fix(windows): document MotW unblock, surface config errors, fix taskkill quoting#702
fix(windows): document MotW unblock, surface config errors, fix taskkill quoting#702ShauryaaSharma wants to merge 2 commits into
Conversation
32af727 to
471bb4d
Compare
ad18db5 to
be0c1c8
Compare
|
Huge thanks for opening this PR and for the work you put into it. The maintainer shop is currently full, so this may sit for a bit before it gets a proper review. We will come back to this as soon as possible with real feedback; I wanted to make sure it did not sit unacknowledged in the meantime. |
|
Thanks for the clear Windows fix. Before this can move forward, could you add a regression guard for the Windows quoting/config failure, or explain why it cannot live in the suite? This touches |
2ad6b24 to
8a72685
Compare
|
Hey, Thanks for the steer! So, you were right to call out my "can't really test this" note. I was wrong, I'd figured the bug only really shows itself once Pushed an update just now, rebased onto |
|
The one thing I didn't write a test for is the There's no Pester setup anywhere in the repo and I'm glad to pick it up as a follow-up if you'd like. I did check the Let me know what you think! |
|
Rest, here is what i have done as of now. I exposed the command-line builder ( so that the IMAGENAME filter has to survive as one quoted token instead of the three bare words that had taskkill tripping over |
…uoting - README: document Unblock-File step for Mark-of-the-Web restriction that prevents install.ps1 from running after Invoke-WebRequest - install.ps1: check $LASTEXITCODE after `install -y` and exit 1 with a visible error when zero agents are configured, instead of silently printing "Done!" - compat_fs.c: replace _spawnvp with CreateProcess in cbm_exec_no_shell on Windows; add cbm_build_cmdline that properly quotes argv arguments containing spaces (MSVC convention), fixing the taskkill /FI filter that was splitting "IMAGENAME eq codebase-memory-mcp.exe" into three bare tokens and printing an invalid-argument error Fixes DeusData#697 Signed-off-by: ShauryaaSharma <shauryasofficial27@gmail.com>
Expose cbm_build_cmdline via compat_fs_internal.h (following the system_info_internal.h "exposed for testing" pattern) and add Windows-only tests in test_security.c that pin the MSVC command-line quoting convention: - the exact DeusData#697 case: {"taskkill","/FI","IMAGENAME eq ...exe"} must become taskkill /FI "IMAGENAME eq ...exe" (one quoted token, not three bare words that made taskkill print "Invalid argument - eq") - unquoted simple args, empty-arg -> "", embedded-quote escaping, trailing-backslash doubling before the closing quote Also fills in the previously-empty Windows side of the cbm_exec_no_shell suite with live CreateProcessW exec tests (cmd /c exit N). These run in CI on the existing windows-latest test job, so the Windows spawn path is now covered rather than #ifndef _WIN32-excluded. The quoting logic is pure and deterministic; the seven cmdline cases were validated against the production algorithm under MinGW GCC 6.3. Signed-off-by: ShauryaaSharma <shauryasofficial27@gmail.com>
8a72685 to
ec80e7d
Compare
Fixes #697
What does this PR do?
Addresses all three root causes reported in #697, where
install.ps1reports success but leaves the MCP server unconfigured on Windows.1. Mark-of-the-Web (README)
Invoke-WebRequeststamps downloaded files with a Zone Identifier that causes PowerShell to refuse execution. The README Windows install steps now include an explicitUnblock-File .\install.ps1step (both the quick-installblock and the manual-install block), with a note on
-ExecutionPolicy Bypassas a fallback.2. Swallowed config errors (install.ps1)
The
try/catcharound& $Dest install -ydoes not catch non-terminating exits. A non-zero exit code was silently swallowed and the script printed "Done!" regardless. The block now checks$LASTEXITCODEafter the call and, if non-zero, prints a red error message and exits 1 so the failure is visible.3. taskkill
/FIquoting (compat_fs.c)cbm_exec_no_shellon Windows used_spawnvp, whose MinGW CRT implementation does not quote arguments that contain spaces when building theCreateProcesscommand line. The filter value"IMAGENAME eq codebase-memory-mcp.exe"was passed as three bare tokens, causingtaskkillto printERROR: Invalid argument/option - 'eq'on every invocation.cbm_exec_no_shellnow usesCreateProcessdirectly with a newcbm_build_cmdlinehelper that produces a properly-quoted command line following the MSVC/Windows CRT convention (arguments with spaces, tabs, or embedded double-quotes are wrapped in"…", with backslashes before a closing quote doubled). The POSIX path (fork/execvp) is unchanged.CreateProcessreplaces_spawnvpat the same call site with the same security surface, no new subprocess capability is introduced, and no update toscripts/security-allowlist.txtis required.Checklist
git commit -s) — required, CI rejects unsigned commits (DCO, see CONTRIBUTING.md)make -f Makefile.cbm test), full suite requires ASan + 64-bit toolchain unavailable in this environment; thecbm_build_cmdlinequoting logic andcbm_exec_no_shelllive-exec paths were verified with a targeted harness compiled under MinGW GCC 6.3 (7 quoting cases + 3 liveCreateProcessexec cases, all passing)make -f Makefile.cbm lint-ci) — clang-tidy unavailable in this environment; please run in CItests/; the fix is in the installer script and a Windows-only code path not currently covered by the test suite.