Hi!
I wanted to write a logstash plugin but I quickly found out that I can’t seem to execute external commands. I played around with invokeExternalCommand which just opened the Ctrl+Shift+1 run menu. All output goes to the little toast which isn’t what I wanted.
While I was digging around with that, I noticed that at some point someone had created a commands-allowlist
and there is a commands-blocklist
in the code (shell.cjs). I can’t seem to add any new commands to the allow list. I also can’t seem to add anything to the blocklist. I tried :shell/commands-allowlist []
and commands-blocklist ["grep"]
but nothing seemed to take effect.
I did see some talk about security in another post and/or github issue but the current system is not all that great… it seems to not stop semicolons or pipes so you can do pretty much whatever you want except you can’t block all commands from being run.
Can the blocklist and allowlist be added back to the configuration?
Can invokeExternalCommand be updated to pass the input back to the caller?
I would like to be able to do something like this:
logseq.App.invokeExternalCommand('logseq.command/run-shell', 'ls')
Being able to read the input within the plugin would be great. A pty (node-pty?) would be even better!