Open jonsequitur opened 2 years ago
drewburlingame
commented
2 years ago I had implemented a similar directive in CommandDotNet but found that I often wanted the debugger to run before the app was configured so I could validate the configuration, especially when running middleware. So I created this static method that can be called before configuring the application. It doesn't address the security issue but I've found it more useful.
skrysmanski
commented
2 years ago @jonsequitur
We weren't satisfied with the security of the design.
Could elaborate a little bit on what you mean by this exactly? :)
jonsequitur
commented
2 years ago As implemented, the [debug] directive presented a way to cause a tool using it to hang indefinitely while it waits for user input.
KalleOlaviNiemitalo
commented
2 years ago Should the documentation of [debug] be commented out until the feature is restored?
jonsequitur
commented
2 years ago Apologies. The docs in this repo are outdated and need to be removed. The official documentation is here and doesn't mention [debug].
The
[debug]directive allowed for a consistent way to attach a debugger and stop on a breakpoint in an application's startup code. We weren't satisfied with the security of the design. Ideally, this functionality should be opt-in by the end user rather than determined by the application developer.One proposal is to have the debug check verify the presence of a different user-installed tool before pausing to attach the debugger.