Restrict commands allowed in interpreter mode

Stack interpreter comment annotation allows arbitrary commands to be written and executed when the file is run. It can lead to confusing and surprising behavior if mistakes are made in writing a proper comment. This change restricts the interpreter mode commands to runghc and runhaskell. This change moves add-commands to a separate function. Closes commercialhaskell#1504
harendra-kumar · Dec 13, 2015 · e43d6bf · e43d6bf
1 parent 8e5b5f3
commit e43d6bf
Show file tree

Hide file tree

Showing 3 changed files with 280 additions and 295 deletions.
diff --git a/src/Stack/Docker.hs b/src/Stack/Docker.hs
@@ -9,6 +9,7 @@ module Stack.Docker
   ,CleanupAction(..)
   ,dockerCleanupCmdName
   ,dockerCmdName
+  ,dockerHelpOptName
   ,dockerPullCmdName
   ,entrypoint
   ,preventInContainer
@@ -846,6 +847,9 @@ inContainerEnvVar = stackProgNameUpper ++ "_IN_CONTAINER"
 dockerCmdName :: String
 dockerCmdName = "docker"
 
+dockerHelpOptName :: String
+dockerHelpOptName = dockerCmdName ++ "-help"
+
 -- | Command-line argument for @docker pull@.
 dockerPullCmdName :: String
 dockerPullCmdName = "pull"

diff --git a/src/Stack/Nix.hs b/src/Stack/Nix.hs
@@ -6,6 +6,7 @@
 module Stack.Nix
   (reexecWithOptionalShell
   ,nixCmdName
+  ,nixHelpOptName
   ) where
 
 import           Control.Applicative
@@ -117,6 +118,9 @@ inShellEnvVar = concat [map toUpper stackProgName,"_IN_NIXSHELL"]
 nixCmdName :: String
 nixCmdName = "nix"
 
+nixHelpOptName :: String
+nixHelpOptName = nixCmdName ++ "-help"
+
 type M env m =
   (MonadIO m
   ,MonadReader env m