From 7ccc8f1dc8f77a20a472a48c514599c1725ba08d Mon Sep 17 00:00:00 2001
From: Jan Dubois <jan.dubois@suse.com>
Date: Mon, 24 Nov 2025 21:58:05 -0800
Subject: [PATCH] Disable env access and file load operations in yqlib

Signed-off-by: Jan Dubois <jan.dubois@suse.com>
---
 hack/bats/tests/list.bats | 10 ++++++++++
 pkg/yqutil/yqutil.go      |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/hack/bats/tests/list.bats b/hack/bats/tests/list.bats
index 95ff1aafaf1..99210095c56 100644
--- a/hack/bats/tests/list.bats
+++ b/hack/bats/tests/list.bats
@@ -264,3 +264,13 @@ local_setup() {
     run -0 limactl ls --quiet --yq 'select(.name == "foo")'
     assert_output "foo"
 }
+
+@test '--yq cannot access environment variables' {
+    run_e -1 limactl ls --yq 'env(HOME)'
+    assert_fatal "env operations have been disabled"
+}
+
+@test '--yq cannot load files' {
+    run_e -1 limactl ls --yq "load(\"${BASH_SOURCE[0]}\")"
+    assert_fatal "file operations have been disabled"
+}
diff --git a/pkg/yqutil/yqutil.go b/pkg/yqutil/yqutil.go
index bfd4a6c7238..8b27238fe3d 100644
--- a/pkg/yqutil/yqutil.go
+++ b/pkg/yqutil/yqutil.go
@@ -50,6 +50,10 @@ func EvaluateExpressionWithEncoder(expression, content string, encoder yqlib.Enc
 	logging.SetBackend(backend)
 	yqlib.InitExpressionParser()
 
+	// Disable access to environment variables and file loading functions
+	yqlib.ConfiguredSecurityPreferences.DisableEnvOps = true
+	yqlib.ConfiguredSecurityPreferences.DisableFileOps = true
+
 	decoder := yqlib.NewYamlDecoder(yqlib.ConfiguredYamlPreferences)
 	out, err := yqlib.NewStringEvaluator().EvaluateAll(expression, content, encoder, decoder)
 	if err != nil {