Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What would it take to get foreach working on Windows? #1736

Open
thadguidry opened this issue Apr 12, 2024 · 4 comments
Open

What would it take to get foreach working on Windows? #1736

thadguidry opened this issue Apr 12, 2024 · 4 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@thadguidry
Copy link

What help from the community or other Rust crates, developers, etc. would make getting foreach working on Windows?

It would be nice to get foreach supported on Windows. Maybe even a few Microsoft/Rust employees could be pinged to help push this into the DONE category?
@jqnatividad
Copy link
Owner

First off, big fan of your work with OpenRefine. And TBH, qsv and qsv pro takes a lot of inspiration from it :)

As to foreach on Windows - as evinced by the CVE Rust 1.77.2 just "fixed" (https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html), cmd.exe processing is just a lot more complicated on Windows and opens a lot of "footgun" opportunities.

But contributions are always welcome should anybody be up to the challenge!

@thadguidry
Copy link
Author

Thanks!

Well... "untrusted" anything is indeed a footgun to bring it over the fence and say "it's trusted". That goes for anything in life, I guess. When concerning batch files, arguments, variables, etc. all those things typically need to be inspected and are always in the "untrusted" camp I would say.

Let's hope someone does pick this up and can help with this issue, with this small mentioned caveat that :

"This goes without saying, but still... Please ensure when using foreach on Windows (or any Command execution) that you ensure to use trusted arguments, variables, scripts, etc. that you process using for Command execution. If you don't do due diligence and blindly use untrusted parts... foreach can indeed become a footgun and possibly fry your computer, eat your lunch, and expose an entire datacenter to a cancerous virus in your unvetted batch file you grabbed from some stranger on the internet that runs...FOR EACH LINE in your CSV file. GASP!"

@jqnatividad
Copy link
Owner

jqnatividad commented Apr 12, 2024
edited

I'll have to add that to the usage text! LOL!

Even on macOS and Linux, foreach can do serious damage if you don't know what you're doing, but that's true with most *nix shell commands.

I'm thinking I should add a --live-run option to foreach to be "safer".

That is, by default, it will output the generated commands to a .dry-run file. WDYT?

@thadguidry
Copy link
Author

thadguidry commented Apr 12, 2024
edited

--dry-run=True should be the default under the covers, when not even given as an argument. You have to flip it to False and pass the option once your "ready" such as --dry-run=False? Otherwise, just using foreach makes a bunch of .dry-run files from the generated commands.

@jqnatividad jqnatividad mentioned this issue Apr 12, 2024
Closed
@jqnatividad jqnatividad added enhancement New feature or request help wanted Extra attention is needed labels May 26, 2024
@rzmk rzmk mentioned this issue May 29, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thadguidry @jqnatividad