kevin/neovim
1
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2024-12-20 19:25:11 -07:00
Code Issues Packages Projects Releases Wiki Activity
d1bb9bffd5
neovim/test/functional/lua/secure_spec.lua

286 lines
14 KiB
Lua
Raw Normal View History

feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
local helpers = require('test.functional.helpers')(after_each)
local Screen = require('test.functional.ui.screen')
local eq = helpers.eq
local clear = helpers.clear
local command = helpers.command
local pathsep = helpers.get_pathsep()
test: simplify platform detection (#21020) Extend the capabilities of is_os to detect more platforms such as freebsd and openbsd. Also remove `iswin()` helper function as it can be replaced by `is_os("win")`.
2022-11-21 17:13:30 -07:00
local is_os = helpers.is_os
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
local curbufmeths = helpers.curbufmeths
local exec_lua = helpers.exec_lua
local feed_command = helpers.feed_command
local feed = helpers.feed
local funcs = helpers.funcs
local pcall_err = helpers.pcall_err
refactor: rework parameter validation in vim.secure.trust() (#21223)
2022-11-28 15:40:50 -07:00
local matches = helpers.matches
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
describe('vim.secure', function()
describe('read()', function()
local xstate = 'Xstate'
setup(function()
test: simplify platform detection (#21020) Extend the capabilities of is_os to detect more platforms such as freebsd and openbsd. Also remove `iswin()` helper function as it can be replaced by `is_os("win")`.
2022-11-21 17:13:30 -07:00
helpers.mkdir_p(xstate .. pathsep .. (is_os('win') and 'nvim-data' or 'nvim'))
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
end)
teardown(function()
helpers.rmdir(xstate)
end)
before_each(function()
helpers.write_file('Xfile', [[
let g:foobar = 42
]])
clear{env={XDG_STATE_HOME=xstate}}
end)
after_each(function()
os.remove('Xfile')
helpers.rmdir(xstate)
end)
it('works', function()
local screen = Screen.new(80, 8)
screen:attach()
screen:set_default_attr_ids({
[1] = {bold = true, foreground = Screen.colors.Blue1},
[2] = {bold = true, reverse = true},
[3] = {bold = true, foreground = Screen.colors.SeaGreen},
[4] = {reverse = true},
})
test: make {MATCH:} behave less unexpectedly in screen:expect() Include the rest of the line and allow multiple {MATCH:} patterns.
2023-02-17 18:27:10 -07:00
--- XXX: screen:expect() may fail if this path is too long.
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
local cwd = funcs.getcwd()
-- Need to use feed_command instead of exec_lua because of the confirmation prompt
feed_command([[lua vim.secure.read('Xfile')]])
screen:expect{grid=[[
|
{1:~ }|
{1:~ }|
{1:~ }|
{2: }|
:lua vim.secure.read('Xfile') |
test: make {MATCH:} behave less unexpectedly in screen:expect() Include the rest of the line and allow multiple {MATCH:} patterns.
2023-02-17 18:27:10 -07:00
{3:]] .. cwd .. pathsep .. [[Xfile is not trusted.}{MATCH:%s+}|
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
{3:[i]gnore, (v)iew, (d)eny, (a)llow: }^ |
]]}
feed('d')
screen:expect{grid=[[
^ |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
|
]]}
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', cwd .. pathsep .. 'Xfile'), vim.trim(trust))
eq(helpers.NIL, exec_lua([[return vim.secure.read('Xfile')]]))
os.remove(funcs.stdpath('state') .. pathsep .. 'trust')
feed_command([[lua vim.secure.read('Xfile')]])
screen:expect{grid=[[
|
{1:~ }|
{1:~ }|
{1:~ }|
{2: }|
:lua vim.secure.read('Xfile') |
test: make {MATCH:} behave less unexpectedly in screen:expect() Include the rest of the line and allow multiple {MATCH:} patterns.
2023-02-17 18:27:10 -07:00
{3:]] .. cwd .. pathsep .. [[Xfile is not trusted.}{MATCH:%s+}|
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
{3:[i]gnore, (v)iew, (d)eny, (a)llow: }^ |
]]}
feed('a')
screen:expect{grid=[[
^ |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
|
]]}
local hash = funcs.sha256(helpers.read_file('Xfile'))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, cwd .. pathsep .. 'Xfile'), vim.trim(trust))
eq(helpers.NIL, exec_lua([[vim.secure.read('Xfile')]]))
os.remove(funcs.stdpath('state') .. pathsep .. 'trust')
feed_command([[lua vim.secure.read('Xfile')]])
screen:expect{grid=[[
|
{1:~ }|
{1:~ }|
{1:~ }|
{2: }|
:lua vim.secure.read('Xfile') |
test: make {MATCH:} behave less unexpectedly in screen:expect() Include the rest of the line and allow multiple {MATCH:} patterns.
2023-02-17 18:27:10 -07:00
{3:]] .. cwd .. pathsep .. [[Xfile is not trusted.}{MATCH:%s+}|
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
{3:[i]gnore, (v)iew, (d)eny, (a)llow: }^ |
]]}
feed('i')
screen:expect{grid=[[
^ |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
|
]]}
-- Trust database is not updated
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(nil, trust)
feed_command([[lua vim.secure.read('Xfile')]])
screen:expect{grid=[[
|
{1:~ }|
{1:~ }|
{1:~ }|
{2: }|
:lua vim.secure.read('Xfile') |
test: make {MATCH:} behave less unexpectedly in screen:expect() Include the rest of the line and allow multiple {MATCH:} patterns.
