command-line-api icon indicating copy to clipboard operation
command-line-api copied to clipboard

Published 20 hours ago verified publisher icon dotnet

Redesign `[debug]` directive for end user opt-in

Open jonsequitur opened this issue 3 years ago • 5 comments

The [debug] directive allowed for a consistent way to attach a debugger and stop on a breakpoint in an application's startup code. We weren't satisfied with the security of the design. Ideally, this functionality should be opt-in by the end user rather than determined by the application developer.

One proposal is to have the debug check verify the presence of a different user-installed tool before pausing to attach the debugger.

jonsequitur avatar Feb 02 '22 01:02 jonsequitur

I had implemented a similar directive in CommandDotNet but found that I often wanted the debugger to run before the app was configured so I could validate the configuration, especially when running middleware. So I created this static method that can be called before configuring the application. It doesn't address the security issue but I've found it more useful.

drewburlingame avatar Feb 20 '22 23:02 drewburlingame

@jonsequitur

We weren't satisfied with the security of the design.

Could elaborate a little bit on what you mean by this exactly? :)

skrysmanski avatar Mar 26 '22 05:03 skrysmanski

As implemented, the [debug] directive presented a way to cause a tool using it to hang indefinitely while it waits for user input.

jonsequitur avatar Mar 26 '22 20:03 jonsequitur

Should the documentation of [debug] be commented out until the feature is restored?

KalleOlaviNiemitalo avatar Jun 17 '22 15:06 KalleOlaviNiemitalo

Apologies. The docs in this repo are outdated and need to be removed. The official documentation is here and doesn't mention [debug].

jonsequitur avatar Jun 17 '22 19:06 jonsequitur