[avocado-utils] : add validation for perf binary in ensure_tool()#6272
[avocado-utils] : add validation for perf binary in ensure_tool()#6272Sumitupadhyay1 wants to merge 3 commits intoavocado-framework:masterfrom
Conversation
- Added ensure_tool() function to validate availability of tools from either a custom binary path or distro packages. - Returns tool version string after validation. - Handles error cases: * Missing custom path * Non-functional binary * Missing package map - Integrates with install_distro_packages() for dependency handling. Signed-off-by: Sumit Kumar <sumitkum@amd.com>
Summary of ChangesHello @Sumitupadhyay1, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the Highlights
Changelog
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
The pull request introduces a new ensure_tool function to validate the availability and functionality of a given tool, either from a custom path or by installing it via distro packages, which improves the reliability and reproducibility of tests. However, this new utility function is vulnerable to command injection due to the use of shell=True with unvalidated user input (tool_name and custom_path). It is recommended to remove shell=True to prevent the shell from interpreting metacharacters and consider using shlex.quote() for inputs that might contain spaces. The error handling for missing paths, non-functional binaries, and missing package maps is otherwise clear and appropriate.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Testcases that depend on tools like perf, which may be a part of distro packages or custom-installed in a specific location, fail in an ungraceful manner when the binary of those tools is missing or non-functional.