mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-06 03:18:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(messages): 'exrc' / secure messages

Browse Source
This commit is contained in:
Justin M. Keyes
2025-07-28 17:45:26 -04:00
parent c81dc320b0
commit dc3a30cfbb
6 changed files with 48 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
runtime/lua/vim/secure.lua
View File

@@ -121,16 +121,20 @@ function M.read(path)
return contents return contents
end end
local dir_msg = ' To enable it, choose (v)iew then run `:trust`.' local msg2 = ' To enable it, choose (v)iew then run `:trust`:'
local choices = '&ignore\n&view\n&deny' local choices = '&ignore\n&view\n&deny'
if hash == 'directory' then if hash == 'directory' then
dir_msg = ' DIRECTORY trust is decided only by its name, not its contents.' msg2 = ' DIRECTORY trust is decided only by name, not contents:'
choices = '&ignore\n&view\n&deny\n&allow' choices = '&ignore\n&view\n&deny\n&allow'
end end
-- File either does not exist in trust database or the hash does not match -- File either does not exist in trust database or the hash does not match
local ok, result = local ok, result = pcall(
pcall(vim.fn.confirm, string.format('%s is not trusted.%s', fullpath, dir_msg), choices, 1) vim.fn.confirm,
string.format('exrc: Found untrusted code.%s\n%s', msg2, fullpath),
choices,
1
)
if not ok and result ~= 'Keyboard interrupt' then if not ok and result ~= 'Keyboard interrupt' then
error(result) error(result)

6
src/nvim/lua/secure.c
View File

@@ -78,11 +78,11 @@ static bool nlua_trust(const char *action, const char *path)
if (msg != NULL) { if (msg != NULL) {
if (success) { if (success) {
if (strcmp(action, "allow") == 0) { if (strcmp(action, "allow") == 0) {
smsg(0, "Allowed \"%s\" in trust database.", msg); smsg(0, "Allowed in trust database: \"%s\"", msg);
} else if (strcmp(action, "deny") == 0) { } else if (strcmp(action, "deny") == 0) {
smsg(0, "Denied \"%s\" in trust database.", msg); smsg(0, "Denied in trust database: \"%s\"", msg);
} else if (strcmp(action, "remove") == 0) { } else if (strcmp(action, "remove") == 0) {
smsg(0, "Removed \"%s\" from trust database.", msg); smsg(0, "Removed from trust database: \"%s\"", msg);
} }
} else { } else {
semsg(e_trustfile, msg); semsg(e_trustfile, msg);

6
test/functional/core/server_spec.lua
View File

@@ -192,10 +192,8 @@ describe('server', function()
return return
end end
local peer_addr = n.new_pipename() local peer_addr = n.new_pipename()
local client = n.new_session( local client =
true, n.new_session(true, { args = { '--clean', '--listen', peer_addr, '--embed' }, merge = false })
{ args = { '--clean', '--listen', peer_addr, '--embed' }, merge = false }
)
n.set_session(client) n.set_session(client)
eq(peer_addr, fn.serverlist()[1]) eq(peer_addr, fn.serverlist()[1])

4
test/functional/core/startup_spec.lua
View File

@@ -1262,11 +1262,11 @@ describe('user config init', function()
-- trust .exrc -- trust .exrc
feed(':trust<CR>') feed(':trust<CR>')
screen:expect({ any = 'Allowed ".*' .. pathsep .. '%.exrc" in trust database.' }) screen:expect({ any = 'Allowed in trust database: ".*' .. pathsep .. '%.exrc"' })
feed(':q<CR>') feed(':q<CR>')
-- trust .nvim.lua -- trust .nvim.lua
feed(':trust<CR>') feed(':trust<CR>')
screen:expect({ any = 'Allowed ".*' .. pathsep .. '%.nvim%.lua" in trust database.' }) screen:expect({ any = 'Allowed in trust database: ".*' .. pathsep .. '%.nvim%.lua"' })
feed(':q<CR>') feed(':q<CR>')
-- no exrc file is executed -- no exrc file is executed
feed(':echo g:exrc_count<CR>') feed(':echo g:exrc_count<CR>')

