> This seems to allow executing arbitrary code from the Makefile during > completion, which I think is a bad idea. > > Users will generally expect that running `make` will run arbitrary > commands from the Makefile, so should examine untrusted ones before > doing that; I think it's less likely that they'll expect attempting > completion to be dangerous. I apologize for didn't notice this problem. I agree this is a really bad idea for the completion script, and I completely forgot any problem it may cause. > Furthermore, are there cases where these completions will really be > useful? I suspect that most targets declared like that are mainly > intended to be dependencies of other targets, and unlikely to be asked > for directly. Perhaps a better way to handle them would be to just > exclude them from the completion results, since the unexpanded version > certainly isn't useful (except as information). I wrote this when trying to let make run certain unit test individually, like `make test_a`, and all these test name generated from a long shell command, and completion would dump this long command to the terminal. May I suggest not executing them - but skip them so at least the var behind them can be expanded, like: ``` A := a_target B := $(shell some lone command) $A $(B): ``` Then `$A` can be parsed, instead let the whole line fall into error handling. Further more, I think changing using `read -r` instead of `read` is also better? I have a `echo "\a"` notification when some target is done, now it pops every time when I hit the TAB.
Attachment:
signature.asc
Description: This is a digitally signed message part.