mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-10 21:38:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

eval/api: don't allow the API to be called in the sandbox.

Browse Source 
Identifying and maintaining a "secure" subset of the API would be too
much busywork. So just disable the entire thing.
This commit is contained in:
Björn Linse
2019-06-26 08:11:51 +02:00
parent 10c983fabe
commit 619a86cb1e
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
test/functional/eval/api_functions_spec.lua
View File

@@ -4,7 +4,8 @@ local lfs = require('lfs')
local neq, eq, command = helpers.neq, helpers.eq, helpers.command
local clear, curbufmeths = helpers.clear, helpers.curbufmeths
local exc_exec, expect, eval = helpers.exc_exec, helpers.expect, helpers.eval
local insert = helpers.insert
local insert, meth_pcall = helpers.insert, helpers.meth_pcall
local meths = helpers.meths
describe('eval-API', function()
before_each(clear)
@@ -145,4 +146,10 @@ describe('eval-API', function()
]])
screen:detach()
end)
it('cannot be called from sandbox', function()
eq({false, 'Vim(call):E48: Not allowed in sandbox'},
meth_pcall(command, "sandbox call nvim_input('ievil')"))
eq({''}, meths.buf_get_lines(0, 0, -1, true))
end)
end)