Comments (4)
I'll have to add that to the usage text! LOL!
Even on macOS and Linux, foreach
can do serious damage if you don't know what you're doing, but that's true with most *nix shell commands.
I'm thinking I should add a --live-run
option to foreach
to be "safer".
That is, by default, it will output the generated commands to a .dry-run
file. WDYT?
from qsv.
--dry-run=True
should be the default under the covers, when not even given as an argument. You have to flip it to False and pass the option once your "ready" such as --dry-run=False
? Otherwise, just using foreach
makes a bunch of .dry-run
files from the generated commands.
from qsv.
First off, big fan of your work with OpenRefine. And TBH, qsv and qsv pro takes a lot of inspiration from it :)
As to foreach
on Windows - as evinced by the CVE Rust 1.77.2 just "fixed" (https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html), cmd.exe processing is just a lot more complicated on Windows and opens a lot of "footgun" opportunities.
But contributions are always welcome should anybody be up to the challenge!
from qsv.
Thanks!
Well... "untrusted" anything is indeed a footgun to bring it over the fence and say "it's trusted". That goes for anything in life, I guess. When concerning batch files, arguments, variables, etc. all those things typically need to be inspected and are always in the "untrusted" camp I would say.
Let's hope someone does pick this up and can help with this issue, with this small mentioned caveat that :
"This goes without saying, but still... Please ensure when using foreach
on Windows (or any Command execution) that you ensure to use trusted arguments, variables, scripts, etc. that you process using for Command execution. If you don't do due diligence and blindly use untrusted parts... foreach
can indeed become a footgun and possibly fry your computer, eat your lunch, and expose an entire datacenter to a cancerous virus in your unvetted batch file you grabbed from some stranger on the internet that runs...FOR EACH LINE in your CSV file. GASP!"
from qsv.
Related Issues (20)
- BUG Incorrect delimiter in qsv sniff HOT 7
- qsv validate - valid pass feature request HOT 2
- `stats` & `frequency`: add a `--json` flag for JSON output
- `foreach`: add `--dry-run` option HOT 1
- qsv count HOT 1
- Locating.installing qsv HOT 2
- sql windows functions HOT 7
- add `--no-headers` support to qsv cat rowskey HOT 2
- group by HOT 1
- `frequency`: add `--other` option HOT 5
- `luau`: additional helper functions
- `search`: add preview and JSON options HOT 1
- `search` & `searchset`: when a CSV is indexed, parallelize search
- partition file into files with n rows each (except for last file) HOT 7
- `stats` command writes output file even when `--output` is not set HOT 7
- `stats`: Max precision for float types HOT 5
- sqlp selects wrong data when multiple tables have the same named column HOT 8
- Getting "usage error: " prepended to help messages for commands HOT 1
- Can qsv reverse or sort column order?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from qsv.