From dc3a30cfbb8304e10cff894a30c56fe43fc895ec Mon Sep 17 00:00:00 2001 From: "Justin M. Keyes" Date: Mon, 28 Jul 2025 17:45:26 -0400 Subject: [PATCH] fix(messages): 'exrc' / secure messages --- runtime/lua/vim/secure.lua | 12 ++++-- src/nvim/lua/secure.c | 6 +-- test/functional/core/server_spec.lua | 6 +-- test/functional/core/startup_spec.lua | 4 +- test/functional/ex_cmds/trust_spec.lua | 16 ++++---- test/functional/lua/secure_spec.lua | 51 +++++++++++++------------- 6 files changed, 48 insertions(+), 47 deletions(-) diff --git a/runtime/lua/vim/secure.lua b/runtime/lua/vim/secure.lua index 6e800e2c1a..e5d567ba0c 100644 --- a/runtime/lua/vim/secure.lua +++ b/runtime/lua/vim/secure.lua @@ -121,16 +121,20 @@ function M.read(path) return contents end - local dir_msg = ' To enable it, choose (v)iew then run `:trust`.' + local msg2 = ' To enable it, choose (v)iew then run `:trust`:' local choices = '&ignore\n&view\n&deny' if hash == 'directory' then - dir_msg = ' DIRECTORY trust is decided only by its name, not its contents.' + msg2 = ' DIRECTORY trust is decided only by name, not contents:' choices = '&ignore\n&view\n&deny\n&allow' end -- File either does not exist in trust database or the hash does not match - local ok, result = - pcall(vim.fn.confirm, string.format('%s is not trusted.%s', fullpath, dir_msg), choices, 1) + local ok, result = pcall( + vim.fn.confirm, + string.format('exrc: Found untrusted code.%s\n%s', msg2, fullpath), + choices, + 1 + ) if not ok and result ~= 'Keyboard interrupt' then error(result) diff --git a/src/nvim/lua/secure.c b/src/nvim/lua/secure.c index dbcaf8fd24..2b29739ac2 100644 --- a/src/nvim/lua/secure.c +++ b/src/nvim/lua/secure.c @@ -78,11 +78,11 @@ static bool nlua_trust(const char *action, const char *path) if (msg != NULL) { if (success) { if (strcmp(action, "allow") == 0) { - smsg(0, "Allowed \"%s\" in trust database.", msg); + smsg(0, "Allowed in trust database: \"%s\"", msg); } else if (strcmp(action, "deny") == 0) { - smsg(0, "Denied \"%s\" in trust database.", msg); + smsg(0, "Denied in trust database: \"%s\"", msg); } else if (strcmp(action, "remove") == 0) { - smsg(0, "Removed \"%s\" from trust database.", msg); + smsg(0, "Removed from trust database: \"%s\"", msg); } } else { semsg(e_trustfile, msg); diff --git a/test/functional/core/server_spec.lua b/test/functional/core/server_spec.lua index e88894877b..b22d656c2a 100644 --- a/test/functional/core/server_spec.lua +++ b/test/functional/core/server_spec.lua @@ -192,10 +192,8 @@ describe('server', function() return end local peer_addr = n.new_pipename() - local client = n.new_session( - true, - { args = { '--clean', '--listen', peer_addr, '--embed' }, merge = false } - ) + local client = + n.new_session(true, { args = { '--clean', '--listen', peer_addr, '--embed' }, merge = false }) n.set_session(client) eq(peer_addr, fn.serverlist()[1]) diff --git a/test/functional/core/startup_spec.lua b/test/functional/core/startup_spec.lua index 7d03a0e7b0..75cbeea61b 100644 --- a/test/functional/core/startup_spec.lua +++ b/test/functional/core/startup_spec.lua @@ -1262,11 +1262,11 @@ describe('user config init', function() -- trust .exrc feed(':trust') - screen:expect({ any = 'Allowed ".*' .. pathsep .. '%.exrc" in trust database.' }) + screen:expect({ any = 'Allowed in trust database: ".*' .. pathsep .. '%.exrc"' }) feed(':q') -- trust .nvim.lua feed(':trust') - screen:expect({ any = 'Allowed ".*' .. pathsep .. '%.nvim%.lua" in trust database.' }) + screen:expect({ any = 'Allowed in trust database: ".