v icon indicating copy to clipboard operation
v copied to clipboard
verified publisher icon vlang

on windows, os.execute() disallow some char in cmd

Open kbkpbot opened this issue 1 month ago • 4 comments

Describe the bug

on windows, os.execute() disallow some char in cmd

It will report :

';, &&, || and \n are not allowed in shell commands'

Reproduction Steps

echo.v

module main
import os

fn main() {
	cmd := 'echo "hello;"'
	result := os.execute(cmd)
	dump(result)
}

Expected Behavior

output:

D:\v\bug\vls>.\echo.exe
[echo.v:7] result: os.Result{
    exit_code: 0
    output: '"hello;"
'
}

Current Behavior

output

D:\v\bug\vls>.\echo.exe
[echo.v:7] result: os.Result{
    exit_code: -1
    output: ';, &&, || and \n are not allowed in shell commands'
}

Possible Solution

fix following code, and allow user pass some char in the string

https://github.com/vlang/v/blob/bc333ab16016e72ee835d92e0e4d9b8c67693d98/vlib/os/os_windows.c.v#L300-L308

Additional Information/Context

No response

V version

V 0.4.12 c510779fa0d10ffe97698ed4e4a9f46c80ae60ea.7315954

Environment details (OS name and version, etc.)

V full version V 0.4.12 c510779fa0d10ffe97698ed4e4a9f46c80ae60ea.7315954
OS windows, Microsoft Windows 10 浼佷笟鐗?LTSC 19044 64 浣?
Processor 16 cpus, 64bit, little endian, AMD Ryzen 7 7840H with Radeon 780M Graphics
Memory 4.29GB/27.69GB
V executable D:\v\v\v\v.exe
V last modified time 2025-11-17 04:32:40
V home dir OK, value: D:\v\v\v
VMODULES OK, value: C:\Users\DDT.vmodules
VTMP OK, value: C:\Users\DDT\AppData\Local\Temp\v_0
Current working dir OK, value: D:\v\bug\vls
Git version git version 2.43.0.windows.1
V git status weekly.2025.30-617-g73159541-dirty
.git/config present true
cc version N/A
gcc version gcc (GCC) 15.2.0
clang version N/A
msvc version 用于 x64 的 Microsoft (R) C/C++ 优化编译器 19.44.35211 版
tcc version tcc version 0.9.28rc 2025-04-19_mob@36ff4f52* (x86_64 Windows)
tcc git status N/A
emcc version N/A
glibc version N/A

[!NOTE] You can use the 👍 reaction to increase the issue's priority for developers.

Please note that only the 👍 reaction to the issue itself counts as a vote. Other reactions and those to comments will not be taken into account.

kbkpbot avatar Nov 17 '25 05:11 kbkpbot

Why can't unsafe { os.raw_execute(cmd) } be used instead?

Delta456 avatar Nov 17 '25 06:11 Delta456

Why can't unsafe { os.raw_execute(cmd) } be used instead?

Yes, one can use unsafe { os.raw_execute(cmd) } , but it is dangerous.

kbkpbot avatar Nov 17 '25 10:11 kbkpbot

I don't think we can allow exclusion for specific characters like ;

Delta456 avatar Nov 17 '25 12:11 Delta456

I mean, perform a more precise check to avoid false positives. For example, these chars within quoted strings should be allowed.

echo "hello ; &&"

kbkpbot avatar Nov 17 '25 13:11 kbkpbot