Needs escaping

I tested numerous escaping approaches as asked, but it breaks the yq expressions. What string escape approach would you recommend? Thanks @AkihiroSuda

@AkihiroSuda I don't see why this needs escaping. The filter expression should be inserted literally inside the select().

Without escaping the code looks vulnerable to "Bobby Tables".
Unlikely to result in breaking data in our case though

How is this different from any code you specify via --yq? The only difference is that the --filter argument is wrapped inside a select() call.

The user can literally send the same command via --yq "$(printf "select(%s)" "$FILTER")".

Any escaping would simply break the filter expression.

Second side note: I also didn't see any functionality in yq that would allow you to get a list of all environment variables. You have to know the variable name to query the value. Please let me know if I overlooked anything!

Clearing the env may cause an unexpected effect to the entire process, including the Go runtime.

Can't we just add a new option in the YQ library to prohibit accessing envs?

At least https://pkg.go.dev/github.com/mikefarah/yq/v4@v4.48.1/pkg/yqlib#ExpressionNode could be verified that there is no reference to env vars.

Clearing the env may cause an unexpected effect to the entire process, including the Go runtime.

All we do after clearing the environment is calling yqlib to evaluate the expression, printing the result with fmt.Fprint, and exiting the process. I can't see how anything would be affected in an unexpected way.

The fact that os.Getenv will always return the empty string inside yqlib is not unexpected, but desired.

I would be opposed to modifying the process environment for every yqlib call, but in limactl list and limactl info it would be acceptable when all that is left to do is evaluating an expression and printing the result.

Can't we just add a new option in the YQ library to prohibit accessing envs?

I don't know; there doesn't seem to be an easy way to pass settings to the env operator etc.

I agree that this would be a good enhancement (so we could make it apply to all our yqlib calls), but for limactl list it seems like overkill because I don't see an easy way to implement it.

@AkihiroSuda Are you ok with using os.Clearenv() in this particular case (limactl list, just before calling yqlib, printing the result, and exiting)?

I suspect @olamilekan000 is waiting for a decision before addressing the remaining issues, so this would be blocking it from being included in Lima 2.0.

I think you should be able to combine --filter and --yq as long as the output format is json or yaml.

So you could just drop the check here because yq is already incompatible with the other output formats.

This isn't too clear to me but is there anything wrong with the way it currently is?

Yes:

❯ l ls -l '.status == "Running"'
NAME          STATUS     SSH                VMTYPE    ARCH       CPUS    MEMORY    DISK      DIR
alpine-iso    Running    127.0.0.1:50496    vz        aarch64    4       4GiB      100GiB    ~/.lima/alpine-iso

❯ l ls -l '.status == "Running"' --yq .name
FATA[0000] option --filter conflicts with option --yq

❯ l ls --yq 'select(.status == "Running")' --yq .name
alpine-iso

I expect the last 2 commands to work exactly the same. There is no reason for the len(yq) check to exist.

@AkihiroSuda I don't see why this needs escaping. The filter expression should be inserted literally inside the select().

Despite what the --help output says, every string except table, json, and yaml is treated as a Go template, so the check for the double braces prefix/suffix is not correct:

❯ l ls -f 'Name is: {{.Name}}'
Name is: alpine-iso
Name is: alpine-lima-3.22.2
Name is: foo

Always use %q when printing use input.

Also applies to the next error message.

Is this AND-matching or OR-matching?

I assume you want the description updated to clarify.

It is AND so you can do this:

❯ cat ~/bin/limactl-ps
#!/bin/sh
limactl ls --filter 'select(.status == "Running")' "$@"

❯ l ls
NAME                  STATUS     SSH                VMTYPE    ARCH       CPUS    MEMORY      DISK      DIR
alpine-iso            Running    127.0.0.1:50496    vz        aarch64    4       4GiB        100GiB    ~/.lima/alpine-iso
alpine-lima-3.22.2    Stopped    127.0.0.1:0        vz        aarch64    4       4GiB        100GiB    ~/.lima/alpine-lima-3.22.2
default               Running    127.0.0.1:54512    qemu      aarch64    4       4GiB        100GiB    ~/.lima/default
foo                   Stopped    127.0.0.1:0        vz        aarch64    4       1.177MiB    100GiB    ~/.lima/foo

❯ l ps
NAME          STATUS     SSH                VMTYPE    ARCH       CPUS    MEMORY    DISK      DIR
alpine-iso    Running    127.0.0.1:50496    vz        aarch64    4       4GiB      100GiB    ~/.lima/alpine-iso
default       Running    127.0.0.1:54512    qemu      aarch64    4       4GiB      100GiB    ~/.lima/default

❯ l ps -l '.vmType == "vz"'
NAME          STATUS     SSH                VMTYPE    ARCH       CPUS    MEMORY    DISK      DIR
alpine-iso    Running    127.0.0.1:50496    vz        aarch64    4       4GiB      100GiB    ~/.lima/alpine-iso

I don't think this is useful. The whole point of --filter and --yq is to provide YQ expressions that are going to be evaluated. There is no vulnerability; the expression is provided by the user themselves.

And we already get an error when the YQ expression is invalid, e.g.

❯ l ls -l '.vmType =='
FATA[0000] failed to apply filter select(.vmType ==): '==' expects 2 args but there is 1

So I don't understand the purpose of this "validation", especially since it might make legitimate use cases invalid (e.g. you are restricting which characters are allowed inside literal strings).