*' .. pathsep .. '%.nvim%.lua"' }) feed(':q') -- no exrc file is executed feed(':echo g:exrc_count') diff --git a/test/functional/ex_cmds/trust_spec.lua b/test/functional/ex_cmds/trust_spec.lua index 76248cf530..2abac85fbd 100644 --- a/test/functional/ex_cmds/trust_spec.lua +++ b/test/functional/ex_cmds/trust_spec.lua @@ -35,15 +35,15 @@ describe(':trust', function() local hash = fn.sha256(t.read_file('test_file')) command('edit test_file') - matches('^Allowed ".*test_file" in trust database%.$', exec_capture('trust')) + matches('^Allowed in trust database%: ".*test_file"$', exec_capture('trust')) local trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') eq(string.format('%s %s', hash, cwd .. pathsep .. 'test_file'), vim.trim(trust)) - matches('^Denied ".*test_file" in trust database%.$', exec_capture('trust ++deny')) + matches('^Denied in trust database%: ".*test_file"$', exec_capture('trust ++deny')) trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust)) - matches('^Removed ".*test_file" from trust database%.$', exec_capture('trust ++remove')) + matches('^Removed from trust database%: ".*test_file"$', exec_capture('trust ++remove')) trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') eq(string.format(''), vim.trim(trust)) end) @@ -53,15 +53,15 @@ describe(':trust', function() local hash = fn.sha256(t.read_file('test_file')) command('edit test_file') - matches('^Denied ".*test_file" in trust database%.$', exec_capture('trust ++deny')) + matches('^Denied in trust database%: ".*test_file"$', exec_capture('trust ++deny')) local trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust)) - matches('^Allowed ".*test_file" in trust database%.$', exec_capture('trust')) + matches('^Allowed in trust database%: ".*test_file"$', exec_capture('trust')) trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') eq(string.format('%s %s', hash, cwd .. pathsep .. 'test_file'), vim.trim(trust)) - matches('^Removed ".*test_file" from trust database%.$', exec_capture('trust ++remove')) + matches('^Removed from trust database%: ".*test_file"$', exec_capture('trust ++remove')) trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') eq(string.format(''), vim.trim(trust)) end) @@ -69,12 +69,12 @@ describe(':trust', function() it('deny then remove a file using file path', function() local cwd = fn.getcwd() - matches('^Denied ".*test_file" in trust database%.$', exec_capture('trust ++deny test_file')) + matches('^Denied in trust database%: ".*test_file"$', exec_capture('trust ++deny test_file')) local trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust)) matches( - '^Removed ".*test_file" from trust database%.$', + '^Removed from trust database%: ".*test_file"$', exec_capture('trust ++remove test_file') ) trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') diff --git a/test/functional/lua/secure_spec.lua b/test/functional/lua/secure_spec.lua index fdf7f1e9a6..64a8dcbdc4 100644 --- a/test/functional/lua/secure_spec.lua +++ b/test/functional/lua/secure_spec.lua @@ -55,22 +55,18 @@ describe('vim.secure', function() }) local cwd = fn.getcwd() - local msg = cwd - .. pathsep - .. 