Skip to content

Commit 1842b6d

Browse files
squeek502squeek502
committed
std.process: Improve doc comments of Windows argv -> command line functions
1 parent 45a378b commit 1842b6d

File tree

1 file changed

+15
-0
lines changed

1 file changed

+15
-0
lines changed

lib/std/process.zig

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1934,6 +1934,8 @@ pub const WindowsCommandLineCache = struct {
19341934
}
19351935
};
19361936

1937+
/// Returns the absolute path of `cmd.exe` within the Windows system directory.
1938+
/// The caller owns the returned slice.
19371939
pub fn windowsCmdExePath(allocator: mem.Allocator) error{ OutOfMemory, Unexpected }![:0]u16 {
19381940
var buf = try std.ArrayListUnmanaged(u16).initCapacity(allocator, 128);
19391941
errdefer buf.deinit(allocator);
@@ -1965,6 +1967,11 @@ pub const ArgvToCommandLineError = error{ OutOfMemory, InvalidWtf8, InvalidArg0
19651967

19661968
/// Serializes `argv` to a Windows command-line string suitable for passing to a child process and
19671969
/// parsing by the `CommandLineToArgvW` algorithm. The caller owns the returned slice.
1970+
///
1971+
/// To avoid arbitrary command execution, this function should not be used when spawning `.bat`/`.cmd` scripts.
1972+
/// https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
1973+
///
1974+
/// When executing `.bat`/`.cmd` scripts, use `argvToScriptCommandLineWindows` instead.
19681975
pub fn argvToCommandLineWindows(
19691976
allocator: mem.Allocator,
19701977
argv: []const []const u8,
@@ -2133,6 +2140,14 @@ pub const ArgvToScriptCommandLineError = error{
21332140
///
21342141
/// Escapes `argv` using the suggested mitigation against arbitrary command execution from:
21352142
/// https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
2143+
///
2144+
/// The return of this function will look like
2145+
/// `cmd.exe /d /e:ON /v:OFF /c "<escaped command line>"`
2146+
/// and should be used as the `lpCommandLine` of `CreateProcessW`, while the
2147+
/// return of `windowsCmdExePath` should be used as `lpApplicationName`.
2148+
///
2149+
/// Should only be used when spawning `.bat`/`.cmd` scripts, see `argvToCommandLineWindows` otherwise.
2150+
/// The `.bat`/`.cmd` file must be known to both have the `.bat`/`.cmd` extension and exist on the filesystem.
21362151
pub fn argvToScriptCommandLineWindows(
21372152
allocator: mem.Allocator,
21382153
/// Path to the `.bat`/`.cmd` script. If this path is relative, it is assumed to be relative to the CWD.

0 commit comments

Comments
 (0)