Remove deprecated --enable-system-operator alias; use --security-enable-system-operator consistently

Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/286b95e9-b6d7-4ab8-b401-2d7a03853922

Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2026-04-06 08:35:36 +00:00 committed by GitHub
parent e10e8127e1
commit b3b4478839
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 15 additions and 19 deletions

View File

@ -213,10 +213,6 @@ yq -P -oy sample.json
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.DisableEnvOps, "security-disable-env-ops", "", false, "Disable env related operations.")
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.DisableFileOps, "security-disable-file-ops", "", false, "Disable file related operations (e.g. load)")
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.EnableSystemOps, "security-enable-system-operator", "", false, "Enable system operator to allow execution of external commands.")
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.EnableSystemOps, "enable-system-operator", "", false, "DEPRECATED: use --security-enable-system-operator instead. Enable system operator to allow execution of external commands.")
if err = rootCmd.MarkPersistentFlagDeprecated("enable-system-operator", "use --security-enable-system-operator instead."); err != nil {
panic(err)
}
rootCmd.AddCommand(
createEvaluateSequenceCommand(),

View File

@ -2,12 +2,12 @@
The `system` operator allows you to run an external command and use its output as a value in your expression.
**Security warning**: The system operator is disabled by default. You must explicitly pass `--enable-system-operator` to use it.
**Security warning**: The system operator is disabled by default. You must explicitly pass `--security-enable-system-operator` to use it.
## Usage
```bash
yq --enable-system-operator --null-input '.field = system("command"; "arg1")'
yq --security-enable-system-operator --null-input '.field = system("command"; "arg1")'
```
The operator takes:
@ -20,4 +20,4 @@ The current matched node's value is serialised and piped to the command via stdi
The system operator is disabled by default. When disabled, a warning is logged and `null` is returned instead of running the command.
Use `--enable-system-operator` flag to enable it.
Use `--security-enable-system-operator` flag to enable it.

View File

@ -2,12 +2,12 @@
The `system` operator allows you to run an external command and use its output as a value in your expression.
**Security warning**: The system operator is disabled by default. You must explicitly pass `--enable-system-operator` to use it.
**Security warning**: The system operator is disabled by default. You must explicitly pass `--security-enable-system-operator` to use it.
## Usage
```bash
yq --enable-system-operator --null-input '.field = system("command"; "arg1")'
yq --security-enable-system-operator --null-input '.field = system("command"; "arg1")'
```
The operator takes:
@ -20,10 +20,10 @@ The current matched node's value is serialised and piped to the command via stdi
The system operator is disabled by default. When disabled, a warning is logged and `null` is returned instead of running the command.
Use `--enable-system-operator` flag to enable it.
Use `--security-enable-system-operator` flag to enable it.
## system operator returns null when disabled
Use `--enable-system-operator` to enable the system operator.
Use `--security-enable-system-operator` to enable the system operator.
Given a sample.yml file of:
```yaml
@ -39,7 +39,7 @@ country: null
```
## Run a command with an argument
Use `--enable-system-operator` to enable the system operator.
Use `--security-enable-system-operator` to enable the system operator.
Given a sample.yml file of:
```yaml
@ -47,7 +47,7 @@ country: Australia
```
then
```bash
yq --enable-system-operator '.country = system("/usr/bin/echo"; "test")' sample.yml
yq --security-enable-system-operator '.country = system("/usr/bin/echo"; "test")' sample.yml
```
will output
```yaml
@ -63,7 +63,7 @@ a: hello
```
then
```bash
yq --enable-system-operator '.a = system("/usr/bin/echo")' sample.yml
yq --security-enable-system-operator '.a = system("/usr/bin/echo")' sample.yml
```
will output
```yaml

View File

@ -41,7 +41,7 @@ func resolveCommandNode(commandNodes Context) (string, error) {
func systemOperator(d *dataTreeNavigator, context Context, expressionNode *ExpressionNode) (Context, error) {
if !ConfiguredSecurityPreferences.EnableSystemOps {
log.Warning("system operator is disabled, use --enable-system-operator flag to enable")
log.Warning("system operator is disabled, use --security-enable-system-operator flag to enable")
results := list.New()
for el := context.MatchingNodes.Front(); el != nil; el = el.Next() {
candidate := el.Value.(*CandidateNode)

View File

@ -17,7 +17,7 @@ func findExec(t *testing.T, name string) string {
var systemOperatorDisabledScenarios = []expressionScenario{
{
description: "system operator returns null when disabled",
subdescription: "Use `--enable-system-operator` to enable the system operator.",
subdescription: "Use `--security-enable-system-operator` to enable the system operator.",
document: "country: Australia",
expression: `.country = system("/usr/bin/echo"; "test")`,
expected: []string{
@ -54,8 +54,8 @@ func TestSystemOperatorEnabledScenarios(t *testing.T) {
scenarios := []expressionScenario{
{
description: "Run a command with an argument",
subdescription: "Use `--enable-system-operator` to enable the system operator.",
yqFlags: "--enable-system-operator",
subdescription: "Use `--security-enable-system-operator` to enable the system operator.",
yqFlags: "--security-enable-system-operator",
document: "country: Australia",
expression: `.country = system("` + echoPath + `"; "test")`,
expected: []string{
@ -65,7 +65,7 @@ func TestSystemOperatorEnabledScenarios(t *testing.T) {
{
description: "Run a command without arguments",
subdescription: "Omit the semicolon and args to run the command with no extra arguments.",
yqFlags: "--enable-system-operator",
yqFlags: "--security-enable-system-operator",
document: "a: hello",
expression: `.a = system("` + echoPath + `")`,
expected: []string{