graph icon indicating copy to clipboard operation
graph copied to clipboard

Published 20 hours ago verified publisher icon boostorg

Fix security issue #364 and non-keyword subgraph parsing

Open sehe opened this issue 9 months ago • 1 comments

(Note: this PR builds in #375 and #374)

Three commits in this PR:

  1. ad11d2e8 Fix non-keyword subgraph parsing
  2. 82f623f7 test_subgraphs verifies (keyword) subgraphs parse
  3. 95b80a93 max_subgraph_nesting_level in read_graphviz_new

The last one actually fixes #364

sehe avatar May 03 '24 03:05 sehe

Can confirm this fixes #364 correctly

image

TheZ3ro avatar May 03 '24 17:05 TheZ3ro

Updated for review comments https://github.com/boostorg/graph/issues/364#issuecomment-2100506381

sehe avatar May 08 '24 13:05 sehe

Added test_subgraph_nesting_limit to pin-down the new behavior.

sehe avatar May 08 '24 13:05 sehe

Do you need to rebase this? It has all the changes from the second PR. (Never mind the Drone failures, they're just a network glitch.)

jeremy-murphy avatar May 09 '24 05:05 jeremy-murphy

Do you need to rebase this? It has all the changes from the second PR. (Never mind the Drone failures, they're just a network glitch.)

Not necessarily. It's how dependent PRs work in Github (note that I started all PRs with the warning and also explicitly stated it before creating them). Therefore, the second PR already had the same dependency, and it worked "fine":

image

Rebasing first might simplify the revision graph every so slightly (it's why I prefer linear-only history with ff-only merges). As a late thought: should I have edited my name into the authors for test/graphviz_test.cpp?

sehe avatar May 09 '24 11:05 sehe

OK, I'm still a bit confused as to why it is showing all the changes from the second PR, which is merged, but I'll merge this and see what happens.

jeremy-murphy avatar May 10 '24 06:05 jeremy-murphy