feat(secure): add :trust command and vim.secure.trust() (#21107)

Introduce vim.secure.trust() to programmatically manage the trust database. Use this function in a new :trust ex command which can be used as a simple frontend. Resolves: https://github.com/neovim/neovim/issues/21092 Co-authored-by: Gregory Anders <greg@gpanders.com> Co-authored-by: ii14 <ii14@users.noreply.github.com>
2025-10-11 20:36:35 +00:00 · 2022-11-28 20:23:04 +01:00
parent 77a0f4a542
commit f004812b33
13 changed files with 541 additions and 29 deletions
--- a/src/nvim/ex_cmds.c
+++ b/src/nvim/ex_cmds.c
@@ -53,6 +53,7 @@
 #include "nvim/highlight_group.h"
 #include "nvim/indent.h"
 #include "nvim/input.h"
+#include "nvim/lua/executor.h"
 #include "nvim/macros.h"
 #include "nvim/main.h"
 #include "nvim/mark.h"
@@ -4960,3 +4961,29 @@ void ex_oldfiles(exarg_T *eap)
    }
  }
 }
+
+void ex_trust(exarg_T *eap)
+{
+  const char *const p = skiptowhite(eap->arg);
+  char *arg1 = xmemdupz(eap->arg, (size_t)(p - eap->arg));
+  const char *action = "allow";
+  const char *path = skipwhite(p);
+
+  if (strcmp(arg1, "++deny") == 0) {
+    action = "deny";
+  } else if (strcmp(arg1, "++remove") == 0) {
+    action = "remove";
+  } else if (*arg1 != '\0') {
+    semsg(e_invarg2, arg1);
+    goto theend;
+  }
+
+  if (path[0] == '\0') {
+    path = NULL;
+  }
+
+  nlua_trust(action, path);
+
+theend:
+  xfree(arg1);
+}
--- a/src/nvim/ex_cmds.lua
+++ b/src/nvim/ex_cmds.lua
@@ -2933,6 +2933,12 @@ module.cmds = {
    addr_type='ADDR_OTHER',
    func='ex_tag',
  },
+  {
+    command='trust',
+    flags=bit.bor(EXTRA, FILE1, TRLBAR, LOCK_OK),
+    addr_type='ADDR_NONE',
+    func='ex_trust',
+  },
  {
    command='try',
    flags=bit.bor(TRLBAR, SBOXOK, CMDWIN, LOCK_OK),
--- a/src/nvim/ex_docmd.c
+++ b/src/nvim/ex_docmd.c
@@ -1827,6 +1827,7 @@ static bool skip_cmd(const exarg_T *eap)
    case CMD_throw:
    case CMD_tilde:
    case CMD_topleft:
+    case CMD_trust:
    case CMD_unlet:
    case CMD_unlockvar:
    case CMD_verbose:
--- a/src/nvim/globals.h
+++ b/src/nvim/globals.h
@@ -1016,6 +1016,8 @@ EXTERN char e_highlight_group_name_too_long[] INIT(= N_("E1249: Highlight group
 EXTERN char e_undobang_cannot_redo_or_move_branch[]
 INIT(= N_("E5767: Cannot use :undo! to redo or move to a different undo branch"));

+EXTERN char e_trustfile[] INIT(= N_("E5570: Cannot update trust file: %s"));
+
 EXTERN char top_bot_msg[] INIT(= N_("search hit TOP, continuing at BOTTOM"));
 EXTERN char bot_top_msg[] INIT(= N_("search hit BOTTOM, continuing at TOP"));

--- a/src/nvim/lua/executor.c
+++ b/src/nvim/lua/executor.c
@@ -2217,3 +2217,51 @@ char *nlua_read_secure(const char *path)

  return buf;
 }
+
+bool nlua_trust(const char *action, const char *path)
+{
+  lua_State *const lstate = global_lstate;
+  lua_getglobal(lstate, "vim");
+  lua_getfield(lstate, -1, "secure");
+  lua_getfield(lstate, -1, "trust");
+
+  lua_newtable(lstate);
+  lua_pushstring(lstate, "action");
+  lua_pushstring(lstate, action);
+  lua_settable(lstate, -3);
+  if (path == NULL) {
+    lua_pushstring(lstate, "bufnr");
+    lua_pushnumber(lstate, 0);
+    lua_settable(lstate, -3);
+  } else {
+    lua_pushstring(lstate, "path");
+    lua_pushstring(lstate, path);
+    lua_settable(lstate, -3);
+  }
+
+  if (nlua_pcall(lstate, 1, 2)) {
+    nlua_error(lstate, _("Error executing vim.secure.trust: %.*s"));
+    return false;
+  }
+
+  bool success = lua_toboolean(lstate, -2);
+  const char *msg = lua_tostring(lstate, -1);
+  if (msg != NULL) {
+    if (success) {
+      if (strcmp(action, "allow") == 0) {
+        smsg("Allowed \"%s\" in trust database.", msg);
+      } else if (strcmp(action, "deny") == 0) {
+        smsg("Denied \"%s\" in trust database.", msg);
+      } else if (strcmp(action, "remove") == 0) {
+        smsg("Removed \"%s\" from trust database.", msg);
+      }
+    } else {
+      semsg(e_trustfile, msg);
+    }
+  }
+
+  // Pop return values, "vim" and "secure"
+  lua_pop(lstate, 4);
+
+  return success;
+}