happily not consider this edge case at all. If people are running configlet to update files, and then start editing those files whilst doing that, I don't think we need to detect that in order to provide "sane" behavior.