Comment out sensitive console commands in history to prevent re-execution #909

1. 
   waketraindev commented at 1:26 pm on November 6, 2025: contributor

   Prefix filtered commands with “#” before adding them to the RPC console history.

   Console lines starting with “#” are ignored by the executor, preventing accidental re-execution of filtered sensitive commands when recalled from history.

   Also adds a noop signal to handle ignored commands cleanly and documents comment behavior in the console help text (help-console).

2. 
   DrahtBot commented at 1:26 pm on November 6, 2025: contributor

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Reviews

   See the guideline for information on the review process. A summary of reviews will appear here.

   Conflicts

   Reviewers, this pull request conflicts with the following ones:

   • #910 (Added test coverage for qt gui#901 console history filter by waketraindev)
   • #882 (Add console commands for clearing output and history by waketraindev)

   If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

3. waketraindev renamed this:
   qt: Comment out sensitive commands in history to prevent re-execution
   qt: Comment out sensitive console commands in history to prevent re-execution
   on Nov 6, 2025
4. waketraindev renamed this:
   qt: Comment out sensitive console commands in history to prevent re-execution
   Comment out sensitive console commands in history to prevent re-execution
   on Nov 6, 2025
5. DrahtBot added the label CI failed on Nov 6, 2025
6. 
   DrahtBot commented at 4:32 pm on November 6, 2025: contributor

   🚧 At least one of the CI tasks failed. Task Windows native, VS 2022: https://github.com/bitcoin-core/gui/actions/runs/19137200809/job/54692201187 LLM reason (✨ experimental): CTest failed because the test_bitcoin-qt test failed (exit code 8).

   Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

   • Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.

   • A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.

   • An intermittent issue.

   Leave a comment here, if you need help tracking down a confusing failure.

7. waketraindev marked this as a draft on Nov 6, 2025
8. qt: Comment out sensitive commands in history to prevent re-execution a0422e52a9
9. waketraindev force-pushed on Nov 6, 2025
10. waketraindev marked this as ready for review on Nov 6, 2025
11. DrahtBot removed the label CI failed on Nov 6, 2025
12. in src/qt/rpcconsole.cpp:1111 in a0422e52a9

    1103@@ -1094,6 +1104,12 @@ void RPCConsole::startExecutor()
    1104         m_is_executing = false;
    1105     });
    1106 
    1107+    connect(m_executor, &RPCExecutor::noop, this, [this]() {
    1108+        ui->messagesWidget->undo();
    1109+        scrollToEnd();
    1110+        m_is_executing = false;
    1111+    });
    

    ---

    ---

    

    luke-jr commented at 4:41 pm on November 7, 2025:

    Why does this need a signal/slot?
13. in src/qt/rpcconsole.cpp:416 in a0422e52a9

    412+                "   example:    getblock(getblockhash(0),1)[tx][0]\n\n"
    413+
    414+                "Lines starting with '#' are treated as comments and are not executed.\n"
    415+                "   example:    # Hello world\n\n")));
    416+            return;
    417+        } else if (executableCommand.starts_with("#")) {
    

    ---

    ---

    

    luke-jr commented at 4:43 pm on November 7, 2025:

    Should probably check this before parsing (top of RPCConsole::on_lineEdit_returnPressed)
14. luke-jr changes_requested

Contributors
waketraindev DrahtBot luke-jr