age icon indicating copy to clipboard operation
age copied to clipboard
verified publisher icon FiloSottile

Allow to use a file named - as INPUT

Open meineerde opened this issue 2 years ago • 10 comments

Environment

  • OS: macos
  • age version: v1.1.1

What were you trying to do

In trying to encrypt the contents of a file named -. I'm giving this filename as INPUT in

age --encrypt -i example.key -

What happened

age waits indefinitely for something to appear on STDIN instead of reading the file. Aparently, age considers the filename

Suggestions

It would probably be a good idea to honor the -- argument before the final (optional) INPUT argument. Anything given after -- would then be considered a filename. An input file named - could then be specified as

age --encrypt -i example.key -- -

With this schema, we could clearly distinguish the - filename from the current behavior of always forcing a read from STDIN.

Alternatively, you could also specify a flag parameter to indicate that the following argument is a file and deny the specification of a final INPUT argument if this is given, e.g.

age --encrypt -i example.key --input-file -

meineerde avatar Feb 01 '23 22:02 meineerde

You can probably use ./-.

magical avatar Feb 02 '23 00:02 magical

That works indeed. Thanks for the hint!

However, the initial ambiguity described here still makes it rather difficult to script age in a way that I (or rather the user of my script) can throw any valid filename at it with me being sure that it will be indeed interpreted as a file.

Now I have to manually check whether the INPUT argument is - and replace it with ./-

Also, the same basic issue also applies to the --recipients-file option too.

meineerde avatar Feb 02 '23 12:02 meineerde

You can do realpath -- - to get the absolute path of the file on the VFS tree, so that the leading characters must be /. Ambiguity removed.

neruthes avatar Feb 16 '23 04:02 neruthes

For additional context, originally (during early development) age did treat - as a filename. This behaviour was changed in response to a user request for age to follow the general Linux CLI app convention of interpreting - in filename positions as a marker for stdin or stdout: https://github.com/FiloSottile/age/issues/143.

str4d avatar Feb 16 '23 05:02 str4d

I don't think you can have your cake and eat it too. Making - be an alias for STDIN/STDOUT as is convention in many *nix tools precludes it working as an actual filename without escaping. This isn't just an issue with age, and the usual workarounds apply. I think the current behavior is expected and would not want to see it change.

This is even potentially a security issue. Given that - is supposed to be STDIN, if the logic were to change and a local file were to be preferred over the stream, potentially a script using age could be tricked into using a different input than what the script author intended.

alerque avatar Feb 16 '23 05:02 alerque

Many other tools which accept filenames, accept those only at the end of the argument list. Then, they allow to add a separate -- argument to mark everything following it to be an actual real filename. This can be used to e.g. delete a file named -f with rm -- -f.

Because of this convention, I proposed that age may understand this -- separator to mark everything that follows as a filename rather than any further options. This would then neatly solve the issue with other potential input filenames, such as --armor --passphrase or others.

Interestingly, age currently seems to accept the -- separator there currently, but chooses to ignore it.

As for using the "inline marker" - in places where paths are generally expected (such as with --recipient-file or --identity), this seems like a general anti-pattern to me since it makes it harder to predictably use age with arbitrary filenames (and avoid it hanging waiting for input that may never arrive). I would have rather loved for these options to have separate names (such as --read-recipients, --read-identity, ...), but I guess that ship has sailed...

meineerde avatar Feb 16 '23 09:02 meineerde

@meineerde Even if -- was recognized, - would still be handled as STDIN because #143.

dolmen avatar Mar 06 '24 14:03 dolmen

My understanding of the -- separator is slightly different, it separates flags from arguments, not filenames, so I would actually expect foo -- - to be equivalent to foo - because - is parsed as an argument in both cases.

Are there tools where -- actually changes the semantics of arguments?

FiloSottile avatar Jun 16 '24 09:06 FiloSottile

It separates flags and arguments from positional arguments. Whether the positional arguments are filenames or not is immaterial, the point is after that you stop parsing for flags and named arguments. In this case the - is not either thing and the meaning would still not change. To avoid the STDIN alias and refer to a file you would still need some escaping or path segment workaround.

alerque avatar Jun 16 '24 10:06 alerque

Your understanding is consistent with @meineerde 's observation:

This can be used to e.g. delete a file named -f with rm -- -f.

That is, the reason -- enables rm to treat -f as a filename is not because -- tells rm to do so, but because -- tells rm to not treat -f as a flag (or flag argument), and the first positional argument to rm happens to be a filename. I expect that the first positional argument to many CLI tools also happens to be a filename, leading to the confusion.

str4d avatar Jun 16 '24 10:06 str4d