[pve-devel] [PATCH v6 proxmox-apt 04/11] add check_repositories function

Fabian Ebner f.ebner at proxmox.com
Fri Jun 18 09:26:23 CEST 2021


Am 18.06.21 um 09:16 schrieb Wolfgang Bumiller:
> 
>> On 06/18/2021 8:58 AM Fabian Ebner <f.ebner at proxmox.com> wrote:
>>
>>   
>> Am 18.06.21 um 08:56 schrieb Wolfgang Bumiller:
>>>
>>>> On 06/18/2021 8:53 AM Fabian Ebner <f.ebner at proxmox.com> wrote:
>>>>
>>>>    
>>>> Am 18.06.21 um 08:44 schrieb Wolfgang Bumiller:
>>>>>
>>>>>> On 06/18/2021 8:42 AM Fabian Ebner <f.ebner at proxmox.com> wrote:
>>>>>>>> +            Some((last, rest)) => match rest.split_last() {
>>>>>>>> +                Some((second_to_last, _rest)) => {
>>>>>>>> +                    (*last == "org" && *second_to_last == "debian")
>>>>>>>> +                        || (*last == "com" && *second_to_last == "proxmox")
>>>>>>>> +                }
>>>>>>>> +                None => false,
>>>>>>>> +            },
>>>>>>>> +            None => false,
>>>>>>>> +        };
>>>>>>>> +
>>>>>>>> +        for uri in self.uris.iter() {
>>>>>>>> +            if let Some(host) = host_from_uri(uri) {
>>>>>>>> +                let domains = host.split('.').collect();
>>>>>>>
>>>>>>> ^ But instead of building a vector here, why not just do:
>>>>>>>
>>>>>>>         if host == "proxmox.com" || host.ends_with(".proxmox.com")
>>>>>>>             || host == "debian.org" || host.ends_with(".debian.org")
>>>>>>>         {
>>>>>>>             ...
>>>>>>>         }
>>>>>>>
>>>>>>
>>>>>> Misses FQDNs?
>>>>>
>>>>> Such as?
>>>>>
>>>>
>>>> http://security.debian.org.
>>>
>>> Why is that not caught by `.ends_with(".debian.org")`?
>>>
>>
>> Because of the final dot.
> 
> Splitting at '.' gives you an empty element in your vector, so that's the same in your code...
> 

Good to know.

> Feel free to just strip the final dot, though, if it makes you feel any better :-P
> 
>> But it is likely very uncommon and simply
> 
> Do people even really do that, ever, outside of zone files?
> 
>> splitting by '.' leads to false results with e.g.
>> http://security..debian.org too, so it might not be worth worrying about...
> 
> That doesn't work anyway...
> 

Yeah, I meant http://security.debian..org and thought it would be a 
false positive, but if there's an empty element in the vector, it isn't.





More information about the pve-devel mailing list