'Xfile is not trusted. To enable it, choose (v)iew then run `:trust`.' - if #msg >= screen._width then - pending('path too long') - return - end + local msg = 'exrc: Found untrusted code. To enable it, choose (v)iew then run `:trust`:' + local path = ('%s%sXfile'):format(cwd, pathsep) -- Need to use feed_command instead of exec_lua because of the confirmation prompt feed_command([[lua vim.secure.read('Xfile')]]) screen:expect([[ {MATCH: +}| - {1:~{MATCH: +}}|*3 + {1:~{MATCH: +}}|*2 {2:{MATCH: +}}| :lua vim.secure.read('Xfile'){MATCH: +}| - {3:]] .. msg .. [[}{MATCH: +}| + {3:]] .. msg .. [[}{MATCH: *}| + {3:]] .. path .. [[}{MATCH: *}| {3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}| ]]) feed('d') @@ -89,10 +85,11 @@ describe('vim.secure', function() feed_command([[lua vim.secure.read('Xfile')]]) screen:expect([[ {MATCH: +}| - {1:~{MATCH: +}}|*3 + {1:~{MATCH: +}}|*2 {2:{MATCH: +}}| :lua vim.secure.read('Xfile'){MATCH: +}| - {3:]] .. msg .. [[}{MATCH: +}| + {3:]] .. msg .. [[}{MATCH: *}| + {3:]] .. path .. [[}{MATCH: *}| {3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}| ]]) feed('v') @@ -104,7 +101,7 @@ describe('vim.secure', function() {MATCH: +}| {1:~{MATCH: +}}| {4:[No Name]{MATCH: +}}| - Allowed "]] .. cwd .. pathsep .. [[Xfile" in trust database.{MATCH: +}| + Allowed in trust database: "]] .. cwd .. pathsep .. [[Xfile"{MATCH: +}| ]]) -- close the split for the next test below. feed(':q') @@ -119,10 +116,11 @@ describe('vim.secure', function() feed_command([[lua vim.secure.read('Xfile')]]) screen:expect([[ {MATCH: +}| - {1:~{MATCH: +}}|*3 + {1:~{MATCH: +}}|*2 {2:{MATCH: +}}| :lua vim.secure.read('Xfile'){MATCH: +}| - {3:]] .. msg .. [[}{MATCH: +}| + {3:]] .. msg .. [[}{MATCH: *}| + {3:]] .. path .. [[}{MATCH: *}| {3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}| ]]) feed('i') @@ -138,10 +136,11 @@ describe('vim.secure', function() feed_command([[lua vim.secure.read('Xfile')]]) screen:expect([[ {MATCH: +}| - {1:~{MATCH: +}}|*3 + {1:~{MATCH: +}}|*2 {2:{MATCH: +}}| :lua vim.secure.read('Xfile'){MATCH: +}| {3:]] .. msg .. [[}{MATCH: +}| + {3:]] .. path .. [[}{MATCH: *}| {3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}| ]]) feed('v') @@ -172,22 +171,19 @@ describe('vim.secure', function() }) local cwd = fn.getcwd() - local msg = cwd - .. pathsep - .. 'Xdir is not trusted. DIRECTORY trust is decided only by its name, not its contents.' - if #msg >= screen._width then - pending('path too long') - return - end + local msg = + 'exrc: Found untrusted code. DIRECTORY trust is decided only by name, not contents:' + local path = ('%s%sXdir'):format(cwd, pathsep) -- Need to use feed_command instead of exec_lua because of the confirmation prompt feed_command([[lua vim.secure.read('Xdir')]]) screen:expect([[ {MATCH: +}| - {1:~{MATCH: +}}|*3 + {1:~{MATCH: +}}|*2 {2:{MATCH: +}}| :lua vim.secure.read('Xdir'){MATCH: +}| {3:]] .. msg .. [[}{MATCH: +}| + {3:]] .. path .. [[}{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}| ]]) feed('d') @@ -206,10 +202,11 @@ describe('vim.secure', function() feed_command([[lua vim.secure.read('Xdir')]]) screen:expect([[ {MATCH: +}| - {1:~{MATCH: +}}|*3 + {1:~{MATCH: +}}|*2 {2:{MATCH: +}}| :lua vim.secure.read('Xdir'){MATCH: +}| {3:]] .. msg .. [[}{MATCH: +}| + {3:]] .. path .. [[}{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}| ]]) feed('a') @@ -231,10 +228,11 @@ describe('vim.secure', function() feed_command([[lua vim.secure.read('Xdir')]]) screen:expect([[ {MATCH: +}| - {1:~{MATCH: +}}|*3 + {1:~{MATCH: +}}|*2 {2:{MATCH: +}}| :lua vim.secure.read('Xdir'){MATCH: +}| {3:]] .. msg .. [[}{MATCH: +}| + {3:]] .. path .. [[}{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}| ]]) feed('i') @@ -250,10 +248,11 @@ describe('vim.secure', function() feed_command([[lua vim.secure.read('Xdir')]]) screen:expect([[ {MATCH: +}| - {1:~{MATCH: +}}|*3 + {1:~{MATCH: +}}|*2 {2:{MATCH: +}}| :lua vim.secure.read('Xdir'){MATCH: +}| {3:]] .. msg .. [[}{MATCH: +}| + {3:]] .. path .. [[}{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}| ]]) feed('v')