Startsida Utforska Hjälp
Logga in
Red_Acid_Bunny
/
neovim
spegling av https://github.com/neovim/neovim
Bevaka 1
Stjärnmärk 0
Fork 0
Filer Ärenden 0 Wiki
Träd: 487c48ec86
Grenar Taggar
neovim
/
test
/
functional
/
lua
/
secure_spec.lua

secure_spec.lua 12 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310 
  1. local t = require('test.testutil')
    2. 

  2. local n = require('test.functional.testnvim')()
    3. 

  3. local Screen = require('test.functional.ui.screen')
    4. 

  4. 

  5. local eq = t.eq
    6. 

  6. local clear = n.clear
    7. 

  7. local command = n.command
    8. 

  8. local pathsep = n.get_pathsep()
    9. 

  9. local is_os = t.is_os
    10. 

  10. local api = n.api
    11. 

  11. local exec_lua = n.exec_lua
    12. 

  12. local feed_command = n.feed_command
    13. 

  13. local feed = n.feed
    14. 

  14. local fn = n.fn
    15. 

  15. local stdpath = fn.stdpath
    16. 

  16. local pcall_err = t.pcall_err
    17. 

  17. local matches = t.matches
    18. 

  18. local read_file = t.read_file
    19. 

  19. 

  20. describe('vim.secure', function()
    21. 

  21.   describe('read()', function()
    22. 

  22.     local xstate = 'Xstate'
    23. 

  23. 

  24.     setup(function()
    25. 

  25.       clear { env = { XDG_STATE_HOME = xstate } }
    26. 

  26.       n.mkdir_p(xstate .. pathsep .. (is_os('win') and 'nvim-data' or 'nvim'))
    27. 

  27.       t.write_file(
    28. 

  28.         'Xfile',
    29. 

  29.         [[
    30. 

  30.         let g:foobar = 42
    31. 

  31.       ]]
    32. 

  32.       )
    33. 

  33.     end)
    34. 

  34. 

  35.     teardown(function()
    36. 

  36.       os.remove('Xfile')
    37. 

  37.       n.rmdir(xstate)
    38. 

  38.     end)
    39. 

  39. 

  40.     it('works', function()
    41. 

  41.       local screen = Screen.new(80, 8)
    42. 

  42.       screen:set_default_attr_ids({
    43. 

  43.         [1] = { bold = true, foreground = Screen.colors.Blue1 },
    44. 

  44.         [2] = { bold = true, reverse = true },
    45. 

  45.         [3] = { bold = true, foreground = Screen.colors.SeaGreen },
    46. 

  46.         [4] = { reverse = true },
    47. 

  47.       })
    48. 

  48. 

  49.       --- XXX: screen:expect() may fail if this path is too long.
    50. 

  50.       local cwd = fn.getcwd()
    51. 

  51. 

  52.       -- Need to use feed_command instead of exec_lua because of the confirmation prompt
    53. 

  53.       feed_command([[lua vim.secure.read('Xfile')]])
    54. 

  54.       screen:expect {
    55. 

  55.         grid = [[
    56. 

  56.                                                                                         |
    57. 

  57.         {1:~                                                                               }|*3
    58. 

  58.         {2:                                                                                }|
    59. 

  59.         :lua vim.secure.read('Xfile')                                                   |
    60. 

  60.         {3:]]
    61. 

  61.           .. cwd
    62. 

  62.           .. pathsep
    63. 

  63.           .. [[Xfile is not trusted.}{MATCH:%s+}|
    64. 

  64.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^                                             |
    65. 

  65.       ]],
    66. 

  66.       }
    67. 

  67.       feed('d')
    68. 

  68.       screen:expect {
    69. 

  69.         grid = [[
    70. 

  70.         ^                                                                                |
    71. 

  71.         {1:~                                                                               }|*6
    72. 

  72.                                                                                         |
    73. 

  73.       ]],
    74. 

  74.       }
    75. 

  75. 

  76.       local trust = read_file(stdpath('state') .. pathsep .. 'trust')
    77. 

  77.       eq(string.format('! %s', cwd .. pathsep .. 'Xfile'), vim.trim(trust))
    78. 

