Disallow options that read from files

This fixes #78.
owenthereal · Nov 2, 2018 · 10815a4 · 10815a4
1 parent 4829eaa
commit 10815a4
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 1 deletion.
diff --git a/jq/jq.go b/jq/jq.go
@@ -21,6 +21,14 @@ func (e *ValidationError) Error() string {
 var (
 	ExecTimeoutError   = errors.New("jq execution was timeout")
 	ExecCancelledError = errors.New("jq execution was cancelled")
+	disallowOpts       = map[string]bool{
+		"f":         true,
+		"from-file": true,
+		"slurpfile": true,
+		"argfile":   true,
+		"L":         true,
+		"run-tests": true,
+	}
 )
 
 type JQ struct {
@@ -83,8 +91,14 @@ func (j *JQ) Validate() error {
 		errMsgs = append(errMsgs, "missing JSON")
 	}
 
+	for _, opt := range j.O {
+		if disallowOpts[opt.Name] {
+			errMsgs = append(errMsgs, fmt.Sprintf("disallow option %q", opt.Name))
+		}
+	}
+
 	if len(errMsgs) > 0 {
-		return &ValidationError{fmt.Sprintf("invalid input: %s", strings.Join(errMsgs, " and "))}
+		return &ValidationError{fmt.Sprintf("invalid input: %s", strings.Join(errMsgs, ", "))}
 	}
 
 	return nil

diff --git a/jq/jq_test.go b/jq/jq_test.go
@@ -5,6 +5,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"
 	"sync"
 	"testing"
 	"time"
@@ -29,6 +30,23 @@ func TestJQEvalInvalidInput(t *testing.T) {
 	}
 }
 
+func TestJQValidateDisallowOpts(t *testing.T) {
+	jq := &JQ{
+		J: "{}",
+		Q: ".",
+		O: []JQOpt{
+			{
+				Name: "from-file",
+			},
+		},
+	}
+
+	err := jq.Validate()
+	if err == nil || !strings.Contains(err.Error(), `disallow option "from-file"`) {
+		t.Errorf(`err should include disallow option "from-file"`)
+	}
+}
+
 func TestJQEvalTimeout(t *testing.T) {
 	t.Parallel()