Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make command searcher not use wildcard search for execution #9202

Merged
merged 44 commits into from
Apr 2, 2019
Merged

Make command searcher not use wildcard search for execution #9202

merged 44 commits into from
Apr 2, 2019

Conversation

TravisEz13
Copy link
Member

@TravisEz13 TravisEz13 commented Mar 22, 2019
edited

PR Summary

Make command searcher not use wildcard search for execution

PR Context

This is a Defense in Depth fix to prevent people from accidentally running a script.

For example, if a user attempted to run .\[my1].ps1 and there is a 1.ps1 in the same folder. 1.ps1 would be executed instead.
The fix allows tab completion and Get-Command to continue to work with the wildcards ([], ?, and *).

PR Checklist

@TravisEz13 TravisEz13 added Breaking-Change breaking change that may affect users CL-Engine Indicates that a PR should be marked as an engine change in the Change Log labels Mar 22, 2019
@TravisEz13 TravisEz13 added this to the 6.2.0-GA-Consider milestone Mar 22, 2019
@iSazonov
Copy link
Collaborator

If we want unambiguity, can we follow the practice we use in cmdlets? I mean that if name resolution returns several results, then throw.

/cc @mklement0

@TravisEz13
Copy link
Member Author

TravisEz13 commented Mar 22, 2019
edited

@iSazonov That code is already there. End the end, both code paths, use the same code. I doubt anyone actually wants to do execution based on wildcards. It can lead to executing unexpected files and VERY bad results.

@mklement0
Copy link
Contributor

Glad to see this is getting fixed; it addresses at least part of #4726, which also asks for the >, >> behavior to be fixed - will this PR address that too (haven't looked)?

@TravisEz13
Copy link
Member Author

@mklement0 The intent was not to fix that issue. As #4726 does not directly affect execution, I would not think that the issue would be considered a Defense in Depth fix and I'd prefer to get this fix in before addressing that issue.

@mklement0
Copy link
Contributor

Thanks for clarifying, @TravisEz13 (but note that #4726 is about execution as well).

@mklement0 mklement0 mentioned this pull request Mar 22, 2019
Closed
@PoshChan

This comment has been minimized.

Sign in to view
1 similar comment
@PoshChan

This comment has been minimized.

Sign in to view
SteveL-MSFT
SteveL-MSFT approved these changes Apr 1, 2019
View reviewed changes
Copy link
Member

@SteveL-MSFT SteveL-MSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit comment remaining

build.psm1 Outdated
[string]$Title = 'PowerShell Core Tests'
[string]$Title = 'PowerShell Core Tests',
[Parameter(ParameterSetName='Wait', Mandatory=$true,
HelpMessage='Wait for the debugger to attach to powershell before pester starts. Debug builds only!')]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
HelpMessage='Wait for the debugger to attach to powershell before pester starts. Debug builds only!')]
HelpMessage='Wait for the debugger to attach to PowerShell before Pester starts. Debug builds only!')]

@PoshChan

This comment has been minimized.

Sign in to view
@PoshChan

This comment has been minimized.

Sign in to view
@PoshChan

This comment has been minimized.

Sign in to view
@adityapatwardhan adityapatwardhan merged commit 5e4b4d1 into PowerShell:master Apr 2, 2019
@TravisEz13 TravisEz13 deleted the fix_command_searcher branch April 2, 2019 18:57
@iSazonov
Copy link
Collaborator

iSazonov commented Apr 3, 2019

Should we document the command searcher process in Docs repo?

@TravisEz13
Copy link
Member Author

The command searcher itself is an implementation detail. We should document the search order for command execution.

@TravisEz13 TravisEz13 mentioned this pull request Apr 3, 2019
Closed
8 tasks
adityapatwardhan pushed a commit to adityapatwardhan/PowerShell that referenced this pull request Apr 4, 2019
@TravisEz13 @adityapatwardhan
Make command searcher not use wildcard search for execution (PowerShe…
52b2a26 
…ll#9202)
@mklement0 mklement0 mentioned this pull request Apr 15, 2019
Closed
@daxian-dbw daxian-dbw mentioned this pull request Apr 16, 2019
Closed
11 tasks
@iSazonov iSazonov mentioned this pull request Apr 18, 2019
Closed
This was referenced Jun 1, 2019
Closed
Merged
@TravisEz13 TravisEz13 mentioned this pull request Sep 6, 2019
Closed
@mklement0 mklement0 mentioned this pull request Nov 6, 2019
Closed
@mklement0 mklement0 mentioned this pull request Apr 5, 2022
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daxian-dbw daxian-dbw daxian-dbw left review comments

@iSazonov iSazonov iSazonov left review comments

@SteveL-MSFT SteveL-MSFT SteveL-MSFT approved these changes

@adityapatwardhan adityapatwardhan adityapatwardhan approved these changes

@PaulHigin PaulHigin PaulHigin approved these changes

@BrucePay BrucePay Awaiting requested review from BrucePay

@anmenaga anmenaga Awaiting requested review from anmenaga anmenaga is a code owner

Assignees

@adityapatwardhan adityapatwardhan

Labels
Breaking-Change breaking change that may affect users CL-Engine Indicates that a PR should be marked as an engine change in the Change Log Committee-Reviewed PS-Committee has reviewed this and made a decision
Projects
None yet
Milestone
7.0.0-preview.1
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@TravisEz13 @iSazonov @mklement0 @daxian-dbw @SteveL-MSFT @PoshChan @adityapatwardhan @PaulHigin