bjoernager/rust
bjoernager/rust
1
Fork 0
Code Activity

Rollup merge of #123709 - tgross35:windows-cmd-docs-update, r=ChrisDenton

Browse source 
Update documentation related to the recent cmd.exe fix

Fix some grammar nits, change `bat` (extension) -> `batch` (file), and make line wrapping more consistent.
This commit is contained in:
Michael Goulet 2024-05-19 11:04:07 -04:00 committed by GitHub
commit 0f923a48c5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 59 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

49
library/std/src/os/windows/process.rs
View file

@ -199,14 +199,14 @@ pub trait CommandExt: Sealed {
/// Append literal text to the command line without any quoting or escaping. /// Append literal text to the command line without any quoting or escaping.
/// ///
/// This is useful for passing arguments to applications which doesn't follow /// This is useful for passing arguments to applications that don't follow
/// the standard C run-time escaping rules, such as `cmd.exe /c`. /// the standard C run-time escaping rules, such as `cmd.exe /c`.
/// ///
/// # Bat files /// # Batch files
/// ///
/// Note the `cmd /c` command line has slightly different escaping rules then bat files /// Note the `cmd /c` command line has slightly different escaping rules than batch files
/// themselves. If possible, it may be better to write complex arguments to a temporary /// themselves. If possible, it may be better to write complex arguments to a temporary
/// .bat file, with appropriate escaping, and simply run that using: /// `.bat` file, with appropriate escaping, and simply run that using:
/// ///
/// ```no_run /// ```no_run
/// # use std::process::Command; /// # use std::process::Command;
@ -217,7 +217,7 @@ pub trait CommandExt: Sealed {
/// ///
/// # Example /// # Example
/// ///
/// Run a bat script using both trusted and untrusted arguments. /// Run a batch script using both trusted and untrusted arguments.
/// ///
/// ```no_run /// ```no_run
/// #[cfg(windows)] /// #[cfg(windows)]
@ -241,9 +241,10 @@ pub trait CommandExt: Sealed {
/// if !user_name.chars().all(|c| c.is_alphanumeric()) { /// if !user_name.chars().all(|c| c.is_alphanumeric()) {
/// return Err(Error::new(ErrorKind::InvalidInput, "invalid user name")); /// return Err(Error::new(ErrorKind::InvalidInput, "invalid user name"));
/// } /// }
/// // now we've checked the user name, let's add that too. ///
/// cmd_args.push(' '); /// // now we have validated the user name, let's add that too.
/// cmd_args.push_str(&format!("--user {user_name}")); /// cmd_args.push_str(" --user ");
/// cmd_args.push_str(user_name);
/// ///
/// // call cmd.exe and return the output /// // call cmd.exe and return the output
/// Command::new("cmd.exe") /// Command::new("cmd.exe")
@ -287,25 +288,37 @@ pub trait CommandExt: Sealed {
#[unstable(feature = "windows_process_extensions_async_pipes", issue = "98289")] #[unstable(feature = "windows_process_extensions_async_pipes", issue = "98289")]
fn async_pipes(&mut self, always_async: bool) -> &mut process::Command; fn async_pipes(&mut self, always_async: bool) -> &mut process::Command;
/// Sets a raw attribute on the command, providing extended configuration options for Windows processes. /// Set a raw attribute on the command, providing extended configuration options for Windows
/// processes.
/// ///
/// This method allows you to specify custom attributes for a child process on Windows systems using raw attribute values. /// This method allows you to specify custom attributes for a child process on Windows systems
