Comments (3)
mikefarah
commented on June 25, 2024
I'm not convinced this would be a great idea, security wise. You can get the same outcome by using environment variables and passing that to yq.
from yq.
CosmicToast
commented on June 25, 2024
That’s not really true, the purpose is to perform processing of yq inputs using external tools.
The closest alternative would be to print out the data to be processed, pipe that into a separate script, that would then pipe that into another to process that would accept this data on top of the original data for processing.
If you want some real world examples of what types of processing this enables, please let me know.
from yq.
mikefarah
commented on June 25, 2024
Ah I think I see what you mean, you could use yq to actually perform operations. Kind of like you'd do with find in bash with the exec arg. There was another discussion here about passing in user-controlled expressions to yq (#1961) I did say it was not safe to do so; but still wouldn't surprise me if people are doing that. Adding this in would increase the vulnerability exposure. It could be done with an extra flag passed in; like that jq thread was proposing. Interested to hear other thoughts as well...
from yq.
Related Issues (20)
- value for env variable not provided in env() GitHub Workflow HOT 1
- Replace with_entries broken HOT 2
- Question. How to prepend tags at the start
- yq is confused by the indentation of a comment, considers it belonging to a wrong node. HOT 2
- Preserve whitespace and newlines during an inline edit
- generated array seems not working (e.g. with sort, unique) HOT 1
- yq should be available to install using pip HOT 1
- Runtime cgo error on CentOS 7.9.2009 HOT 2
- `with_entries` doesn't work with `with` HOT 1
- Encoding to yaml only encodes the first document to a string HOT 2
- Unique does not work on arrays with objects HOT 3
- please add yq v4 to conda-forge HOT 2
- Support `env(XX)[]` expressions HOT 1
- Spurious newline added with `yq -i` when multiline strings are present
- Ignores/Strips CSV cell content when parsing CSV cells starting with "#"
- 128+ character long key weird behaviour HOT 2
- Error thrown by string evaluator for unexpected key when a key value is a multiline json (>- in yaml) while normal yq binary working fine
- Ubuntu 24.04 LTS support
- verbose colored output
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yq.