mirror of
https://github.com/mikefarah/yq.git
synced 2026-07-01 18:01:40 +00:00
Remove deprecated --enable-system-operator alias; use --security-enable-system-operator consistently
Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/286b95e9-b6d7-4ab8-b401-2d7a03853922 Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
This commit is contained in:
parent
e10e8127e1
commit
b3b4478839
@ -213,10 +213,6 @@ yq -P -oy sample.json
|
||||
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.DisableEnvOps, "security-disable-env-ops", "", false, "Disable env related operations.")
|
||||
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.DisableFileOps, "security-disable-file-ops", "", false, "Disable file related operations (e.g. load)")
|
||||
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.EnableSystemOps, "security-enable-system-operator", "", false, "Enable system operator to allow execution of external commands.")
|
||||
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.EnableSystemOps, "enable-system-operator", "", false, "DEPRECATED: use --security-enable-system-operator instead. Enable system operator to allow execution of external commands.")
|
||||
if err = rootCmd.MarkPersistentFlagDeprecated("enable-system-operator", "use --security-enable-system-operator instead."); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
rootCmd.AddCommand(
|
||||
createEvaluateSequenceCommand(),
|
||||
|
||||
@ -2,12 +2,12 @@
|
||||
|
||||
The `system` operator allows you to run an external command and use its output as a value in your expression.
|
||||
|
||||
**Security warning**: The system operator is disabled by default. You must explicitly pass `--enable-system-operator` to use it.
|
||||
**Security warning**: The system operator is disabled by default. You must explicitly pass `--security-enable-system-operator` to use it.
|
||||
|
||||
## Usage
|
||||
|
||||
```bash
|
||||
yq --enable-system-operator --null-input '.field = system("command"; "arg1")'
|
||||
yq --security-enable-system-operator --null-input '.field = system("command"; "arg1")'
|
||||
```
|
||||
|
||||
The operator takes:
|
||||
@ -20,4 +20,4 @@ The current matched node's value is serialised and piped to the command via stdi
|
||||
|
||||
The system operator is disabled by default. When disabled, a warning is logged and `null` is returned instead of running the command.
|
||||
|
||||
Use `--enable-system-operator` flag to enable it.
|
||||
Use `--security-enable-system-operator` flag to enable it.
|
||||
|
||||
@ -2,12 +2,12 @@
|
||||
|
||||
The `system` operator allows you to run an external command and use its output as a value in your expression.
|
||||
|
||||
**Security warning**: The system operator is disabled by default. You must explicitly pass `--enable-system-operator` to use it.
|
||||
**Security warning**: The system operator is disabled by default. You must explicitly pass `--security-enable-system-operator` to use it.
|
||||
|
||||
## Usage
|
||||
|
||||
```bash
|
||||
yq --enable-system-operator --null-input '.field = system("command"; "arg1")'
|
||||
yq --security-enable-system-operator --null-input '.field = system("command"; "arg1")'
|
||||
```
|
||||
|
||||
The operator takes:
|
||||
@ -20,10 +20,10 @@ The current matched node's value is serialised and piped to the command via stdi
|
||||
|
||||
The system operator is disabled by default. When disabled, a warning is logged and `null` is returned instead of running the command.
|
||||
|
||||
Use `--enable-system-operator` flag to enable it.
|
||||
Use `--security-enable-system-operator` flag to enable it.
|
||||
|
||||
## system operator returns null when disabled
|
||||
Use `--enable-system-operator` to enable the system operator.
|
||||
Use `--security-enable-system-operator` to enable the system operator.
|
||||
|
||||
Given a sample.yml file of:
|
||||
```yaml
|
||||
@ -39,7 +39,7 @@ country: null
|
||||
```
|
||||
|
||||
## Run a command with an argument
|
||||
Use `--enable-system-operator` to enable the system operator.
|
||||
Use `--security-enable-system-operator` to enable the system operator.
|
||||
|
||||
Given a sample.yml file of:
|
||||
```yaml
|
||||
@ -47,7 +47,7 @@ country: Australia
|
||||
```
|
||||
then
|
||||
```bash
|
||||
yq --enable-system-operator '.country = system("/usr/bin/echo"; "test")' sample.yml
|
||||
yq --security-enable-system-operator '.country = system("/usr/bin/echo"; "test")' sample.yml
|
||||
```
|
||||
will output
|
||||
```yaml
|
||||
@ -63,7 +63,7 @@ a: hello
|
||||
```
|
||||
then
|
||||
```bash
|
||||
yq --enable-system-operator '.a = system("/usr/bin/echo")' sample.yml
|
||||
yq --security-enable-system-operator '.a = system("/usr/bin/echo")' sample.yml
|
||||
```
|
||||
will output
|
||||
```yaml
|
||||
|
||||
@ -41,7 +41,7 @@ func resolveCommandNode(commandNodes Context) (string, error) {
|
||||
|
||||
func systemOperator(d *dataTreeNavigator, context Context, expressionNode *ExpressionNode) (Context, error) {
|
||||
if !ConfiguredSecurityPreferences.EnableSystemOps {
|
||||
log.Warning("system operator is disabled, use --enable-system-operator flag to enable")
|
||||
log.Warning("system operator is disabled, use --security-enable-system-operator flag to enable")
|
||||
results := list.New()
|
||||
for el := context.MatchingNodes.Front(); el != nil; el = el.Next() {
|
||||
candidate := el.Value.(*CandidateNode)
|
||||
|
||||
@ -17,7 +17,7 @@ func findExec(t *testing.T, name string) string {
|
||||
var systemOperatorDisabledScenarios = []expressionScenario{
|
||||
{
|
||||
description: "system operator returns null when disabled",
|
||||
subdescription: "Use `--enable-system-operator` to enable the system operator.",
|
||||
subdescription: "Use `--security-enable-system-operator` to enable the system operator.",
|
||||
document: "country: Australia",
|
||||
expression: `.country = system("/usr/bin/echo"; "test")`,
|
||||
expected: []string{
|
||||
@ -54,8 +54,8 @@ func TestSystemOperatorEnabledScenarios(t *testing.T) {
|
||||
scenarios := []expressionScenario{
|
||||
{
|
||||
description: "Run a command with an argument",
|
||||
subdescription: "Use `--enable-system-operator` to enable the system operator.",
|
||||
yqFlags: "--enable-system-operator",
|
||||
subdescription: "Use `--security-enable-system-operator` to enable the system operator.",
|
||||
yqFlags: "--security-enable-system-operator",
|
||||
document: "country: Australia",
|
||||
expression: `.country = system("` + echoPath + `"; "test")`,
|
||||
expected: []string{
|
||||
@ -65,7 +65,7 @@ func TestSystemOperatorEnabledScenarios(t *testing.T) {
|
||||
{
|
||||
description: "Run a command without arguments",
|
||||
subdescription: "Omit the semicolon and args to run the command with no extra arguments.",
|
||||
yqFlags: "--enable-system-operator",
|
||||
yqFlags: "--security-enable-system-operator",
|
||||
document: "a: hello",
|
||||
expression: `.a = system("` + echoPath + `")`,
|
||||
expected: []string{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user