lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <60381253-676f-4ec9-b55c-922d91e3be23@tngtech.com>
Date: Thu, 22 Jan 2026 21:01:48 +0100
From: Luis Augenstein <luis.augenstein@...tech.com>
To: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
Cc: nathan@...nel.org, nsc@...nel.org, linux-kbuild@...r.kernel.org,
 linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
 gregkh@...uxfoundation.org, maximilian.huber@...tech.com
Subject: Re: [PATCH v2 13/14] tools/sbom: add unit tests for command parsers

> Hmm... Is this supposed to have two files in `expected`?
>
> I mean, `core.o` is really the output of the rule, even if it gets
> modified in-place in the middle.

Hi Miguel,

thank you for the review.

I believe the test is correct under the current design. The test case
consists of two commands:

1. A `rustc` invocation, with `lib.rs` as the input and `rust/core.o` as
the output.
2. An `llvm-objcopy` invocation, where `rust/core.o` is used as both the
input and the output.

The `parse_inputs_from_commands` function is designed to return all
inputs it encounters across all provided commands. The motivation behind
this is to allow isolated parser functions that operate independently of
which other commands occur before or after.
Take for example the commands
`objcopy [...] vmlinux.unstripped vmlinux` and
`objcopy [...] rust/core.o`. Both should be handled by the same
`objcopy` parser logic, which should return `vmlinux.unstripped` and
`rust/core.o` as inputs, respectively.

That said, you are absolutely right that the final graph node for
`rust/core.o` should only depend on `lib.rs`, and not on itself, as that
would introduce a cyclical dependency. The current implementation
accounts for this case in `cmd_file.py:121`, where such
self-dependencies are explicitly filtered out:

> if input_file == target_path:
>     # Skip target file to prevent cycles. This is necessary because
some multi stage commands first create an output and then pass it as
input to the next command, e.g., objcopy.
>     continue

An alternative approach would be to have each parser function suppress
returning inputs when the input and output files are identical, but I
think that would be more complex in the end.

Best,
Luis


-- 
Luis Augenstein * luis.augenstein@...tech.com * +49-152-25275761
TNG Technology Consulting GmbH, Beta-Str. 13, 85774 Unterföhring
Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Thomas Endres
Aufsichtsratsvorsitzender: Christoph Stock
Sitz: Unterföhring * Amtsgericht München * HRB 135082

Download attachment "OpenPGP_0x795C8ACACDDCFB34.asc" of type "application/pgp-keys" (3156 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (841 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