From 1ca28f229eb360498b93bd048ef745f32f7761e1 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Mon, 25 May 2026 18:05:55 -0500 Subject: refactor(prog): run JSON/YAML/webdev formatters via argv, not a shell MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit cj/json-format-buffer, cj/yaml-format-buffer, and cj/webdev-format-buffer ran their formatters through shell-command-on-region, which goes via a shell. I moved each to call-process-region with an explicit program and argv list, so a filename or buffer content can't be word-split or read as shell syntax. The webdev path dropped its shell-quote-argument dance once the filename became a plain argv element. Point preservation is unchanged. One deliberate improvement, and it's tested: shell-command-on-region with replace replaced the buffer with the formatter's error text on a non-zero exit. The new per-formatter helper captures output to a temp buffer, checks the exit code, replaces only on success, and otherwise raises a user-error carrying stderr — so a failed format leaves the buffer alone. I kept a small format-region helper in each of the three modules rather than one shared helper. They have no common module to live in short of system-lib, and coupling three unrelated domain modules through it wasn't worth saving sixteen lines. --- tests/test-prog-json--json-format-buffer.el | 31 +++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'tests/test-prog-json--json-format-buffer.el') diff --git a/tests/test-prog-json--json-format-buffer.el b/tests/test-prog-json--json-format-buffer.el index 227eafb9..70d7e98b 100644 --- a/tests/test-prog-json--json-format-buffer.el +++ b/tests/test-prog-json--json-format-buffer.el @@ -7,9 +7,40 @@ ;;; Code: (require 'ert) +(require 'cl-lib) (require 'json) (require 'prog-json) +;;; argv path — process invocation (stubbed, no shell) + +(ert-deftest test-prog-json--json-format-buffer-invokes-jq-argv () + "Normal: with jq present, the formatter calls jq via argv, no shell." + (let (program args) + (cl-letf (((symbol-function 'executable-find) (lambda (_p) "/usr/bin/jq")) + ((symbol-function 'call-process-region) + (lambda (_start _end prog &rest rest) + (setq program prog + args (nthcdr 3 rest)) + (with-current-buffer (nth 1 rest) (insert "{}")) + 0))) + (with-temp-buffer + (insert "{\"a\":1}") + (cj/json-format-buffer))) + (should (equal "jq" program)) + (should (equal '("--sort-keys" ".") args)))) + +(ert-deftest test-prog-json--json-format-buffer-no-clobber-on-failure () + "Error: a non-zero jq exit leaves the buffer untouched and signals an error." + (cl-letf (((symbol-function 'executable-find) (lambda (_p) "/usr/bin/jq")) + ((symbol-function 'call-process-region) + (lambda (_start _end _prog _delete buffer &rest _) + (with-current-buffer buffer (insert "jq: parse error")) + 1))) + (with-temp-buffer + (insert "{not valid json}") + (should-error (cj/json-format-buffer) :type 'user-error) + (should (string= (buffer-string) "{not valid json}"))))) + ;;; Normal Cases — jq path (ert-deftest test-prog-json--json-format-buffer-normal-formats-object () -- cgit v1.2.3