mirror of
				https://github.com/neovim/neovim.git
				synced 2025-10-26 04:17:01 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			286 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			Lua
		
	
	
	
	
	
			
		
		
	
	
			286 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			Lua
		
	
	
	
	
	
| local helpers = require('test.functional.helpers')(after_each)
 | |
| local Screen = require('test.functional.ui.screen')
 | |
| 
 | |
| local eq = helpers.eq
 | |
| local clear = helpers.clear
 | |
| local command = helpers.command
 | |
| local pathsep = helpers.get_pathsep()
 | |
| local is_os = helpers.is_os
 | |
| local curbufmeths = helpers.curbufmeths
 | |
| local exec_lua = helpers.exec_lua
 | |
| local feed_command = helpers.feed_command
 | |
| local feed = helpers.feed
 | |
| local funcs = helpers.funcs
 | |
| local pcall_err = helpers.pcall_err
 | |
| local matches = helpers.matches
 | |
| 
 | |
| describe('vim.secure', function()
 | |
|   describe('read()', function()
 | |
|     local xstate = 'Xstate'
 | |
| 
 | |
|     setup(function()
 | |
|       helpers.mkdir_p(xstate .. pathsep .. (is_os('win') and 'nvim-data' or 'nvim'))
 | |
|     end)
 | |
| 
 | |
|     teardown(function()
 | |
|       helpers.rmdir(xstate)
 | |
|     end)
 | |
| 
 | |
|     before_each(function()
 | |
|       helpers.write_file('Xfile', [[
 | |
|         let g:foobar = 42
 | |
|       ]])
 | |
|       clear{env={XDG_STATE_HOME=xstate}}
 | |
|     end)
 | |
| 
 | |
|     after_each(function()
 | |
|       os.remove('Xfile')
 | |
|       helpers.rmdir(xstate)
 | |
|     end)
 | |
| 
 | |
|     it('works', function()
 | |
|       local screen = Screen.new(80, 8)
 | |
|       screen:attach()
 | |
|       screen:set_default_attr_ids({
 | |
|         [1] = {bold = true, foreground = Screen.colors.Blue1},
 | |
|         [2] = {bold = true, reverse = true},
 | |
|         [3] = {bold = true, foreground = Screen.colors.SeaGreen},
 | |
|         [4] = {reverse = true},
 | |
|       })
 | |
| 
 | |
|       --- XXX: screen:expect() may fail if this path is too long.
 | |
|       local cwd = funcs.getcwd()
 | |
| 
 | |
|       -- Need to use feed_command instead of exec_lua because of the confirmation prompt
 | |
|       feed_command([[lua vim.secure.read('Xfile')]])
 | |
|       screen:expect{grid=[[
 | |
|                                                                                         |
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {2:                                                                                }|
 | |
|         :lua vim.secure.read('Xfile')                                                   |
 | |
|         {3:]] .. cwd .. pathsep .. [[Xfile is not trusted.}{MATCH:%s+}|
 | |
|         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^                                             |
 | |
|       ]]}
 | |
|       feed('d')
 | |
|       screen:expect{grid=[[
 | |
|         ^                                                                                |
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|                                                                                         |
 | |
|       ]]}
 | |
| 
 | |
|       local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(string.format('! %s', cwd .. pathsep .. 'Xfile'), vim.trim(trust))
 | |
|       eq(helpers.NIL, exec_lua([[return vim.secure.read('Xfile')]]))
 | |
| 
 | |
|       os.remove(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
| 
 | |
|       feed_command([[lua vim.secure.read('Xfile')]])
 | |
|       screen:expect{grid=[[
 | |
|                                                                                         |
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {2:                                                                                }|
 | |
|         :lua vim.secure.read('Xfile')                                                   |
 | |
|         {3:]] .. cwd .. pathsep .. [[Xfile is not trusted.}{MATCH:%s+}|
 | |
|         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^                                             |
 | |
|       ]]}
 | |
|       feed('a')
 | |
|       screen:expect{grid=[[
 | |
|         ^                                                                                |
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|                                                                                         |
 | |
|       ]]}
 | |
| 
 | |
|       local hash = funcs.sha256(helpers.read_file('Xfile'))
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(string.format('%s %s', hash, cwd .. pathsep .. 'Xfile'), vim.trim(trust))
 | |
|       eq(helpers.NIL, exec_lua([[vim.secure.read('Xfile')]]))
 | |
| 
 | |
|       os.remove(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
| 
 | |
|       feed_command([[lua vim.secure.read('Xfile')]])
 | |
|       screen:expect{grid=[[
 | |
|                                                                                         |
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {2:                                                                                }|
 | |
|         :lua vim.secure.read('Xfile')                                                   |
 | |
|         {3:]] .. cwd .. pathsep .. [[Xfile is not trusted.}{MATCH:%s+}|
 | |
|         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^                                             |
 | |
|       ]]}
 | |
|       feed('i')
 | |
|       screen:expect{grid=[[
 | |
|         ^                                                                                |
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|                                                                                         |
 | |
|       ]]}
 | |
| 
 | |
|       -- Trust database is not updated
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(nil, trust)
 | |
| 
 | |
|       feed_command([[lua vim.secure.read('Xfile')]])
 | |
|       screen:expect{grid=[[
 | |
