mirror of
https://github.com/mikefarah/yq.git
synced 2026-07-05 12:10:37 +00:00
Compare commits
1 Commits
3a918d36f5
...
9d9a5a9957
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
9d9a5a9957 |
@ -212,11 +212,7 @@ yq -P -oy sample.json
|
||||
|
||||
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.DisableEnvOps, "security-disable-env-ops", "", false, "Disable env related operations.")
|
||||
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.DisableFileOps, "security-disable-file-ops", "", false, "Disable file related operations (e.g. load)")
|
||||
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.EnableSystemOps, "security-enable-system-operator", "", false, "Enable system operator to allow execution of external commands.")
|
||||
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.EnableSystemOps, "enable-system-operator", "", false, "DEPRECATED: use --security-enable-system-operator instead. Enable system operator to allow execution of external commands.")
|
||||
if err = rootCmd.MarkPersistentFlagDeprecated("enable-system-operator", "use --security-enable-system-operator instead."); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
rootCmd.PersistentFlags().BoolVarP(&yqlib.ConfiguredSecurityPreferences.EnableSystemOps, "enable-system-operator", "", false, "Enable system operator to allow execution of external commands.")
|
||||
|
||||
rootCmd.AddCommand(
|
||||
createEvaluateSequenceCommand(),
|
||||
|
||||
@ -33,9 +33,6 @@ func resolveCommandNode(commandNodes Context) (string, error) {
|
||||
if cmdNode.Kind != ScalarNode || cmdNode.Tag == "!!null" {
|
||||
return "", fmt.Errorf("system operator: command must be a string scalar")
|
||||
}
|
||||
if cmdNode.Value == "" {
|
||||
return "", fmt.Errorf("system operator: command must be a non-empty string")
|
||||
}
|
||||
return cmdNode.Value, nil
|
||||
}
|
||||
|
||||
@ -92,11 +89,13 @@ func systemOperator(d *dataTreeNavigator, context Context, expressionNode *Expre
|
||||
}
|
||||
|
||||
var stdin bytes.Buffer
|
||||
encoded, err := encodeToYamlString(candidate)
|
||||
if err != nil {
|
||||
return Context{}, err
|
||||
if candidate.Tag != "!!null" {
|
||||
encoded, err := encodeToYamlString(candidate)
|
||||
if err != nil {
|
||||
return Context{}, err
|
||||
}
|
||||
stdin.WriteString(encoded)
|
||||
}
|
||||
stdin.WriteString(encoded)
|
||||
|
||||
// #nosec G204 - intentional: user must explicitly enable this operator
|
||||
cmd := exec.Command(command, args...)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user