/// Raw attributes provide extended configurability for process creation, but their usage can be complex and potentially unsafe. /// using raw attribute values. Raw attributes provide extended configurability for process
/// creation, but their usage can be complex and potentially unsafe.
/// ///
/// The `attribute` parameter specifies the raw attribute to be set, while the `value` parameter holds the value associated with that attribute. /// The `attribute` parameter specifies the raw attribute to be set, while the `value`
/// Please refer to the [`windows-rs`](https://microsoft.github.io/windows-docs-rs/doc/windows/) documentation or the [`Win32 API documentation`](https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute) for detailed information about available attributes and their meanings. /// parameter holds the value associated with that attribute. Please refer to the
/// [`windows-rs` documentation] or the [Win32 API documentation] for detailed information
/// about available attributes and their meanings.
///
/// [`windows-rs` documentation]: https://microsoft.github.io/windows-docs-rs/doc/windows/
/// [Win32 API documentation]: https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute
/// ///
/// # Note /// # Note
/// ///
/// The maximum number of raw attributes is the value of [`u32::MAX`]. /// The maximum number of raw attributes is the value of [`u32::MAX`].
/// If this limit is exceeded, the call to [`process::Command::spawn`] will return an `Error` indicating that the maximum number of attributes has been exceeded. /// If this limit is exceeded, the call to [`process::Command::spawn`] will return an `Error`
/// indicating that the maximum number of attributes has been exceeded.
///
/// # Safety /// # Safety
/// ///
/// The usage of raw attributes is potentially unsafe and should be done with caution. Incorrect attribute values or improper configuration can lead to unexpected behavior or errors. /// The usage of raw attributes is potentially unsafe and should be done with caution.
/// Incorrect attribute values or improper configuration can lead to unexpected behavior or
/// errors.
/// ///
/// # Example /// # Example
/// ///
/// The following example demonstrates how to create a child process with a specific parent process ID using a raw attribute. /// The following example demonstrates how to create a child process with a specific parent
/// process ID using a raw attribute.
/// ///
/// ```rust /// ```rust
/// #![feature(windows_process_extensions_raw_attribute)] /// #![feature(windows_process_extensions_raw_attribute)]
@ -339,7 +352,9 @@ pub trait CommandExt: Sealed {
/// ///
/// # Safety Note /// # Safety Note
/// ///
/// Remember that improper use of raw attributes can lead to undefined behavior or security vulnerabilities. Always consult the documentation and ensure proper attribute values are used. /// Remember that improper use of raw attributes can lead to undefined behavior or security
/// vulnerabilities. Always consult the documentation and ensure proper attribute values are
/// used.
#[unstable(feature = "windows_process_extensions_raw_attribute", issue = "114854")] #[unstable(feature = "windows_process_extensions_raw_attribute", issue = "114854")]
unsafe fn raw_attribute<T: Copy + Send + Sync + 'static>( unsafe fn raw_attribute<T: Copy + Send + Sync + 'static>(
&mut self, &mut self,