  78.       eq(vim.NIL, exec_lua([[return vim.secure.read('Xfile')]]))
    79. 

  79. 

  80.       os.remove(stdpath('state') .. pathsep .. 'trust')
    81. 

  81. 

  82.       feed_command([[lua vim.secure.read('Xfile')]])
    83. 

  83.       screen:expect {
    84. 

  84.         grid = [[
    85. 

  85.                                                                                         |
    86. 

  86.         {1:~                                                                               }|*3
    87. 

  87.         {2:                                                                                }|
    88. 

  88.         :lua vim.secure.read('Xfile')                                                   |
    89. 

  89.         {3:]]
    90. 

  90.           .. cwd
    91. 

  91.           .. pathsep
    92. 

  92.           .. [[Xfile is not trusted.}{MATCH:%s+}|
    93. 

  93.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^                                             |
    94. 

  94.       ]],
    95. 

  95.       }
    96. 

  96.       feed('a')
    97. 

  97.       screen:expect {
    98. 

  98.         grid = [[
    99. 

  99.         ^                                                                                |
    100. 

  100.         {1:~                                                                               }|*6
    101. 

  101.                                                                                         |
    102. 

  102.       ]],
    103. 

  103.       }
    104. 

  104. 

  105.       local hash = fn.sha256(read_file('Xfile'))
    106. 

  106.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    107. 

  107.       eq(string.format('%s %s', hash, cwd .. pathsep .. 'Xfile'), vim.trim(trust))
    108. 

  108.       eq(vim.NIL, exec_lua([[vim.secure.read('Xfile')]]))
    109. 

  109. 

  110.       os.remove(stdpath('state') .. pathsep .. 'trust')
    111. 

  111. 

  112.       feed_command([[lua vim.secure.read('Xfile')]])
    113. 

  113.       screen:expect {
    114. 

  114.         grid = [[
    115. 

  115.                                                                                         |
    116. 

  116.         {1:~                                                                               }|*3
    117. 

  117.         {2:                                                                                }|
    118. 

  118.         :lua vim.secure.read('Xfile')                                                   |
    119. 

  119.         {3:]]
    120. 

  120.           .. cwd
    121. 

  121.           .. pathsep
    122. 

  122.           .. [[Xfile is not trusted.}{MATCH:%s+}|
    123. 

  123.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^                                             |
    124. 

  124.       ]],
    125. 

  125.       }
    126. 

  126.       feed('i')
    127. 

  127.       screen:expect {
    128. 

  128.         grid = [[
    129. 

  129.         ^                                                                                |
    130. 

  130.         {1:~                                                                               }|*6
    131. 

  131.                                                                                         |
    132. 

  132.       ]],
    133. 

  133.       }
    134. 

  134. 

  135.       -- Trust database is not updated
    136. 

  136.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    137. 

  137.       eq(nil, trust)
    138. 

  138. 

  139.       feed_command([[lua vim.secure.read('Xfile')]])
    140. 

  140.       screen:expect {
    141. 

  141.         grid = [[
    142. 

  142.                                                                                         |
    143. 

  143.         {1:~                                                                               }|*3
    144. 

  144.         {2:                                                                                }|
    145. 

  145.         :lua vim.secure.read('Xfile')                                                   |
    146. 

  146.         {3:]]
    147. 

  147.           .. cwd
    148. 

  148.           .. pathsep
    149. 

  149.           .. [[Xfile is not trusted.}{MATCH:%s+}|
    150. 

  150.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^                                             |
    151. 

  151.       ]],
    152. 

  152.       }
    153. 

  153.       feed('v')
    154. 

  154.       screen:expect {
    155. 

  155.         grid = [[
    156. 

  156.           ^let g:foobar = 42                                                             |
    157. 

  157.         {1:~                                                                               }|*2
    158. 

  158.         {2:]]
    159. 

  159.           .. fn.fnamemodify(cwd, ':~')
    160. 

  160.           .. pathsep
    161. 

  161.           .. [[Xfile [RO]{MATCH:%s+}}|
    162. 

  162.                                                                                         |
    163. 

  163.         {1:~                                                                               }|
    164. 

  164.         {4:[No Name]                                                                       }|
    165. 

