circleci-cli icon indicating copy to clipboard operation
circleci-cli copied to clipboard

Published 20 hours ago verified publisher icon CircleCI-Public

Make the install script a little bit safer when being piped

Open glenjamin opened this issue 6 years ago • 3 comments

  • [x] I have read Contribution Guidelines.
  • [x] I have checked for similar issues and haven't found anything relevant.
  • (ish, but minor) This is not a security issue (which should be reported here: https://circleci.com/security/)

If the connection cut out midway through, the script would partially execute.

Wrapping in a function ensures that nothing will be executed unless the file is fully downloaded

glenjamin avatar Nov 28 '19 18:11 glenjamin

Codecov Report

Patch coverage has no change and project coverage change: -0.41 :warning:

Comparison is base (bf399b8) 28.00% compared to head (f1cd9e8) 27.59%.

:exclamation: Current head f1cd9e8 differs from pull request most recent head be8c3cc. Consider uploading reports for the commit be8c3cc to get more accurate results

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop     #352      +/-   ##
===========================================
- Coverage    28.00%   27.59%   -0.41%     
===========================================
  Files           42       21      -21     
  Lines         4795     2732    -2063     
===========================================
- Hits          1343      754     -589     
+ Misses        3267     1892    -1375     
+ Partials       185       86      -99

see 43 files with indirect coverage changes

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.

codecov[bot] avatar Nov 28 '19 18:11 codecov[bot]

This shouldn't make a difference to trap - I did a local test of making a command fail and it printed the error as before.

The main difference now is that when you run the script as curl <url> | bash, if the download aborts halfway through, the part of the script downloaded so far would still be passed to bash.

Wrapping in a function like this ensures that instead of executing half of the commands, we only define half of a function - nothing will be executed.

glenjamin avatar Dec 02 '19 09:12 glenjamin

@glenjamin have you had a chance to consider @taxonomic-blackfish 's suggestions? We'd like to pick this pr back up but would also like to make sure the logic is up to date and applicable.

am-bui avatar Aug 25 '22 23:08 am-bui

Perhaps this is platform/shell specific, but this seems to introduce a bug because of a name collision with the install function and the system's install command. When I pipe the script into bash, it loops indefinitely as the install function recursively calls itself:

Starting installation.
Installing CircleCI CLI v0.1.26646
Installing to /usr/local/bin
Starting installation.
Installing CircleCI CLI v0.1.26646
Installing to /usr/local/bin
Starting installation.
Installing CircleCI CLI v0.1.26646
^C⏎

christian-stephen avatar May 15 '23 12:05 christian-stephen