|                                                                                         |
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {2:                                                                                }|
 | |
|         :lua vim.secure.read('Xfile')                                                   |
 | |
|         {3:]] .. cwd .. pathsep .. [[Xfile is not trusted.}{MATCH:%s+}|
 | |
|         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^                                             |
 | |
|       ]]}
 | |
|       feed('v')
 | |
|       screen:expect{grid=[[
 | |
|           ^let g:foobar = 42                                                             |
 | |
|         {1:~                                                                               }|
 | |
|         {1:~                                                                               }|
 | |
|         {2:]] .. funcs.fnamemodify(cwd, ':~') .. pathsep .. [[Xfile [RO]{MATCH:%s+}}|
 | |
|                                                                                         |
 | |
|         {1:~                                                                               }|
 | |
|         {4:[No Name]                                                                       }|
 | |
|                                                                                         |
 | |
|       ]]}
 | |
| 
 | |
|       -- Trust database is not updated
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(nil, trust)
 | |
| 
 | |
|       -- Cannot write file
 | |
|       pcall_err(command, 'write')
 | |
|       eq(true, curbufmeths.get_option('readonly'))
 | |
|     end)
 | |
|   end)
 | |
| 
 | |
|   describe('trust()', function()
 | |
|     local xstate = 'Xstate'
 | |
| 
 | |
|     setup(function()
 | |
|       helpers.mkdir_p(xstate .. pathsep .. (is_os('win') and 'nvim-data' or 'nvim'))
 | |
|     end)
 | |
| 
 | |
|     teardown(function()
 | |
|       helpers.rmdir(xstate)
 | |
|     end)
 | |
| 
 | |
|     before_each(function()
 | |
|       helpers.write_file('test_file', 'test')
 | |
|     end)
 | |
| 
 | |
|     after_each(function()
 | |
|       os.remove('test_file')
 | |
|     end)
 | |
| 
 | |
|     it('returns error when passing both path and bufnr', function()
 | |
|       matches('"path" and "bufnr" are mutually exclusive',
 | |
|         pcall_err(exec_lua, [[vim.secure.trust({action='deny', bufnr=0, path='test_file'})]]))
 | |
|     end)
 | |
| 
 | |
|     it('returns error when passing neither path or bufnr', function()
 | |
|       matches('one of "path" or "bufnr" is required',
 | |
|         pcall_err(exec_lua, [[vim.secure.trust({action='deny'})]]))
 | |
|     end)
 | |
| 
 | |
|     it('trust then deny then remove a file using bufnr', function()
 | |
|       local cwd = funcs.getcwd()
 | |
|       local hash = funcs.sha256(helpers.read_file('test_file'))
 | |
|       local full_path = cwd .. pathsep .. 'test_file'
 | |
| 
 | |
|       command('edit test_file')
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
 | |
|       local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
 | |
| 
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(string.format('! %s', full_path), vim.trim(trust))
 | |
| 
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', bufnr=0})}]]))
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq('', vim.trim(trust))
 | |
|     end)
 | |
| 
 | |
|     it('deny then trust then remove a file using bufnr', function()
 | |
|       local cwd = funcs.getcwd()
 | |
|       local hash = funcs.sha256(helpers.read_file('test_file'))
 | |
|       local full_path = cwd .. pathsep .. 'test_file'
 | |
| 
 | |
|       command('edit test_file')
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
 | |
|       local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(string.format('! %s', full_path), vim.trim(trust))
 | |
| 
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
 | |
| 
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', bufnr=0})}]]))
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq('', vim.trim(trust))
 | |
|     end)
 | |
| 
 | |
|     it('trust using bufnr then deny then remove a file using path', function()
 | |
|       local cwd = funcs.getcwd()
 | |
|       local hash = funcs.sha256(helpers.read_file('test_file'))
 | |
|       local full_path = cwd .. pathsep .. 'test_file'
 | |
| 
 | |
|       command('edit test_file')
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
 | |
|       local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
 | |
| 
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', path='test_file'})}]]))
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(string.format('! %s', full_path), vim.trim(trust))
 | |
| 
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', path='test_file'})}]]))
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq('', vim.trim(trust))
 | |
|     end)
 | |
| 
 | |
|     it('deny then trust then remove a file using bufnr', function()
 | |
|       local cwd = funcs.getcwd()
 | |
|       local hash = funcs.sha256(helpers.read_file('test_file'))
 | |
|       local full_path = cwd .. pathsep .. 'test_file'
 | |
| 
 | |
|       command('edit test_file')
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='deny', path='test_file'})}]]))
 | |
|       local trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(string.format('! %s', full_path), vim.trim(trust))
 | |
| 
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
 | |
| 
 | |
|       eq({true, full_path}, exec_lua([[return {vim.secure.trust({action='remove', path='test_file'})}]]))
 | |
|       trust = helpers.read_file(funcs.stdpath('state') .. pathsep .. 'trust')
 | |
|       eq('', vim.trim(trust))
 | |
|     end)
 | |
| 
 | |
|     it('trust returns error when buffer not associated to file', function()
 | |
|       command('new')
 | |
|       eq({false, 'buffer is not associated with a file'},
 | |
|         exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
 | |
|     end)
 | |
|   end)
 | |
| end)
 | 
