[SEVERE] Autocomplete after double dash (--) executing command action.

[AaronLieb]

My urfave/cli version is

v2.27.5

Checklist

• [X] Are you running the latest v2 release? The list of releases is here.
• [X] Did you check the manual for your release? The v2 manual is here
• [X] Did you perform a search about this problem? Here's the GitHub guide about searching.

Dependency Management

• My project is using go modules.

Describe the bug

If Bash completion is enabled, and the user attempts to tab complete after a double dash (--), it will execute the normal command action.

To reproduce

Describe the steps or code required to reproduce the behavior

main.go

package main

import (
    "os"

    "github.com/urfave/cli/v2"
)

func main() {
    app := &cli.App{
        Name:                 "cli_test",
        EnableBashCompletion: true,
        Action: func(*cli.Context) error {
            os.Create("/tmp/cli_test/TestFile.out")
            return nil
        },
        Flags: []cli.Flag{
            &cli.BoolFlag{
                Name: "verbose",
            },
        },
    }

    if err := app.Run(os.Args); err != nil {
        panic(err)
    }
}

using the v2 zsh_autocomplete

Sourcing it as such in my ~/.zshrc

PROG=cli_test source <path to project>/zsh_autocomplete

mkdir /tmp/cli_test/ && ls /tmp/cli_test

Dir is empty

Try autocomplete

cli_test --<TAB>
# or 
cli_test -- --generate-bash-completion

Check dir

ls /tmp/cli_test

TestFile.out is present

Observed behavior

Due to the double dash (--), the --generate-bash-completion flag was treated as an argument, and the command was executed normally. This behavior is INCREDIBLY DANGEROUS as it can cause premature execution of a command, without even pressing enter!

Expected behavior

There are several ways this could be handled.

The ideal solution would be autocompleting the list of long flags, instead of executing the normal command action Another solution would be preventing the command from being executed and not autocompleting.

Additional context

This problem was introduced by this PR https://github.com/urfave/cli/pull/1938

I personally disagree with this PR being marked as a bug instead of a feature, and think that this behavior should be toggleable instead of enabled for all cli applications.

This PR did disable bash autocomplete after a double dash, but introduced a much worse issue, which is executing the command normally...

Want to fix this yourself?

If I find time, I may be willing to fix this myself, but I wanted to report this as soon as possible since this bug could cause severe damage in the worse case scenario.

Run go version and paste its output here

go version go1.23.2 darwin/arm64

Run go env and paste its output here

GO111MODULE=''
GOARCH='arm64'
GOBIN=''
GOCACHE='/Users/aarolieb/Library/Caches/go-build'
GOENV='/Users/aarolieb/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/aarolieb/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/aarolieb/go'
GOPRIVATE=''
GOPROXY='direct'
GOROOT='/opt/homebrew/Cellar/go/1.23.2/libexec'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='local'
GOTOOLDIR='/opt/homebrew/Cellar/go/1.23.2/libexec/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.23.2'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/Users/aarolieb/Library/Application Support/go/telemetry'
GCCGO='gccgo'
GOARM64='v8.0'
AR='ar'
CC='cc'
CXX='c++'
CGO_ENABLED='1'
GOMOD='/Users/aarolieb/Code/Scripts/cli_test/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/_s/694rx7x90x96jkm795h4tk5h0000gr/T/go-build3647699756=/tmp/go-build -gno-record-gcc-switches -fno-common'

[dearchap]

@AaronLieb Yes this is similar to #1916 . I have a fix for this in v3. Let me see if I can backport to v2. Thanks for reporting

[AaronLieb]

@dearchap I have confirmed that this issue is still present in v3. Is the v3 fix you mentioned in v3.0.0-alpha9.1?

Edit: Nevermind, I see that its https://github.com/urfave/cli/pull/1987 Not included in the latest v3 release. I'll wait for the next release

[dearchap]

No the fix is in PR #1919 .

[dearchap]

@AaronLieb Would you be able to test the PR in #1919 to see if it fixes your issue ?

[dearchap]

@AaronLieb I looked at v2 and its more complicated to fix there. Not sure if I have the bandwidth to do it for v2. If you end up doing a PR I will be glad to review.

[AaronLieb]

@dearchap I'll see if I have some time today to test the v3 fix and push out a v2 PR.

My experience with this library and go experience in general is pretty limited, so if I push out a PR, feel free to give plenty of criticisms.

[AaronLieb]

@dearchap the latest v3 alpha version with the v3 fix has an unverified commit and was incorrectly added to go.pkg.dev. The creation date is incorrect, isn't marked as the latest version, and fails the checksum when running go get github.com/urfave/cli/v3@v3.0.0-alpha10. Please fix the release and let me know once you've done so.

I'm working on the v2 fix

[dearchap]

@AaronLieb fixed the 3.0.0-alpha10 release issue. Please check

[AaronLieb]

@dearchap appears the checksum is still failing when running go get github.com/urfave/cli/v3@v3.0.0-alpha10

[dearchap]

@meatballhat can you take a look ?

[meatballhat]

If you want to use the latest v3 release, then I recommend:

import "github.com/urfave/cli/v3"

and then go mod tidy and go get -u will get the correct latest in that series (currently v3.0.0-alpha9.1) and skip over the bogus v3.0.0-alpha10.

Please let us know if this isn't working for you, or if you're unable to use this solution 🙇🏼

[dearchap]

@AaronLieb I've removed v3.0.0-alpha10. Try this release v3.0.0-alpha9.2

[AaronLieb]

@dearchap I was able to get alpha9.2 working

Here are the behaviors I observed:

• argument autocompletions (subcommand, custom ShellCompleteFunc) works as expected
• single dash completions autocompleted to a double dash
  • Expected: Should autocomplete the list of flags
• double dash does not autocomplete at all
  • Not sure what the expected behavior should be here. Ideally, it should autocomplete all of the long flags

[dearchap]

@AaronLieb Thanks for the feedback, I'll look into these issues asap.

[dearchap]

@AaronLieb Can you share your test code ? I have tests for exactly the scenarios that you described and everything is supposed to work. https://github.com/urfave/cli/blob/v3.0.0-alpha9.2/completion_test.go#L59 This tests single dash, double dash in different combinations.