Skip to content

Fix incorrect SHA-1 commit regex in [version_manager.rs](cci:7://file:///d:/Github/vscode/cli/src/desktop/version_manager.rs:0:0-0:0) #251329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
connor4312 merged 1 commit into from
Jun 13, 2025
Merged

Fix incorrect SHA-1 commit regex in [version_manager.rs](cci:7://file:///d:/Github/vscode/cli/src/desktop/version_manager.rs:0:0-0:0) #251329

connor4312 merged 1 commit into from
Jun 13, 2025

Conversation

@mohiuddin-khan-shiam
Copy link
Contributor

@mohiuddin-khan-shiam mohiuddin-khan-shiam commented Jun 12, 2025

The CLI’s RequestedVersion::Commit parser rejected many valid commit hashes and allowed invalid ones due to an erroneous regular expression:

  • Old pattern: ^[a-e0-f]{40}$
    • Allowed non-hex characters outside the a–f range
    • Excluded the valid hex digit f and any uppercase letters
  • New pattern: (?i)^[0-9a-f]{40}$
    • (?i) enables case-insensitive matching (accepts A–F)
    • Character class now correctly restricts input to hexadecimal digits 0-9 and a-f
    • Ensures the string is exactly 40 characters, matching a valid SHA-1

Impact

code version use <commit> and related commands could silently fail or accept malformed commit IDs, leading to unexpected version resolution behavior.
With this fix, only valid 40-character hexadecimal commit hashes are accepted, restoring reliable version selection and preventing subtle bugs.

Notes

No API changes; the fix is a single-line update in cli/src/desktop/version_manager.rs.
@mohiuddin-khan-shiam
Fix incorrect SHA-1 commit regex in [version_manager.rs](cci:7://file…
7fe3aee 
…:///d:/Github/vscode/cli/src/desktop/version_manager.rs:0:0-0:0)

The CLI’s `RequestedVersion::Commit` parser rejected many valid commit hashes and allowed invalid ones due to an erroneous regular expression:

* **Old pattern:** `^[a-e0-f]{40}$`
  * Allowed non-hex characters outside the `a–f` range
  * Excluded the valid hex digit `f` and any uppercase letters
* **New pattern:** [(?i)^[0-9a-f]{40}$](cci:1://file:///d:/Github/vscode/cli/src/desktop/version_manager.rs:102:1-107:2)
  * [(?i)](cci:1://file:///d:/Github/vscode/cli/src/desktop/version_manager.rs:102:1-107:2) enables case-insensitive matching (accepts `A–F`)
  * Character class now correctly restricts input to hexadecimal digits `0-9` and `a-f`
  * Ensures the string is exactly 40 characters, matching a valid SHA-1

#### Impact

`code version use <commit>` and related commands could silently fail or accept malformed commit IDs, leading to unexpected version resolution behavior.
With this fix, only valid 40-character hexadecimal commit hashes are accepted, restoring reliable version selection and preventing subtle bugs.

#### Notes

No API changes; the fix is a single-line update in [cli/src/desktop/version_manager.rs](cci:7://file:///d:/Github/vscode/cli/src/desktop/version_manager.rs:0:0-0:0).
@lszomoru lszomoru assigned connor4312 and unassigned connor4312 and lszomoru Jun 13, 2025
@connor4312 connor4312 enabled auto-merge (squash) June 13, 2025 15:03
@vs-code-engineering vs-code-engineering bot added this to the June 2025 milestone Jun 13, 2025
DhruvTheDev1

This comment was marked as off-topic.

Sign in to view

@connor4312 connor4312 merged commit 70f8e0e into microsoft:main Jun 13, 2025
7 checks passed
@vs-code-engineering vs-code-engineering bot locked and limited conversation to collaborators Jul 28, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

6 participants

@mohiuddin-khan-shiam @Tyriar @connor4312 @benibenj @DhruvTheDev1 @lszomoru