Report error location for include errors (#971)

Author: squell

src/sudo/diagnostic.rs

@@ -1,14 +1,15 @@
 use std::fs::File;
 use std::io::{BufRead, BufReader};
-use std::ops::Range;
 use std::path::Path;
 
-pub(crate) fn cited_error(message: &str, range: Range<(usize, usize)>, path: impl AsRef<Path>) {
+use crate::sudoers::Span;
+
+pub(crate) fn cited_error(message: &str, span: Span, path: impl AsRef<Path>) {
     let path_str = path.as_ref().display();
-    let Range {
+    let Span {
         start: (line, col),
         end: (end_line, mut end_col),
-    } = range;
+    } = span;
     eprintln_ignore_io_error!("{path_str}:{line}:{col}: {message}");
 
     // we won't try to "span" errors across multiple lines

src/sudoers/ast.rs

@@ -142,8 +142,8 @@ pub enum Directive {
 pub enum Sudo {
     Spec(PermissionSpec) = HARDENED_ENUM_VALUE_0,
     Decl(Directive) = HARDENED_ENUM_VALUE_1,
-    Include(String) = HARDENED_ENUM_VALUE_2,
-    IncludeDir(String) = HARDENED_ENUM_VALUE_3,
+    Include(String, Span) = HARDENED_ENUM_VALUE_2,
+    IncludeDir(String, Span) = HARDENED_ENUM_VALUE_3,
     LineComment = HARDENED_ENUM_VALUE_4,
 }
 
@@ -175,7 +175,7 @@ impl Sudo {
 
     #[cfg(test)]
     pub fn as_include(&self) -> &str {
-        if let Self::Include(v) = self {
+        if let Self::Include(v, _) = self {
             v
         } else {
             panic!()
@@ -554,11 +554,11 @@ impl Parse for Sudo {
 
 /// Parse the include/include dir part that comes after the '#' or '@' prefix symbol
 fn parse_include(stream: &mut CharStream) -> Parsed<Sudo> {
-    fn get_path(stream: &mut CharStream) -> Parsed<String> {
-        if accept_if(|c| c == '"', stream).is_some() {
+    fn get_path(stream: &mut CharStream, key_pos: (usize, usize)) -> Parsed<(String, Span)> {
+        let path = if accept_if(|c| c == '"', stream).is_some() {
             let QuotedInclude(path) = expect_nonterminal(stream)?;
             expect_syntax('"', stream)?;
-            make(path)
+            path
         } else {
             let value_pos = stream.get_pos();
             let IncludePath(path) = expect_nonterminal(stream)?;
@@ -569,14 +569,27 @@ fn parse_include(stream: &mut CharStream) -> Parsed<Sudo> {
                     "use quotes around filenames or escape whitespace"
                 )
             }
-            make(path)
-        }
+            path
+        };
+        make((
+            path,
+            Span {
+                start: key_pos,
+                end: stream.get_pos(),
+            },
+        ))
     }
 
     let key_pos = stream.get_pos();
     let result = match try_nonterminal(stream)? {
-        Some(Username(key)) if key == "include" => Sudo::Include(get_path(stream)?),
-        Some(Username(key)) if key == "includedir" => Sudo::IncludeDir(get_path(stream)?),
+        Some(Username(key)) if key == "include" => {
+            let (path, span) = get_path(stream, key_pos)?;
+            Sudo::Include(path, span)
+        }
+        Some(Username(key)) if key == "includedir" => {
+            let (path, span) = get_path(stream, key_pos)?;
+            Sudo::IncludeDir(path, span)
+        }
         _ => unrecoverable!(pos = key_pos, stream, "unknown directive"),
     };
 

src/sudoers/basic_parser.rs

@@ -28,12 +28,17 @@
 /// Type holding a parsed object (or error information if parsing failed)
 pub type Parsed<T> = Result<T, Status>;
 
-pub type Position = std::ops::Range<(usize, usize)>;
+#[derive(Copy, Clone)]
+#[cfg_attr(test, derive(Debug, PartialEq))]
+pub struct Span {
+    pub start: (usize, usize),
+    pub end: (usize, usize),
+}
 
 #[cfg_attr(test, derive(Debug, PartialEq))]
 pub enum Status {
-    Fatal(Position, String), // not recoverable; stream in inconsistent state
-    Reject,                  // parsing failed by no input consumed
+    Fatal(Span, String), // not recoverable; stream in inconsistent state
+    Reject,              // parsing failed by no input consumed
 }
 
 pub fn make<T>(value: T) -> Parsed<T> {
@@ -46,14 +51,12 @@ pub fn reject<T>() -> Parsed<T> {
 
