dub: JSON, SDL, YAML, TOML, what color should we paint it ?
Commander Zot
no at no.no
Tue Feb 28 16:18:20 UTC 2023
On Tuesday, 28 February 2023 at 16:10:19 UTC, Steven
Schveighoffer wrote:
> On 2/28/23 10:15 AM, Adam D Ruppe wrote:
>> On Tuesday, 28 February 2023 at 14:29:28 UTC, Mathias LANG
>> wrote:
>>> Obviously such a change would not happen overnight, and would
>>> need broad support from the community. Opinions ?
>>
>> Here's a wild idea: use the D language. Most the things
>> dub.json defines are already available in D anyway.
>
> Is there a way to do this and prevent mischief? Like maybe:
>
> ```d
> module buildfile;
>
> import safe.modules.only;
>
> static immutable buildcode = import("build.d");
>
> shared static this() {
> import dparser;
> parseEnsuringNoImportsOrMixins(buildcode);
> }
>
> void build() {
> mixin(buildcode);
> }
> ```
>
> -Steve
whats preventing some buildfile from including some malicious cmd
line in dub?
if you want to restrict buildfiles, they become pretty useless
for a lot of cases
More information about the Digitalmars-d
mailing list