48
library/std/src/process.rs
View file

@ -90,8 +90,8 @@
//! //!
//! # Windows argument splitting //! # Windows argument splitting
//! //!
//! On Unix systems arguments are passed to a new process as an array of strings //! On Unix systems arguments are passed to a new process as an array of strings,
//! but on Windows arguments are passed as a single commandline string and it's //! but on Windows arguments are passed as a single commandline string and it is
//! up to the child process to parse it into an array. Therefore the parent and //! up to the child process to parse it into an array. Therefore the parent and
//! child processes must agree on how the commandline string is encoded. //! child processes must agree on how the commandline string is encoded.
//! //!
@ -107,26 +107,26 @@
//! * Use [`raw_arg`] to build a custom commandline. This bypasses the escaping //! * Use [`raw_arg`] to build a custom commandline. This bypasses the escaping
//! rules used by [`arg`] so should be used with due caution. //! rules used by [`arg`] so should be used with due caution.
//! //!
//! `cmd.exe` and `.bat` use non-standard argument parsing and are especially //! `cmd.exe` and `.bat` files use non-standard argument parsing and are especially
//! vulnerable to malicious input as they may be used to run arbitrary shell //! vulnerable to malicious input as they may be used to run arbitrary shell
//! commands. Untrusted arguments should be restricted as much as possible. //! commands. Untrusted arguments should be restricted as much as possible.
//! For examples on handling this see [`raw_arg`]. //! For examples on handling this see [`raw_arg`].
//! //!
//! ### Bat file special handling //! ### Batch file special handling
//! //!
//! On Windows, `Command` uses the Windows API function [`CreateProcessW`] to //! On Windows, `Command` uses the Windows API function [`CreateProcessW`] to
//! spawn new processes. An undocumented feature of this function is that, //! spawn new processes. An undocumented feature of this function is that
//! when given a `.bat` file as the application to run, it will automatically //! when given a `.bat` file as the application to run, it will automatically
//! convert that into running `cmd.exe /c` with the bat file as the next argument. //! convert that into running `cmd.exe /c` with the batch file as the next argument.
//! //!
//! For historical reasons Rust currently preserves this behaviour when using //! For historical reasons Rust currently preserves this behaviour when using
//! [`Command::new`], and escapes the arguments according to `cmd.exe` rules. //! [`Command::new`], and escapes the arguments according to `cmd.exe` rules.
//! Due to the complexity of `cmd.exe` argument handling, it might not be //! Due to the complexity of `cmd.exe` argument handling, it might not be
//! possible to safely escape some special chars, and using them will result //! possible to safely escape some special characters, and using them will result
//! in an error being returned at process spawn. The set of unescapeable //! in an error being returned at process spawn. The set of unescapeable
//! special chars might change between releases. //! special characters might change between releases.
//! //!
//! Also note that running `.bat` scripts in this way may be removed in the //! Also note that running batch scripts in this way may be removed in the
//! future and so should not be relied upon. //! future and so should not be relied upon.
//! //!
//! [`spawn`]: Command::spawn //! [`spawn`]: Command::spawn
@ -659,16 +659,19 @@ impl Command {
/// ///
/// Note that the argument is not passed through a shell, but given /// Note that the argument is not passed through a shell, but given
/// literally to the program. This means that shell syntax like quotes, /// literally to the program. This means that shell syntax like quotes,
/// escaped characters, word splitting, glob patterns, variable substitution, etc. /// escaped characters, word splitting, glob patterns, variable substitution,
/// have no effect. /// etc. have no effect.
/// ///
/// <div class="warning"> /// <div class="warning">
/// ///
/// On Windows use caution with untrusted inputs. Most applications use the /// On Windows, use caution with untrusted inputs. Most applications use the
/// standard convention for decoding arguments passed to them. These are safe to use with `arg`. /// standard convention for decoding arguments passed to them. These are safe to
/// However some applications, such as `cmd.exe` and `.bat` files, use a non-standard way of decoding arguments /// use with `arg`. However, some applications such as `cmd.exe` and `.bat` files
/// and are therefore vulnerable to malicious input. /// use a non-standard way of decoding arguments. They are therefore vulnerable
/// In the case of `cmd.exe` this is especially important because a malicious argument can potentially run arbitrary shell commands. /// to malicious input.
///
/// In the case of `cmd.exe` this is especially important because a malicious
/// argument can potentially run arbitrary shell commands.
/// ///
/// See [Windows argument splitting][windows-args] for more details /// See [Windows argument splitting][windows-args] for more details
/// or [`raw_arg`] for manually implementing non-standard argument encoding. /// or [`raw_arg`] for manually implementing non-standard argument encoding.
@ -710,11 +713,14 @@ impl Command {
/// ///
/// <div class="warning"> /// <div class="warning">
/// ///
/// On Windows use caution with untrusted inputs. Most applications use the /// On Windows, use caution with untrusted inputs. Most applications use the
/// standard convention for decoding arguments passed to them. These are safe to use with `args`. /// standard convention for decoding arguments passed to them. These are safe to
/// However some applications, such as `cmd.exe` and `.bat` files, use a non-standard way of decoding arguments /// use with `arg`. However, some applications such as `cmd.exe` and `.bat` files
/// and are therefore vulnerable to malicious input. /// use a non-standard way of decoding arguments. They are therefore vulnerable
/// In the case of `cmd.exe` this is especially important because a malicious argument can potentially run arbitrary shell commands. /// to malicious input.
///
/// In the case of `cmd.exe` this is especially important because a malicious
/// argument can potentially run arbitrary shell commands.
/// ///
/// See [Windows argument splitting][windows-args] for more details /// See [Windows argument splitting][windows-args] for more details
/// or [`raw_arg`] for manually implementing non-standard argument encoding. /// or [`raw_arg`] for manually implementing non-standard argument encoding.