16
test/functional/ex_cmds/trust_spec.lua
View File

@@ -35,15 +35,15 @@ describe(':trust', function()
local hash = fn.sha256(t.read_file('test_file')) local hash = fn.sha256(t.read_file('test_file'))
command('edit test_file') command('edit test_file')
matches('^Allowed ".*test_file" in trust database%.$', exec_capture('trust')) matches('^Allowed in trust database%: ".*test_file"$', exec_capture('trust'))
local trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') local trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, cwd .. pathsep .. 'test_file'), vim.trim(trust)) eq(string.format('%s %s', hash, cwd .. pathsep .. 'test_file'), vim.trim(trust))
matches('^Denied ".*test_file" in trust database%.$', exec_capture('trust ++deny')) matches('^Denied in trust database%: ".*test_file"$', exec_capture('trust ++deny'))
trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust)) eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust))
matches('^Removed ".*test_file" from trust database%.$', exec_capture('trust ++remove')) matches('^Removed from trust database%: ".*test_file"$', exec_capture('trust ++remove'))
trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust')
eq(string.format(''), vim.trim(trust)) eq(string.format(''), vim.trim(trust))
end) end)
@@ -53,15 +53,15 @@ describe(':trust', function()
local hash = fn.sha256(t.read_file('test_file')) local hash = fn.sha256(t.read_file('test_file'))
command('edit test_file') command('edit test_file')
matches('^Denied ".*test_file" in trust database%.$', exec_capture('trust ++deny')) matches('^Denied in trust database%: ".*test_file"$', exec_capture('trust ++deny'))
local trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') local trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust)) eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust))
matches('^Allowed ".*test_file" in trust database%.$', exec_capture('trust')) matches('^Allowed in trust database%: ".*test_file"$', exec_capture('trust'))
trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, cwd .. pathsep .. 'test_file'), vim.trim(trust)) eq(string.format('%s %s', hash, cwd .. pathsep .. 'test_file'), vim.trim(trust))
matches('^Removed ".*test_file" from trust database%.$', exec_capture('trust ++remove')) matches('^Removed from trust database%: ".*test_file"$', exec_capture('trust ++remove'))
trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust')
eq(string.format(''), vim.trim(trust)) eq(string.format(''), vim.trim(trust))
end) end)
@@ -69,12 +69,12 @@ describe(':trust', function()
it('deny then remove a file using file path', function() it('deny then remove a file using file path', function()
local cwd = fn.getcwd() local cwd = fn.getcwd()
matches('^Denied ".*test_file" in trust database%.$', exec_capture('trust ++deny test_file')) matches('^Denied in trust database%: ".*test_file"$', exec_capture('trust ++deny test_file'))
local trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') local trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust)) eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust))
matches( matches(
'^Removed ".*test_file" from trust database%.$', '^Removed from trust database%: ".*test_file"$',
exec_capture('trust ++remove test_file') exec_capture('trust ++remove test_file')
) )
trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust') trust = t.read_file(fn.stdpath('state') .. pathsep .. 'trust')