 macro_rules! unrecoverable {
     (pos=$pos:expr, $stream:ident, $($str:expr),*) => {
-        return Err(crate::sudoers::basic_parser::Status::Fatal($pos .. CharStream::get_pos($stream), format![$($str),*]))
-    };
-    ($stream:ident, $($str:expr),*) => {
-        {
-            let pos = CharStream::get_pos($stream);
-            return Err(crate::sudoers::basic_parser::Status::Fatal(pos .. pos, format![$($str),*]))
-        }
+        return Err(crate::sudoers::basic_parser::Status::Fatal(Span { start: $pos, end: CharStream::get_pos($stream)}, format![$($str),*]))
     };
+    ($stream:ident, $($str:expr),*) => {{
+        let pos = CharStream::get_pos($stream);
+        return Err(crate::sudoers::basic_parser::Status::Fatal(Span { start: pos, end: pos }, format![$($str),*]))
+    }};
     ($($str:expr),*) => {
         return Err(crate::basic_parser::Status::Fatal(Default::default(), format![$($str),*]))
     };

src/sudoers/mod.rs

@@ -22,14 +22,15 @@ use ast::*;
 use tokens::*;
 
 pub type Settings = defaults::Settings;
+pub use basic_parser::Span;
 
 /// How many nested include files do we allow?
 const INCLUDE_LIMIT: u8 = 128;
 
 /// Export some necessary symbols from modules
 pub struct Error {
     pub source: Option<PathBuf>,
-    pub location: Option<basic_parser::Position>,
+    pub location: Option<basic_parser::Span>,
     pub message: String,
 }
 
@@ -548,14 +549,15 @@ fn analyze(
     fn include(
         cfg: &mut Sudoers,
         parent: &Path,
+        span: Span,
         path: &Path,
         diagnostics: &mut Vec<Error>,
         count: &mut u8,
     ) {
         if *count >= INCLUDE_LIMIT {
             diagnostics.push(Error {
                 source: Some(parent.to_owned()),
-                location: None,
+                location: Some(span),
                 message: format!("include file limit reached opening '{}'", path.display()),
             })
         // FIXME: this will cause an error in `visudo` if we open a non-privileged sudoers file
@@ -576,7 +578,7 @@ fn analyze(
 
                     diagnostics.push(Error {
                         source: Some(parent.to_owned()),
-                        location: None,
+                        location: Some(span),
                         message,
                     })
                 }
@@ -609,28 +611,33 @@ fn analyze(
                         }
                     }
 
-                    Sudo::Include(path) => include(
+                    Sudo::Include(path, span) => include(
                         cfg,
                         cur_path,
+                        span,
                         &resolve_relative(cur_path, path),
                         diagnostics,
                         safety_count,
                     ),
 
-                    Sudo::IncludeDir(path) => {
+                    Sudo::IncludeDir(path, span) => {
                         if path.contains("%h") {
-                            diagnostics.push(Error{
-                                    source: Some(cur_path.to_owned()),
-                                    location: None,
-                                    message: format!("cannot open sudoers file {path}: percent escape %h in includedir is unsupported")});
+                            diagnostics.push(Error {
+                                source: Some(cur_path.to_owned()),
+                                location: Some(span),
+                                message: format!(
+                                    "cannot open sudoers file {path}: \
+                                     percent escape %h in includedir is unsupported"
+                                ),
+                            });
                             continue;
                         }
 
                         let path = resolve_relative(cur_path, path);
                         let Ok(files) = std::fs::read_dir(&path) else {
                             diagnostics.push(Error {
                                 source: Some(cur_path.to_owned()),
-                                location: None,
+                                location: Some(span),
                                 message: format!("cannot open sudoers file {}", path.display()),
                             });
                             continue;
@@ -648,7 +655,14 @@ fn analyze(
                             .collect::<Vec<_>>();
                         safe_files.sort();
                         for file in safe_files {
-                            include(cfg, cur_path, file.as_ref(), diagnostics, safety_count)
+                            include(
+                                cfg,
+                                cur_path,
+                                span,
+                                file.as_ref(),
+                                diagnostics,
+                                safety_count,
+                            )
                         }
                     }
                 },

src/sudoers/test/mod.rs

@@ -386,7 +386,14 @@ fn gh676_percent_h_escape_unsupported() {
     assert_eq!(
         errs[0].message,
         "cannot open sudoers file /etc/%h: percent escape %h in includedir is unsupported"
-    )
+    );
+    assert_eq!(
+        errs[0].location,
+        Some(Span {
+            start: (1, 2),
+            end: (1, 23)
+        })
+    );
 }
 
 #[test]

test-framework/sudo-compliance-tests/src/sudo/sudoers/include.rs

@@ -37,7 +37,7 @@ fn file_does_not_exist() -> Result<()> {
     let diagnostic = if sudo_test::is_original_sudo() {
         "sudo: unable to open /etc/sudoers2: No such file or directory"
     } else {
-        "sudo-rs: cannot open sudoers file '/etc/sudoers2'"
+        "cannot open sudoers file '/etc/sudoers2'"
     };
     assert_contains!(output.stderr(), diagnostic);
     Ok(())
@@ -128,7 +128,7 @@ fn include_loop_error_messages() -> Result<()> {
     let diagnostic = if sudo_test::is_original_sudo() {
         "/etc/sudoers2: too many levels of includes"
     } else {
-        "sudo-rs: include file limit reached opening '/etc/sudoers2'"
+        "include file limit reached opening '/etc/sudoers2'"
     };
     assert_contains!(output.stderr(), diagnostic);
 
