mirror of
https://github.com/mikefarah/yq.git
synced 2026-06-26 23:17:43 +00:00
44c55c8a54
* Initial plan * Add system(command; args) operator with --enable-system-operator flag Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/8a11e9a0-10d2-4f2a-ae29-4e9d0bfc266f Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com> * Update pkg/yqlib/operator_system.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Evaluate system command/args per matched node using SingleReadonlyChildContext Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/dca841eb-3f63-4f23-adeb-556431560420 Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com> * Add yqFlags to expressionScenario for doc command snippets; fix system op docs Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/3f8a5375-25fd-4428-a8e6-b630194c36b2 Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com> * Update pkg/yqlib/doc/operators/headers/system-operators.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update pkg/yqlib/doc/operators/system-operators.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Validate command node type and handle multiple results with debug log Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/928aabc5-ad71-41d8-94ab-403942e3f92d Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Remove deprecated --enable-system-operator alias; use --security-enable-system-operator consistently Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/286b95e9-b6d7-4ab8-b401-2d7a03853922 Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Address deep review feedback: error on disabled, strict arg/cmd validation, debug logs, docs Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/fbfba2db-60ea-4c20-a4c2-0fd396b80c81 Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com> Co-authored-by: Mike Farah <mikefarah@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
124 lines
3.7 KiB
Go
124 lines
3.7 KiB
Go
package yqlib
|
|
|
|
import (
|
|
"os/exec"
|
|
"testing"
|
|
)
|
|
|
|
func findExec(t *testing.T, name string) string {
|
|
t.Helper()
|
|
path, err := exec.LookPath(name)
|
|
if err != nil {
|
|
t.Skipf("skipping: %v not found: %v", name, err)
|
|
}
|
|
return path
|
|
}
|
|
|
|
var systemOperatorDisabledScenarios = []expressionScenario{
|
|
{
|
|
description: "system operator returns error when disabled",
|
|
subdescription: "Use `--security-enable-system-operator` to enable the system operator.",
|
|
document: "country: Australia",
|
|
expression: `.country = system("/usr/bin/echo"; "test")`,
|
|
expectedError: "system operations are disabled, use --security-enable-system-operator to enable",
|
|
},
|
|
}
|
|
|
|
func TestSystemOperatorDisabledScenarios(t *testing.T) {
|
|
originalEnableSystemOps := ConfiguredSecurityPreferences.EnableSystemOps
|
|
defer func() {
|
|
ConfiguredSecurityPreferences.EnableSystemOps = originalEnableSystemOps
|
|
}()
|
|
|
|
ConfiguredSecurityPreferences.EnableSystemOps = false
|
|
|
|
for _, tt := range systemOperatorDisabledScenarios {
|
|
testScenario(t, &tt)
|
|
}
|
|
documentOperatorScenarios(t, "system-operators", systemOperatorDisabledScenarios)
|
|
}
|
|
|
|
func TestSystemOperatorEnabledScenarios(t *testing.T) {
|
|
echoPath := findExec(t, "echo")
|
|
falsePath := findExec(t, "false")
|
|
|
|
originalEnableSystemOps := ConfiguredSecurityPreferences.EnableSystemOps
|
|
defer func() {
|
|
ConfiguredSecurityPreferences.EnableSystemOps = originalEnableSystemOps
|
|
}()
|
|
|
|
ConfiguredSecurityPreferences.EnableSystemOps = true
|
|
|
|
scenarios := []expressionScenario{
|
|
{
|
|
description: "Run a command with an argument",
|
|
subdescription: "Use `--security-enable-system-operator` to enable the system operator.",
|
|
yqFlags: "--security-enable-system-operator",
|
|
document: "country: Australia",
|
|
expression: `.country = system("` + echoPath + `"; "test")`,
|
|
expected: []string{
|
|
"D0, P[], (!!map)::country: test\n",
|
|
},
|
|
},
|
|
{
|
|
description: "Run a command without arguments",
|
|
subdescription: "Omit the semicolon and args to run the command with no extra arguments.",
|
|
yqFlags: "--security-enable-system-operator",
|
|
document: "a: hello",
|
|
expression: `.a = system("` + echoPath + `")`,
|
|
expected: []string{
|
|
"D0, P[], (!!map)::a: \"\"\n",
|
|
},
|
|
},
|
|
{
|
|
description: "Run a command with multiple arguments",
|
|
subdescription: "Pass an array of arguments.",
|
|
skipDoc: true,
|
|
document: "a: hello",
|
|
expression: `.a = system("` + echoPath + `"; ["foo", "bar"])`,
|
|
expected: []string{
|
|
"D0, P[], (!!map)::a: foo bar\n",
|
|
},
|
|
},
|
|
{
|
|
description: "Command and args are evaluated per matched node",
|
|
skipDoc: true,
|
|
document: "cmd: " + echoPath + "\narg: hello",
|
|
expression: `.result = system(.cmd; .arg)`,
|
|
expected: []string{
|
|
"D0, P[], (!!map)::cmd: " + echoPath + "\narg: hello\nresult: hello\n",
|
|
},
|
|
},
|
|
{
|
|
description: "Command failure returns error",
|
|
skipDoc: true,
|
|
document: "a: hello",
|
|
expression: `.a = system("` + falsePath + `")`,
|
|
expectedError: "system command '" + falsePath + "' failed: exit status 1",
|
|
},
|
|
{
|
|
description: "Null command returns error",
|
|
skipDoc: true,
|
|
document: "a: hello",
|
|
expression: `.a = system(null)`,
|
|
expectedError: "system operator: command must be a string scalar",
|
|
},
|
|
{
|
|
description: "System operator processes multiple matched nodes",
|
|
skipDoc: true,
|
|
document: "a: first",
|
|
document2: "a: second",
|
|
expression: `.a = system("` + echoPath + `"; "replaced")`,
|
|
expected: []string{
|
|
"D0, P[], (!!map)::a: replaced\n",
|
|
"D0, P[], (!!map)::a: replaced\n",
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, tt := range scenarios {
|
|
testScenario(t, &tt)
|
|
}
|
|
appendOperatorDocumentScenario(t, "system-operators", scenarios)
|
|
}
|