Google Git
Sign in
bazel / bazel / 3f92232c17bf4aad51880c811c291ba4b5b42721
commit3f92232c17bf4aad51880c811c291ba4b5b42721[log] [tgz]
authorFabian Meumertzheim <fabian@meumertzhe.im>Mon Oct 24 07:20:05 2022 -0700
committerCopybara-Service <copybara-worker@google.com>Mon Oct 24 07:21:04 2022 -0700
tree41e89be29e52bf32a3a8f1dfb54adc515ce10bfb
parent1e2e1956ce9f23ef6f57e2a3cfd267bdd6530290 [diff]
Fail `Label` call referencing invalid repository with strict visibility

With Bzlmod's enforcement of strict visibility of repositories based on repository mapping, a `Label` created from a repo-absolute (but not canonical) label string such as `@repo//foo:bar` will be in an error state if there is no repository visible from the calling .bzl module under the apparent name `repo`.

Before this commit, such instances of `Label` could be freely constructed and used from Starlark, even though some of their fields return nonsensical values (for example, `workspace_root` will be `"external"` for `Label("@//foo:bar")` called from a repo without visibility into the main repository).

This commit ensures that instead the `Label` call (and also analogous calls to `relative`) fail with an error such as:
```
Invalid label string '@//foo:bar': no repository visible as '@' from repository '@current_repo'
```

Fixes #16528

Closes #16530.

PiperOrigin-RevId: 483373288
Change-Id: I4831e179a2d0363aa2f27ca4a25d79a634103f8f
4 files changed
tree: 41e89be29e52bf32a3a8f1dfb54adc515ce10bfb
  1. .bazelci/
  2. .github/
  3. examples/
  4. scripts/
  5. site/
  6. src/
  7. third_party/
  8. tools/
  9. .bazelrc
  10. .gitattributes
  11. .gitignore
  12. AUTHORS
  13. BUILD
  14. CHANGELOG.md
  15. CODE_OF_CONDUCT.md
  16. CODEOWNERS
  17. combine_distfiles.py
  18. combine_distfiles_to_tar.sh
  19. compile.sh
  20. CONTRIBUTING.md
  21. CONTRIBUTORS
  22. distdir.bzl
  23. distdir_deps.bzl
  24. LICENSE
  25. MODULE.bazel
  26. README.md
  27. SECURITY.md
  28. WORKSPACE
  29. WORKSPACE.bzlmod
README.md

Bazel

{Fast, Correct} - Choose two

Build and test software of any size, quickly and reliably.

  • Speed up your builds and tests: Bazel rebuilds only what is necessary. With advanced local and distributed caching, optimized dependency analysis and parallel execution, you get fast and incremental builds.

  • One tool, multiple languages: Build and test Java, C++, Android, iOS, Go, and a wide variety of other language platforms. Bazel runs on Windows, macOS, and Linux.

  • Scalable: Bazel helps you scale your organization, codebase, and continuous integration solution. It handles codebases of any size, in multiple repositories or a huge monorepo.

  • Extensible to your needs: Easily add support for new languages and platforms with Bazel's familiar extension language. Share and re-use language rules written by the growing Bazel community.

Getting Started

Documentation

Reporting a Vulnerability

To report a security issue, please email security@bazel.build with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. Our vulnerability management team will respond within 3 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

Contributing to Bazel

See CONTRIBUTING.md

Build status