2023-02-17 18:27:10 -07:00
{3:]] .. cwd .. pathsep .. [[Xfile is not trusted.}{MATCH:%s+}|
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
{3:[i]gnore, (v)iew, (d)eny, (a)llow: }^ |
]]}
feed('v')
screen:expect{grid=[[
fix(secure): crash when hitting escape in prompt (#21283) - use pcall when calling vim.secure.read from C - catch keyboard interrupts in vim.secure.read, rethrow other errors - selecting "view" in prompt runs :view command - simplify lua stack cleanup with lua_gettop and lua_settop Co-authored-by: ii14 <ii14@users.noreply.github.com>
2022-12-05 11:59:04 -07:00
^let g:foobar = 42 |
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
{1:~ }|
{1:~ }|
test: make {MATCH:} behave less unexpectedly in screen:expect() Include the rest of the line and allow multiple {MATCH:} patterns.
2023-02-17 18:27:10 -07:00
{2:]] .. funcs.fnamemodify(cwd, ':~') .. pathsep .. [[Xfile [RO]{MATCH:%s+}}|
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
|
{1:~ }|
{4:[No Name] }|
|
]]}
-- Trust database is not updated
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(nil, trust)
-- Cannot write file
pcall_err(command, 'write')
fix(secure): crash when hitting escape in prompt (#21283) - use pcall when calling vim.secure.read from C - catch keyboard interrupts in vim.secure.read, rethrow other errors - selecting "view" in prompt runs :view command - simplify lua stack cleanup with lua_gettop and lua_settop Co-authored-by: ii14 <ii14@users.noreply.github.com>
2022-12-05 11:59:04 -07:00
eq(true, curbufmeths.get_option('readonly'))
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
end)
end)
feat(secure): add `:trust` command and vim.secure.trust() (#21107) Introduce vim.secure.trust() to programmatically manage the trust database. Use this function in a new :trust ex command which can be used as a simple frontend. Resolves: https://github.com/neovim/neovim/issues/21092 Co-authored-by: Gregory Anders <greg@gpanders.com> Co-authored-by: ii14 <ii14@users.noreply.github.com>
2022-11-28 12:23:04 -07:00
describe('trust()', function()
local xstate = 'Xstate'
setup(function()
helpers.mkdir_p(xstate .. pathsep .. (is_os('win') and 'nvim-data' or 'nvim'))
end)
teardown(function()
helpers.rmdir(xstate)
end)
before_each(function()
helpers.write_file('test_file', 'test')
end)
after_each(function()
os.remove('test_file')
end)
it('returns error when passing both path and bufnr', function()
refactor: rework parameter validation in vim.secure.trust() (#21223)
2022-11-28 15:40:50 -07:00
matches('"path" and "bufnr" are mutually exclusive',
feat(secure): add `:trust` command and vim.secure.trust() (#21107) Introduce vim.secure.trust() to programmatically manage the trust database. Use this function in a new :trust ex command which can be used as a simple frontend. Resolves: https://github.com/neovim/neovim/issues/21092 Co-authored-by: Gregory Anders <greg@gpanders.com> Co-authored-by: ii14 <ii14@users.noreply.github.com>
2022-11-28 12:23:04 -07:00
pcall_err(exec_lua, [[vim.secure.trust({action='deny', bufnr=0, path='test_file'})]]))
end)
refactor: rework parameter validation in vim.secure.trust() (#21223)
2022-11-28 15:40:50 -07:00
it('returns error when passing neither path or bufnr', function()
matches('one of "path" or "bufnr" is required',
pcall_err(exec_lua, [[vim.secure.trust({action='deny'})]]))
end)
feat(secure): add `:trust` command and vim.secure.trust() (#21107) Introduce vim.secure.trust() to programmatically manage the trust database. Use this function in a new :trust ex command which can be used as a simple frontend. Resolves: https://github.com/neovim/neovim/issues/21092 Co-authored-by: Gregory Anders <greg@gpanders.com> Co-authored-by: ii14 <ii14@users.noreply.github.com>
2022-11-28 12:23:04 -07:00
it('trust then deny then remove a file using bufnr', function()
local cwd = funcs.getcwd()
local hash = funcs.sha256(helpers.read_file('test_file'))
local full_path = cwd .. pathsep .. 'test_file'
command('edit test_file')
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', bufnr=0})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq('', vim.trim(trust))
end)
it('deny then trust then remove a file using bufnr', function()
local cwd = funcs.getcwd()
local hash = funcs.sha256(helpers.read_file('test_file'))
local full_path = cwd .. pathsep .. 'test_file'
command('edit test_file')
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', bufnr=0})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq('', vim.trim(trust))
end)
it('trust using bufnr then deny then remove a file using path', function()
local cwd = funcs.getcwd()
local hash = funcs.sha256(helpers.read_file('test_file'))
local full_path = cwd .. pathsep .. 'test_file'
command('edit test_file')
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', path='test_file'})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', path='test_file'})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq('', vim.trim(trust))
end)
it('deny then trust then remove a file using bufnr', function()
local cwd = funcs.getcwd()
local hash = funcs.sha256(helpers.read_file('test_file'))
local full_path = cwd .. pathsep .. 'test_file'
command('edit test_file')
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', path='test_file'})}]]))
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', path='test_file'})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq('', vim.trim(trust))
end)
it('trust returns error when buffer not associated to file', function()
command('new')
eq({false, 'buffer is not associated with a file'},
exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
end)
end)
feat: add vim.secure.read() This function accepts a path to a file and prompts the user if the file is trusted. If the user confirms that the file is trusted, the contents of the file are returned. The user's decision is stored in a trust database at $XDG_STATE_HOME/nvim/trust. When this function is invoked with a path that is already marked as trusted in the trust database, the user is not prompted for a response.
2022-11-05 12:37:05 -07:00
end)
Reference in New Issue Copy Permalink