@@ -147,7 +147,7 @@ fn include_loop_not_fatal() -> Result<()> {
     let diagnostic = if sudo_test::is_original_sudo() {
         "/etc/sudoers2: too many levels of includes"
     } else {
-        "sudo-rs: include file limit reached opening '/etc/sudoers2'"
+        "include file limit reached opening '/etc/sudoers2'"
     };
     assert_contains!(output.stderr(), diagnostic);
 
@@ -170,7 +170,7 @@ fn permissions_check() -> Result<()> {
     let diagnostic = if sudo_test::is_original_sudo() {
         "sudo: /etc/sudoers2 is world writable"
     } else {
-        "sudo-rs: /etc/sudoers2 cannot be world-writable"
+        "/etc/sudoers2 cannot be world-writable"
     };
     assert_contains!(output.stderr(), diagnostic);
 
@@ -189,7 +189,7 @@ fn permissions_check_not_fatal() -> Result<()> {
     let diagnostic = if sudo_test::is_original_sudo() {
         format!("sudo: {ETC_DIR}/sudoers2 is world writable")
     } else {
-        format!("sudo-rs: {ETC_DIR}/sudoers2 cannot be world-writable")
+        format!("{ETC_DIR}/sudoers2 cannot be world-writable")
     };
     assert_contains!(output.stderr(), diagnostic);
 
@@ -213,7 +213,7 @@ fn ownership_check() -> Result<()> {
     let diagnostic = if sudo_test::is_original_sudo() {
         "sudo: /etc/sudoers2 is owned by uid 1000, should be 0"
     } else {
-        "sudo-rs: /etc/sudoers2 must be owned by root"
+        "/etc/sudoers2 must be owned by root"
     };
     assert_contains!(output.stderr(), diagnostic);
 
@@ -233,7 +233,7 @@ fn ownership_check_not_fatal() -> Result<()> {
     let diagnostic = if sudo_test::is_original_sudo() {
         "sudo: /etc/sudoers2 is owned by uid 1000, should be 0"
     } else {
-        "sudo-rs: /etc/sudoers2 must be owned by root"
+        "/etc/sudoers2 must be owned by root"
     };
     assert_contains!(output.stderr(), diagnostic);
 
@@ -284,7 +284,7 @@ fn relative_path_grandparent_directory() -> Result<()> {
     let diagnostic = if sudo_test::is_original_sudo() {
         format!("sudo: unable to open {path}: No such file or directory")
     } else {
-        format!("sudo-rs: cannot open sudoers file '{path}'")
+        format!("cannot open sudoers file '{path}'")
     };
     assert_contains!(output.stderr(), diagnostic);
     Ok(())

test-framework/sudo-compliance-tests/src/sudo/sudoers/includedir.rs

@@ -81,10 +81,7 @@ fn directory_does_not_exist_is_not_fatal() -> Result<()> {
     if sudo_test::is_original_sudo() {
         assert!(stderr.is_empty());
     } else {
-        assert_contains!(
-            stderr,
-            "sudo-rs: cannot open sudoers file /etc/does-not-exist"
-        );
+        assert_contains!(stderr, "cannot open sudoers file /etc/does-not-exist");
     }
 
     Ok(())
@@ -192,7 +189,7 @@ fn include_loop() -> Result<()> {
     let diagnostic = if sudo_test::is_original_sudo() {
         format!("{ETC_DIR}/sudoers.d/a: too many levels of includes")
     } else {
-        format!("sudo-rs: include file limit reached opening '{ETC_DIR}/sudoers.d/a'")
+        format!("include file limit reached opening '{ETC_DIR}/sudoers.d/a'")
     };
     assert_contains!(output.stderr(), diagnostic);
 
@@ -227,7 +224,7 @@ fn statements_prior_to_include_loop_are_evaluated() -> Result<()> {
     let diagnostic = if sudo_test::is_original_sudo() {
         format!("{ETC_DIR}/sudoers.d/a: too many levels of includes")
     } else {
-        format!("sudo-rs: include file limit reached opening '{ETC_DIR}/sudoers.d/a'")
+        format!("include file limit reached opening '{ETC_DIR}/sudoers.d/a'")
     };
 
     assert_contains!(output.stderr(), diagnostic);
@@ -350,7 +347,7 @@ fn ignores_directory_with_bad_perms() -> Result<()> {
         ]
     } else {
         [
-            format!("sudo-rs: {ETC_DIR}/sudoers2.d cannot be world-writable"),
+            format!("{ETC_DIR}/sudoers2.d cannot be world-writable"),
             "I'm sorry root. I'm afraid I can't do that".to_owned(),
         ]
     };
@@ -380,7 +377,7 @@ fn ignores_directory_with_bad_ownership() -> Result<()> {
         ]
     } else {
         [
-            format!("sudo-rs: {ETC_DIR}/sudoers2.d must be owned by root"),
+            format!("{ETC_DIR}/sudoers2.d must be owned by root"),
             "I'm sorry root. I'm afraid I can't do that".to_owned(),
         ]
     };