On 3/15/25 10:30, James Youngman wrote:
I don't think anybody ever intended to support things like -). But
we don't have visibility into what people are actually doing.
I'd suggest issuing a warning for these usages. [edit] So that we have
the option to eventually make them an error.
Fair enough.
As accepting '-!' is a GNU extension (even if probably inadvertently),
I think we can safely issue a warning without setting the error status.
Patch attached. Pushing soon.
Have a nice day,
Berny
From f1fa80330bb57353c99884affa5e372824f75056 Mon Sep 17 00:00:00 2001
From: Bernhard Voelker <m...@bernhard-voelker.de>
Date: Sun, 23 Mar 2025 23:29:36 +0100
Subject: [PATCH] find: issue a warning for wrongly accepted operators like
'-!'
In the current implementation, GNU find accepts the operators '!', ',',
'(' and ')' with a leading dash, e.g. '-!'.
Let's issue a warning to see if anyone relies on that odd behavior.
With a later release, let's fix the parser, and not accept these anymore.
* find/parser.c (find_parser): Issue a warning in the case one of the
above operators has been passed with a leading '-'.
* tests/find/operators-wrong-with-dash.sh: Add test.
* tests/local.mk (sh_tests): Reference it.
* NEWS (Changes in find): Mention the change in behavior.
---
NEWS | 4 +++
find/parser.c | 14 ++++++++++
tests/find/operators-wrong-with-dash.sh | 37 +++++++++++++++++++++++++
tests/local.mk | 1 +
4 files changed, 56 insertions(+)
create mode 100755 tests/find/operators-wrong-with-dash.sh
diff --git a/NEWS b/NEWS
index 5b32c9fc..5df941d6 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,10 @@ GNU findutils NEWS - User visible changes. -*- outline -*- (allout)
argument of the command to be run. While POSIX allows this for -exec, this is
deemed insecure as an attacker could influence which files could be found.
+ find now issues a warning when the punctuation operators '(', ')', '!' and ','
+ are passed with a leading dash, e.g. '-!'. Future releases will not accept
+ that any more. Accepting that was rather a bug "since the beginning".
+
** Documentation Changes
The forthcoming Issue 8 of the POSIX standard will standardise "find
diff --git a/find/parser.c b/find/parser.c
index 4843a5d7..d2850c64 100644
--- a/find/parser.c
+++ b/find/parser.c
@@ -662,6 +662,20 @@ find_parser (const char *search_name)
{
if (strcmp (parse_table[i].parser_name, search_name) == 0)
{
+ /* FIXME >4.11: fix parser to disallow dashed operators like '-!'.
+ * Meanwhile, issue a warning. */
+ if ( (original_arg < search_name) /* with '-' */
+ && (ARG_PUNCTUATION == parse_table[i].type)
+ && ( search_name[0] == '!' || search_name[0] == ','
+ || search_name[0] == '(' || search_name[0] == ')')
+ && (search_name[1] == '\0'))
+ {
+ error (0, 0,
+ _("warning: operator '%s' (with leading dash '-') will "
+ "no longer be accepted in future findutils releases!"),
+ original_arg);
+ }
+
return found_parser (original_arg, &parse_table[i]);
}
}
diff --git a/tests/find/operators-wrong-with-dash.sh b/tests/find/operators-wrong-with-dash.sh
new file mode 100755
index 00000000..88079b2c
--- /dev/null
+++ b/tests/find/operators-wrong-with-dash.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+# Verify behavior for '-!', '-,', '-(', and '-)'.
+
+# Copyright (C) 2025 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; fu_path_prepend_
+print_ver_ find
+
+# Versions before and including 4.10 accepted the above mentioned operator
+# options (with a leading dash '-').
+# Findutils 4.11 issues a warning.
+
+cat <<\EOF > exp || framework_failure_
+find: warning: operator '-(' (with leading dash '-') will no longer be accepted in future findutils releases!
+find: warning: operator '-!' (with leading dash '-') will no longer be accepted in future findutils releases!
+find: warning: operator '-,' (with leading dash '-') will no longer be accepted in future findutils releases!
+find: warning: operator '-)' (with leading dash '-') will no longer be accepted in future findutils releases!
+EOF
+
+find '-(' '-!' -not -type c -, -type b '-)' 2>err || fail=1
+cat err
+compare exp err || fail=1
+
+Exit $fail
diff --git a/tests/local.mk b/tests/local.mk
index f04af96b..203ccf20 100644
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -122,6 +122,7 @@ sh_tests = \
tests/find/printf_escapechars.sh \
tests/find/printf_escape_c.sh \
tests/find/printf_inode.sh \
+ tests/find/operators-wrong-with-dash.sh \
tests/find/execdir-fd-leak.sh \
tests/find/exec-plus-last-file.sh \
tests/find/files0-from.sh \
--
2.48.1
