mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-24 20:18:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(secure): add :trust command and vim.secure.trust() (#21107)

Browse Source 
Introduce vim.secure.trust() to programmatically manage the trust
database. Use this function in a new :trust ex command which can
be used as a simple frontend.

Resolves: https://github.com/neovim/neovim/issues/21092
Co-authored-by: Gregory Anders <greg@gpanders.com>
Co-authored-by: ii14 <ii14@users.noreply.github.com>
This commit is contained in:
Jlll1
2022-11-28 20:23:04 +01:00
committed by GitHub
parent 77a0f4a542
commit f004812b33
13 changed files with 541 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
test/functional/ex_cmds/trust_spec.lua Normal file
View File

@@ -0,0 +1,176 @@
local helpers = require('test.functional.helpers')(after_each)
local Screen = require('test.functional.ui.screen')
local eq = helpers.eq
local clear = helpers.clear
local command = helpers.command
local pathsep = helpers.get_pathsep()
local is_os = helpers.is_os
local funcs = helpers.funcs
describe(':trust', function()
local xstate = 'Xstate'
setup(function()
helpers.mkdir_p(xstate .. pathsep .. (is_os('win') and 'nvim-data' or 'nvim'))
end)
teardown(function()
helpers.rmdir(xstate)
end)
before_each(function()
helpers.write_file('test_file', 'test')
clear{env={XDG_STATE_HOME=xstate}}
end)
after_each(function()
os.remove('test_file')
end)
it('trust then deny then remove a file using current buffer', function()
local screen = Screen.new(80, 8)
screen:attach()
screen:set_default_attr_ids({
[1] = {bold = true, foreground = Screen.colors.Blue1},
})
local cwd = funcs.getcwd()
local hash = funcs.sha256(helpers.read_file('test_file'))
command('edit test_file')
command('trust')
screen:expect([[
^test |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
"]] .. cwd .. pathsep .. [[test_file" trusted.{MATCH:%s+}|
]])
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, cwd .. pathsep .. 'test_file'), vim.trim(trust))
command('trust ++deny')
screen:expect([[
^test |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
"]] .. cwd .. pathsep .. [[test_file" denied.{MATCH:%s+}|
]])
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust))
command('trust ++remove')
screen:expect([[
^test |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
"]] .. cwd .. pathsep .. [[test_file" removed.{MATCH:%s+}|
]])
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format(''), vim.trim(trust))
end)
it('deny then trust then remove a file using current buffer', function()
local screen = Screen.new(80, 8)
screen:attach()
screen:set_default_attr_ids({
[1] = {bold = true, foreground = Screen.colors.Blue1},
})
local cwd = funcs.getcwd()
local hash = funcs.sha256(helpers.read_file('test_file'))
command('edit test_file')
command('trust ++deny')
screen:expect([[
^test |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
"]] .. cwd .. pathsep .. [[test_file" denied.{MATCH:%s+}|
]])
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust))
command('trust')
screen:expect([[
^test |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
"]] .. cwd .. pathsep .. [[test_file" trusted.{MATCH:%s+}|
]])
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, cwd .. pathsep .. 'test_file'), vim.trim(trust))
command('trust ++remove')
screen:expect([[
^test |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
"]] .. cwd .. pathsep .. [[test_file" removed.{MATCH:%s+}|
]])
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format(''), vim.trim(trust))
end)
it('deny then remove a file using file path', function()
local screen = Screen.new(80, 8)
screen:attach()
screen:set_default_attr_ids({
[1] = {bold = true, foreground = Screen.colors.Blue1},
})
local cwd = funcs.getcwd()
command('trust ++deny test_file')
screen:expect([[
^ |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
"]] .. cwd .. pathsep .. [[test_file" denied.{MATCH:%s+}|
]])
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', cwd .. pathsep .. 'test_file'), vim.trim(trust))
command('trust ++remove test_file')
screen:expect([[
^ |
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
{1:~ }|
"]] .. cwd .. pathsep .. [[test_file" removed.{MATCH:%s+}|
]])
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format(''), vim.trim(trust))
end)
end)

107
test/functional/lua/secure_spec.lua
View File

@@ -168,4 +168,111 @@ describe('vim.secure', function()
eq(false, curbufmeths.get_option('modifiable'))
end)
end)
describe('trust()', function()
local xstate = 'Xstate'
setup(function()
helpers.mkdir_p(xstate .. pathsep .. (is_os('win') and 'nvim-data' or 'nvim'))
end)
teardown(function()
helpers.rmdir(xstate)
end)
before_each(function()
helpers.write_file('test_file', 'test')
end)
after_each(function()
os.remove('test_file')
end)
it('returns error when passing both path and bufnr', function()
eq('path and bufnr are mutually exclusive',
pcall_err(exec_lua, [[vim.secure.trust({action='deny', bufnr=0, path='test_file'})]]))
end)
it('trust then deny then remove a file using bufnr', function()
local cwd = funcs.getcwd()
local hash = funcs.sha256(helpers.read_file('test_file'))
local full_path = cwd .. pathsep .. 'test_file'
command('edit test_file')
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', bufnr=0})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq('', vim.trim(trust))
end)
it('deny then trust then remove a file using bufnr', function()
local cwd = funcs.getcwd()
local hash = funcs.sha256(helpers.read_file('test_file'))
local full_path = cwd .. pathsep .. 'test_file'
command('edit test_file')
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', bufnr=0})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq('', vim.trim(trust))
end)
it('trust using bufnr then deny then remove a file using path', function()
local cwd = funcs.getcwd()
local hash = funcs.sha256(helpers.read_file('test_file'))
local full_path = cwd .. pathsep .. 'test_file'
command('edit test_file')
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', path='test_file'})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', path='test_file'})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq('', vim.trim(trust))
end)
it('deny then trust then remove a file using bufnr', function()
local cwd = funcs.getcwd()
local hash = funcs.sha256(helpers.read_file('test_file'))
local full_path = cwd .. pathsep .. 'test_file'
command('edit test_file')
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', path='test_file'})}]]))
local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('! %s', full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq(string.format('%s %s', hash, full_path), vim.trim(trust))
eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', path='test_file'})}]]))
trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
eq('', vim.trim(trust))
end)
it('trust returns error when buffer not associated to file', function()
command('new')
eq({false, 'buffer is not associated with a file'},
exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
end)
end)
end)