51
test/functional/lua/secure_spec.lua
View File

@@ -55,22 +55,18 @@ describe('vim.secure', function()
}) })
local cwd = fn.getcwd() local cwd = fn.getcwd()
local msg = cwd local msg = 'exrc: Found untrusted code. To enable it, choose (v)iew then run `:trust`:'
.. pathsep local path = ('%s%sXfile'):format(cwd, pathsep)
.. 'Xfile is not trusted. To enable it, choose (v)iew then run `:trust`.'
if #msg >= screen._width then
pending('path too long')
return
end
-- Need to use feed_command instead of exec_lua because of the confirmation prompt -- Need to use feed_command instead of exec_lua because of the confirmation prompt
feed_command([[lua vim.secure.read('Xfile')]]) feed_command([[lua vim.secure.read('Xfile')]])
screen:expect([[ screen:expect([[
{MATCH: +}| {MATCH: +}|
{1:~{MATCH: +}}|*3 {1:~{MATCH: +}}|*2
{2:{MATCH: +}}| {2:{MATCH: +}}|
:lua vim.secure.read('Xfile'){MATCH: +}| :lua vim.secure.read('Xfile'){MATCH: +}|
{3:]] .. msg .. [[}{MATCH: +}| {3:]] .. msg .. [[}{MATCH: *}|
{3:]] .. path .. [[}{MATCH: *}|
{3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}|
]]) ]])
feed('d') feed('d')
@@ -89,10 +85,11 @@ describe('vim.secure', function()
feed_command([[lua vim.secure.read('Xfile')]]) feed_command([[lua vim.secure.read('Xfile')]])
screen:expect([[ screen:expect([[
{MATCH: +}| {MATCH: +}|
{1:~{MATCH: +}}|*3 {1:~{MATCH: +}}|*2
{2:{MATCH: +}}| {2:{MATCH: +}}|
:lua vim.secure.read('Xfile'){MATCH: +}| :lua vim.secure.read('Xfile'){MATCH: +}|
{3:]] .. msg .. [[}{MATCH: +}| {3:]] .. msg .. [[}{MATCH: *}|
{3:]] .. path .. [[}{MATCH: *}|
{3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}|
]]) ]])
feed('v') feed('v')
@@ -104,7 +101,7 @@ describe('vim.secure', function()
{MATCH: +}| {MATCH: +}|
{1:~{MATCH: +}}| {1:~{MATCH: +}}|
{4:[No Name]{MATCH: +}}| {4:[No Name]{MATCH: +}}|
Allowed "]] .. cwd .. pathsep .. [[Xfile" in trust database.{MATCH: +}| Allowed in trust database: "]] .. cwd .. pathsep .. [[Xfile"{MATCH: +}|
]]) ]])
-- close the split for the next test below. -- close the split for the next test below.
feed(':q<CR>') feed(':q<CR>')
@@ -119,10 +116,11 @@ describe('vim.secure', function()
feed_command([[lua vim.secure.read('Xfile')]]) feed_command([[lua vim.secure.read('Xfile')]])
screen:expect([[ screen:expect([[
{MATCH: +}| {MATCH: +}|
{1:~{MATCH: +}}|*3 {1:~{MATCH: +}}|*2
{2:{MATCH: +}}| {2:{MATCH: +}}|
:lua vim.secure.read('Xfile'){MATCH: +}| :lua vim.secure.read('Xfile'){MATCH: +}|
{3:]] .. msg .. [[}{MATCH: +}| {3:]] .. msg .. [[}{MATCH: *}|
{3:]] .. path .. [[}{MATCH: *}|
{3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}|
]]) ]])
feed('i') feed('i')
@@ -138,10 +136,11 @@ describe('vim.secure', function()
feed_command([[lua vim.secure.read('Xfile')]]) feed_command([[lua vim.secure.read('Xfile')]])
screen:expect([[ screen:expect([[
{MATCH: +}| {MATCH: +}|
{1:~{MATCH: +}}|*3 {1:~{MATCH: +}}|*2
{2:{MATCH: +}}| {2:{MATCH: +}}|
:lua vim.secure.read('Xfile'){MATCH: +}| :lua vim.secure.read('Xfile'){MATCH: +}|
{3:]] .. msg .. [[}{MATCH: +}| {3:]] .. msg .. [[}{MATCH: +}|
{3:]] .. path .. [[}{MATCH: *}|
{3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny: }^{MATCH: +}|
]]) ]])
feed('v') feed('v')
@@ -172,22 +171,19 @@ describe('vim.secure', function()
}) })
local cwd = fn.getcwd() local cwd = fn.getcwd()
local msg = cwd local msg =
.. pathsep 'exrc: Found untrusted code. DIRECTORY trust is decided only by name, not contents:'
.. 'Xdir is not trusted. DIRECTORY trust is decided only by its name, not its contents.' local path = ('%s%sXdir'):format(cwd, pathsep)
if #msg >= screen._width then
pending('path too long')
return
end
-- Need to use feed_command instead of exec_lua because of the confirmation prompt -- Need to use feed_command instead of exec_lua because of the confirmation prompt
feed_command([[lua vim.secure.read('Xdir')]]) feed_command([[lua vim.secure.read('Xdir')]])
screen:expect([[ screen:expect([[
{MATCH: +}| {MATCH: +}|
{1:~{MATCH: +}}|*3 {1:~{MATCH: +}}|*2
{2:{MATCH: +}}| {2:{MATCH: +}}|
:lua vim.secure.read('Xdir'){MATCH: +}| :lua vim.secure.read('Xdir'){MATCH: +}|
{3:]] .. msg .. [[}{MATCH: +}| {3:]] .. msg .. [[}{MATCH: +}|
{3:]] .. path .. [[}{MATCH: +}|
{3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
]]) ]])
feed('d') feed('d')
@@ -206,10 +202,11 @@ describe('vim.secure', function()
feed_command([[lua vim.secure.read('Xdir')]]) feed_command([[lua vim.secure.read('Xdir')]])
screen:expect([[ screen:expect([[
{MATCH: +}| {MATCH: +}|
{1:~{MATCH: +}}|*3 {1:~{MATCH: +}}|*2
{2:{MATCH: +}}| {2:{MATCH: +}}|
:lua vim.secure.read('Xdir'){MATCH: +}| :lua vim.secure.read('Xdir'){MATCH: +}|
{3:]] .. msg .. [[}{MATCH: +}| {3:]] .. msg .. [[}{MATCH: +}|
{3:]] .. path .. [[}{MATCH: +}|
{3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
]]) ]])
feed('a') feed('a')
@@ -231,10 +228,11 @@ describe('vim.secure', function()
feed_command([[lua vim.secure.read('Xdir')]]) feed_command([[lua vim.secure.read('Xdir')]])
screen:expect([[ screen:expect([[
{MATCH: +}| {MATCH: +}|
{1:~{MATCH: +}}|*3 {1:~{MATCH: +}}|*2
{2:{MATCH: +}}| {2:{MATCH: +}}|
:lua vim.secure.read('Xdir'){MATCH: +}| :lua vim.secure.read('Xdir'){MATCH: +}|
{3:]] .. msg .. [[}{MATCH: +}| {3:]] .. msg .. [[}{MATCH: +}|
{3:]] .. path .. [[}{MATCH: +}|
{3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
]]) ]])
feed('i') feed('i')
@@ -250,10 +248,11 @@ describe('vim.secure', function()
feed_command([[lua vim.secure.read('Xdir')]]) feed_command([[lua vim.secure.read('Xdir')]])
screen:expect([[ screen:expect([[
{MATCH: +}| {MATCH: +}|
{1:~{MATCH: +}}|*3 {1:~{MATCH: +}}|*2
{2:{MATCH: +}}| {2:{MATCH: +}}|
:lua vim.secure.read('Xdir'){MATCH: +}| :lua vim.secure.read('Xdir'){MATCH: +}|
{3:]] .. msg .. [[}{MATCH: +}| {3:]] .. msg .. [[}{MATCH: +}|
{3:]] .. path .. [[}{MATCH: +}|
{3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}| {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
]]) ]])
feed('v') feed('v')