Skip to content

Make command searcher not use wildcard search for execution #9202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
adityapatwardhan merged 44 commits into from
Apr 2, 2019
Merged

Make command searcher not use wildcard search for execution #9202

adityapatwardhan merged 44 commits into from
Apr 2, 2019

Conversation

@TravisEz13
Copy link
Member

@TravisEz13 TravisEz13 commented Mar 22, 2019
edited
Loading

PR Summary

Make command searcher not use wildcard search for execution

PR Context

This is a Defense in Depth fix to prevent people from accidentally running a script.

For example, if a user attempted to run .\[my1].ps1 and there is a 1.ps1 in the same folder. 1.ps1 would be executed instead.
The fix allows tab completion and Get-Command to continue to work with the wildcards ([], ?, and *).

PR Checklist

@TravisEz13 TravisEz13 added Breaking-Change breaking change that may affect users CL-Engine Indicates that a PR should be marked as an engine change in the Change Log labels Mar 22, 2019
@TravisEz13 TravisEz13 added this to the 6.2.0-GA-Consider milestone Mar 22, 2019
PaulHigin
PaulHigin suggested changes Mar 22, 2019
View reviewed changes
@iSazonov
Copy link
Collaborator

iSazonov commented Mar 22, 2019

If we want unambiguity, can we follow the practice we use in cmdlets? I mean that if name resolution returns several results, then throw.

/cc @mklement0

@TravisEz13
Copy link
Member Author

TravisEz13 commented Mar 22, 2019
edited
Loading

@iSazonov That code is already there. End the end, both code paths, use the same code. I doubt anyone actually wants to do execution based on wildcards. It can lead to executing unexpected files and VERY bad results.

@mklement0
Copy link
Contributor

mklement0 commented Mar 22, 2019

Glad to see this is getting fixed; it addresses at least part of #4726, which also asks for the >, >> behavior to be fixed - will this PR address that too (haven't looked)?

@TravisEz13 TravisEz13 force-pushed the fix_command_searcher branch from da63bff to 44e90c0 Compare March 22, 2019 19:30
@TravisEz13
Copy link
Member Author

TravisEz13 commented Mar 22, 2019

@mklement0 The intent was not to fix that issue. As #4726 does not directly affect execution, I would not think that the issue would be considered a Defense in Depth fix and I'd prefer to get this fix in before addressing that issue.

@mklement0
Copy link
Contributor

mklement0 commented Mar 22, 2019

Thanks for clarifying, @TravisEz13 (but note that #4726 is about execution as well).

@TravisEz13 TravisEz13 requested a review from PaulHigin March 22, 2019 19:45
@TravisEz13 TravisEz13 force-pushed the fix_command_searcher branch from 44e90c0 to f143e17 Compare March 22, 2019 19:48
@mklement0 mklement0 mentioned this pull request Mar 22, 2019
Closed
PaulHigin
PaulHigin suggested changes Mar 22, 2019
View reviewed changes
@PoshChan

This comment has been minimized.

Sign in to view
1 similar comment
@PoshChan

This comment has been minimized.

Sign in to view
SteveL-MSFT
SteveL-MSFT approved these changes Apr 1, 2019
View reviewed changes
Copy link
Member

@SteveL-MSFT SteveL-MSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit comment remaining

build.psm1 Outdated
[string]$Title = 'PowerShell Core Tests'
[string]$Title = 'PowerShell Core Tests',
[Parameter(ParameterSetName='Wait', Mandatory=$true,
HelpMessage='Wait for the debugger to attach to powershell before pester starts. Debug builds only!')]
Copy link
Member

@SteveL-MSFT SteveL-MSFT Apr 1, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
HelpMessage='Wait for the debugger to attach to powershell before pester starts. Debug builds only!')]
HelpMessage='Wait for the debugger to attach to PowerShell before Pester starts. Debug builds only!')]

adityapatwardhan
adityapatwardhan reviewed Apr 1, 2019
View reviewed changes
@PoshChan

This comment has been minimized.

Sign in to view
@PoshChan

This comment has been minimized.

Sign in to view
@PoshChan

This comment has been minimized.

Sign in to view
iSazonov
iSazonov reviewed Apr 2, 2019
View reviewed changes
TravisEz13
TravisEz13 commented Apr 2, 2019
View reviewed changes
@adityapatwardhan adityapatwardhan merged commit 5e4b4d1 into PowerShell:master Apr 2, 2019
@TravisEz13 TravisEz13 deleted the fix_command_searcher branch April 2, 2019 18:57
@iSazonov
Copy link
Collaborator

iSazonov commented Apr 3, 2019

Should we document the command searcher process in Docs repo?

@TravisEz13
Copy link
Member Author

TravisEz13 commented Apr 3, 2019

The command searcher itself is an implementation detail. We should document the search order for command execution.

@TravisEz13 TravisEz13 mentioned this pull request Apr 3, 2019
Closed
8 tasks
@mklement0 mklement0 mentioned this pull request Apr 15, 2019
Closed
@daxian-dbw daxian-dbw mentioned this pull request Apr 16, 2019
Closed
11 tasks
@iSazonov iSazonov mentioned this pull request Apr 18, 2019
Closed
This was referenced Jun 1, 2019
Closed
Merged
@TravisEz13 TravisEz13 mentioned this pull request Sep 6, 2019
Closed
@mklement0 mklement0 mentioned this pull request Nov 6, 2019
Closed
@mklement0 mklement0 mentioned this pull request Apr 5, 2022
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daxian-dbw daxian-dbw daxian-dbw left review comments

@iSazonov iSazonov iSazonov left review comments

@SteveL-MSFT SteveL-MSFT SteveL-MSFT approved these changes

@adityapatwardhan adityapatwardhan adityapatwardhan approved these changes

@BrucePay BrucePay Awaiting requested review from BrucePay

@anmenaga anmenaga Awaiting requested review from anmenaga

+1 more reviewer

@PaulHigin PaulHigin PaulHigin approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@adityapatwardhan adityapatwardhan

Labels

Breaking-Change breaking change that may affect users CL-Engine Indicates that a PR should be marked as an engine change in the Change Log Committee-Reviewed PS-Committee has reviewed this and made a decision

Projects

None yet

Milestone

7.0.0-preview.1

Development

Successfully merging this pull request may close these issues.

8 participants

@TravisEz13 @iSazonov @mklement0 @daxian-dbw @SteveL-MSFT @PoshChan @adityapatwardhan @PaulHigin