Fix correctness bugs and clean up dead code across CLI#638
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9348e2b0ff
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| def process_command(self, command: str): | ||
| args = self.prompt_parser.parse_args(command.split()) | ||
| args = self.prompt_parser.parse_args(shlex.split(command)) |
There was a problem hiding this comment.
When an attended-mode user mistypes a quoted argument, for example add_delegate 0x... "label, shlex.split raises ValueError: No closing quotation; SafeCli.loop only catches argparse errors, SystemExit, EOF, and keyboard interrupts, so this new exception escapes and terminates the interactive session instead of showing a parse error and continuing.
Useful? React with 👍 / 👎.
Found during a full-codebase review. Main fixes: - tx-builder decoder: preserve tuple-array suffix (tuple[], tuple[N]) so the selector and ABI encoding match; require 0x prefix for hex ints; clear errors for missing/null contract input values; coerce tx value to int - tx-service operator: return after "owner not loaded" guards to avoid a None-deref crash and posting empty signatures - safe_operator: harden no-arg exception handling, make change_*/update_version* always return bool, reject threshold < 1, fix cached nonce with custom --safe-nonce, clearer empty-seed error - main: respect empty SAFE_CLI_INTERACTIVE, route lowercase addresses to attended mode - prompt_parser: use shlex.split so quoted args parse correctly - ledger: fix exception-message match for USB write errors - hd wallet: stop overriding a custom hd_path when index is set - lexer/completer: fix address/tx-hash regex, fix argument coloring, drop dead entries
Uxio0
force-pushed
the
fix/code-review-correctness-cleanups
branch
from
9348e2b to
4860a7d
Compare
1 participant
What
Fixes a batch of correctness bugs and removes dead code found during a full-codebase review. No new features, no behavior changes beyond fixing the bugs below.
Correctness fixes
tx-builder file decoder (
tx_builder_file_decoder.py)tuple[],tuple[N]). Before, the[]was dropped, so both the 4-byte selector and the ABI encoding targeted the wrong (non-array) signature — a batch file calling a method with an array-of-structs argument silently built the wrong calldata.parse_int_valuenow requires the0xprefix for hex. Before, a bare string like"abc"/"deadbeef"was silently parsed base-16, producing a wrong amount.nullcontractInputsValuesno longer crashes with an opaque error; a missing per-field value now raises a clearMissing value for input 'X'.valueis coerced toint(missing/empty defaults to0) instead of passing a string/Nonedownstream.tx-service operator (
safe_tx_service_operator.py)confirm_messageandsign_messagenowreturn Falseafter the "owner not loaded" / "no owner loaded" guards, instead of falling through to aNone-deref crash or posting an empty signature.safe operator (
safe_operator.py)SafeOperatorExceptionsubclasses no longer crash the generic handler (e.args[0]IndexError);GuardNotSupportedException/FallbackHandlerNotSupportedExceptionnow carry messages.change_*/update_version*always return abool(added the missing failure/success returns).change_thresholdrejectsthreshold < 1locally.safe_tx.safe_nonce + 1instead of a blind+= 1, so the displayed nonce is correct when a custom--safe-nonceis used.load_cli_owners_from_wordsreports an explicit empty-seed error for an unset/empty env var.main / prompt parser
SAFE_CLI_INTERACTIVE=""is respected instead of silently ignored.Web3.is_address, so a lowercase (non-checksummed) Safe address starts attended mode instead of erroring with "No such command".process_commandusesshlex.split, so quoted/multi-word args (e.g. delegate labels with spaces) parse correctly.hardware wallet / hd wallet
in str(e)instead ofin e.args, so the USB-write recovery hint actually fires.get_account_from_wordsno longer overrides a caller-suppliedhd_pathwhenindex != 0.dataaccess made consistent with the other branches.Cleanup
safe_lexer: fixed the address/tx-hash regex ({62}→{64}, malformed[aA-zZ,0-9]→[a-fA-F0-9]).safe_completer/safe_completer_constants: argument coloring now works for multi-arg commands; removed the deadsafe_color_argumentsdict, the deadchange_ownermeta entry, and fixed thechange_thresholdhint (<address>→<integer>).Testing
ruff checkandruff formatclean.Notes / deliberately out of scope
LedgerWallet.get_addressto passself.dongle— it alters runtime behavior and breaks an existing test that encodes the old contract; real-world impact is low.--interactivevsSAFE_CLI_INTERACTIVE=0precedence — current behavior matches the documented "only--non-interactiveoverrides" design.@cacheonget_trezor_client(documented as intentional) and theargparse/typervalidator duplication (larger refactor) for follow-ups.