-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove rustdoc's plugins feature #52194
Conversation
src/librustdoc/lib.rs
Outdated
@@ -163,9 +163,6 @@ pub fn opts() -> Vec<RustcOptGroup> { | |||
stable("extern", |o| { | |||
o.optmulti("", "extern", "pass an --extern to rustc", "NAME=PATH") | |||
}), | |||
stable("plugin-path", |o| { | |||
o.optmulti("", "plugin-path", "directory to load plugins from", "DIR") | |||
}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could also keep the flags and have them do nothing; not sure what your opinion is!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's an interesting point. These flags are "stable", but enabled insecure code. While we can change stable things in the interest of security, i think it would be better to keep them and do nothing. At least then we can choose to link to this PR or the CVE instead of just reporting their absence.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think of something a bit different: keeping the option but printing that it's doing nothing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me.
The job Click to expand the log.
I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact |
History:
So, in general, i'm in favor. Rustdoc plugins are unsafe (requiring manually loading a dynamic-link library), dubiously stable (all the individual components - the CLI flag, librustdoc's types - are marked stable, but in practice they are not), and only marginally useful. And to top it all off, they have been leaning on code that is insecure. |
Should this be beta-nominated too? Or will you apply the smaller CVE patch to beta? |
BTW, the CVE link is missing the last 2 in 1000622. |
e99e48b
to
0df68d8
Compare
@cuviper my plan is to apply whatever lands in this PR to beta, and then additionally, merge some more refactoring into nightly afterwards; PluginManager is a bit mis-named after this patch :) @QuietMisdreavus @GuillaumeGomez what do you think of this iteration? |
I still kinda think it would be useful to link to this PR as well as the CVE, but there's enough context in the CVE description so i won't push too hard. r=me if @GuillaumeGomez is okay with it. |
I am. Next release, we'll have to deprecate/remove the option too. |
@bors: r=QuietMisdreavus,GuillaumeGomez |
📌 Commit 0df68d8 has been approved by |
…,GuillaumeGomez Remove rustdoc's plugins feature This fixes CVE-2018-1000622. https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2018-1000622 r? @QuietMisdreavus @GuillaumeGomez
☀️ Test successful - status-appveyor, status-travis |
Ping @rust-lang/rustdoc, can someone approve this for backport? |
Done. |
[beta] Rollup backports Merged and approved: * #51722: Updated RELEASES for 1.28.0 * #52193: step_by: leave time of item skip unspecified * #52194: Remove rustdoc's plugins feature * #52196: rustdoc: Hide struct and enum variant constructor imports * #52310: Backport 1.27.1 release notes to master r? @ghost
Refactor rustdoc This is based on #52194 and so shouldn't be merged until it gets merged. Now that plugin functionality has been removed, let's kill PluginManager. Additionally, rustdoc now follows the standard cargo layout instead of dumping everything at the top level. r? @rust-lang/rustdoc
…eGomez Cleanup rustdoc warnings ## Clean up error reporting for deprecated passes Using `error!` here goes all the way back to the original commit, rust-lang#8540. I don't see any reason to use logging; rustdoc should use diagnostics wherever possible. See rust-lang#81932 (comment) for further context. - Use spans for deprecated attributes - Use a proper diagnostic for unknown passes, instead of error logging - Add tests for unknown passes - Improve some wording in diagnostics ## Report that `doc(plugins)` doesn't work using diagnostics instead of `eprintln!` This also adds a test for the output. This was added in rust-lang#52194. I don't see any particular reason not to use diagnostics here, I think it was just missed in rust-lang#50541.
…eGomez Cleanup rustdoc warnings ## Clean up error reporting for deprecated passes Using `error!` here goes all the way back to the original commit, rust-lang#8540. I don't see any reason to use logging; rustdoc should use diagnostics wherever possible. See rust-lang#81932 (comment) for further context. - Use spans for deprecated attributes - Use a proper diagnostic for unknown passes, instead of error logging - Add tests for unknown passes - Improve some wording in diagnostics ## Report that `doc(plugins)` doesn't work using diagnostics instead of `eprintln!` This also adds a test for the output. This was added in rust-lang#52194. I don't see any particular reason not to use diagnostics here, I think it was just missed in rust-lang#50541.
…eGomez Cleanup rustdoc warnings ## Clean up error reporting for deprecated passes Using `error!` here goes all the way back to the original commit, rust-lang#8540. I don't see any reason to use logging; rustdoc should use diagnostics wherever possible. See rust-lang#81932 (comment) for further context. - Use spans for deprecated attributes - Use a proper diagnostic for unknown passes, instead of error logging - Add tests for unknown passes - Improve some wording in diagnostics ## Report that `doc(plugins)` doesn't work using diagnostics instead of `eprintln!` This also adds a test for the output. This was added in rust-lang#52194. I don't see any particular reason not to use diagnostics here, I think it was just missed in rust-lang#50541.
…eGomez Cleanup rustdoc warnings ## Clean up error reporting for deprecated passes Using `error!` here goes all the way back to the original commit, rust-lang#8540. I don't see any reason to use logging; rustdoc should use diagnostics wherever possible. See rust-lang#81932 (comment) for further context. - Use spans for deprecated attributes - Use a proper diagnostic for unknown passes, instead of error logging - Add tests for unknown passes - Improve some wording in diagnostics ## Report that `doc(plugins)` doesn't work using diagnostics instead of `eprintln!` This also adds a test for the output. This was added in rust-lang#52194. I don't see any particular reason not to use diagnostics here, I think it was just missed in rust-lang#50541.
…eGomez Cleanup rustdoc warnings ## Clean up error reporting for deprecated passes Using `error!` here goes all the way back to the original commit, rust-lang#8540. I don't see any reason to use logging; rustdoc should use diagnostics wherever possible. See rust-lang#81932 (comment) for further context. - Use spans for deprecated attributes - Use a proper diagnostic for unknown passes, instead of error logging - Add tests for unknown passes - Improve some wording in diagnostics ## Report that `doc(plugins)` doesn't work using diagnostics instead of `eprintln!` This also adds a test for the output. This was added in rust-lang#52194. I don't see any particular reason not to use diagnostics here, I think it was just missed in rust-lang#50541.
This fixes CVE-2018-1000622.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2018-1000622
r? @QuietMisdreavus @GuillaumeGomez