Re: [DISCUSSION] The meaning of :cmdline header argument across babel backends

[Ihor Radchenko]

Max Nikulin <manikulin@gmail.com> writes:

> It is documented as
> " :cmdline <arg_1> ... [arg_n]
>
> Use the :cmdline header arg to pass arguments to a shell command."
>
> However current implementation allows code injection through args, 
> including a trivial one
>
> #+header-arg: :results verbatim
> #+begin_src sh :cmdline 1 ; touch /tmp/not-an-arg
>    printf '%s\n' "$@"
> #+end_src
>
> #+RESULTS:
> : 1
>
> "touch ..." *are not arguments of the script*. So users should be 
> careful to get documented behavior.

I do not see any way to address this concern without introducing feature
regression. So, let's keep things as they are and maybe document that
:cmdline ... is passed verbatim as shell command.

>> What might be done is introducing _two_ different header arguments - one
>> for interpreter switches, and another for script/program switches.
>> 
>> Say, :interpreter-cmdline and :script-cmdline.
>> Then, we can call the current :cmdline behaviour "dwim" and allow users
>> to be more explicit if necessary.
>
> It is too easy to confuse org-babel, so "dwim" works in simple cases 
> only. Independent header arguments make things more clear, I would 
> prefer :script-args. The question is whether they should be interpreted 
> by shell (flexibility and shooting feet) or more strict syntax `("hello 
> world" 1 a) should be used.

I like :script-args.
The counterpart should then be :interpreter-args?

The point of "dwim" is mostly to keep backwards-compatibility. We may
discourage :cmdline for non-trivial cases.

More strict syntax with '(<arga> <argb> <argc> ...) is possible for the
new header arguments, not for the old :cmdline where the existing
backends may not be able to understand the list format.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>