diff --git a/cmd/root.go b/cmd/root.go index 18960b51..3dfe18e6 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -212,7 +212,11 @@ yq -P -oy sample.json rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.DisableEnvOps, "security-disable-env-ops", "", false, "Disable env related operations.") rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.DisableFileOps, "security-disable-file-ops", "", false, "Disable file related operations (e.g. load)") - rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.EnableSystemOps, "enable-system-operator", "", false, "Enable system operator to allow execution of external commands.") + rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.EnableSystemOps, "security-enable-system-operator", "", false, "Enable system operator to allow execution of external commands.") + rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.EnableSystemOps, "enable-system-operator", "", false, "DEPRECATED: use --security-enable-system-operator instead. Enable system operator to allow execution of external commands.") + if err = rootCmd.MarkPersistentFlagDeprecated("enable-system-operator", "use --security-enable-system-operator instead."); err != nil { + panic(err) + } rootCmd.AddCommand( createEvaluateSequenceCommand(), diff --git a/pkg/yqlib/operator_system.go b/pkg/yqlib/operator_system.go index 2fb58869..8a37d274 100644 --- a/pkg/yqlib/operator_system.go +++ b/pkg/yqlib/operator_system.go @@ -33,6 +33,9 @@ func resolveCommandNode(commandNodes Context) (string, error) { if cmdNode.Kind != ScalarNode || cmdNode.Tag == "!!null" { return "", fmt.Errorf("system operator: command must be a string scalar") } + if cmdNode.Value == "" { + return "", fmt.Errorf("system operator: command must be a non-empty string") + } return cmdNode.Value, nil } @@ -89,13 +92,11 @@ func systemOperator(d *dataTreeNavigator, context Context, expressionNode *Expre } var stdin bytes.Buffer - if candidate.Tag != "!!null" { - encoded, err := encodeToYamlString(candidate) - if err != nil { - return Context{}, err - } - stdin.WriteString(encoded) + encoded, err := encodeToYamlString(candidate) + if err != nil { + return Context{}, err } + stdin.WriteString(encoded) // #nosec G204 - intentional: user must explicitly enable this operator cmd := exec.Command(command, args...)