  165.                                                                                         |
    166. 

  166.       ]],
    167. 

  167.       }
    168. 

  168. 

  169.       -- Trust database is not updated
    170. 

  170.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    171. 

  171.       eq(nil, trust)
    172. 

  172. 

  173.       -- Cannot write file
    174. 

  174.       pcall_err(command, 'write')
    175. 

  175.       eq(true, api.nvim_get_option_value('readonly', {}))
    176. 

  176.     end)
    177. 

  177.   end)
    178. 

  178. 

  179.   describe('trust()', function()
    180. 

  180.     local xstate = 'Xstate'
    181. 

  181. 

  182.     setup(function()
    183. 

  183.       clear { env = { XDG_STATE_HOME = xstate } }
    184. 

  184.       n.mkdir_p(xstate .. pathsep .. (is_os('win') and 'nvim-data' or 'nvim'))
    185. 

  185.     end)
    186. 

  186. 

  187.     teardown(function()
    188. 

  188.       n.rmdir(xstate)
    189. 

  189.     end)
    190. 

  190. 

  191.     before_each(function()
    192. 

  192.       t.write_file('test_file', 'test')
    193. 

  193.     end)
    194. 

  194. 

  195.     after_each(function()
    196. 

  196.       os.remove('test_file')
    197. 

  197.     end)
    198. 

  198. 

  199.     it('returns error when passing both path and bufnr', function()
    200. 

  200.       matches(
    201. 

  201.         '"path" and "bufnr" are mutually exclusive',
    202. 

  202.         pcall_err(exec_lua, [[vim.secure.trust({action='deny', bufnr=0, path='test_file'})]])
    203. 

  203.       )
    204. 

  204.     end)
    205. 

  205. 

  206.     it('returns error when passing neither path or bufnr', function()
    207. 

  207.       matches(
    208. 

  208.         'one of "path" or "bufnr" is required',
    209. 

  209.         pcall_err(exec_lua, [[vim.secure.trust({action='deny'})]])
    210. 

  210.       )
    211. 

  211.     end)
    212. 

  212. 

  213.     it('trust then deny then remove a file using bufnr', function()
    214. 

  214.       local cwd = fn.getcwd()
    215. 

  215.       local hash = fn.sha256(read_file('test_file'))
    216. 

  216.       local full_path = cwd .. pathsep .. 'test_file'
    217. 

  217. 

  218.       command('edit test_file')
    219. 

  219.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
    220. 

  220.       local trust = read_file(stdpath('state') .. pathsep .. 'trust')
    221. 

  221.       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
    222. 

  222. 

  223.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
    224. 

  224.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    225. 

  225.       eq(string.format('! %s', full_path), vim.trim(trust))
    226. 

  226. 

  227.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='remove', bufnr=0})}]]))
    228. 

  228.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    229. 

  229.       eq('', vim.trim(trust))
    230. 

  230.     end)
    231. 

  231. 

  232.     it('deny then trust then remove a file using bufnr', function()
    233. 

  233.       local cwd = fn.getcwd()
    234. 

  234.       local hash = fn.sha256(read_file('test_file'))
    235. 

  235.       local full_path = cwd .. pathsep .. 'test_file'
    236. 

  236. 

  237.       command('edit test_file')
    238. 

  238.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
    239. 

  239.       local trust = read_file(stdpath('state') .. pathsep .. 'trust')
    240. 

  240.       eq(string.format('! %s', full_path), vim.trim(trust))
    241. 

  241. 

  242.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
    243. 

  243.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    244. 

  244.       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
    245. 

  245. 

  246.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='remove', bufnr=0})}]]))
    247. 

  247.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    248. 

  248.       eq('', vim.trim(trust))
    249. 

  249.     end)
    250. 

  250. 

  251.     it('trust using bufnr then deny then remove a file using path', function()
    252. 

  252.       local cwd = fn.getcwd()
    253. 

  253.       local hash = fn.sha256(read_file('test_file'))
    254. 

  254.       local full_path = cwd .. pathsep .. 'test_file'
    255. 

  255. 

  256.       command('edit test_file')
    257. 

  257.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
    258. 

  258.       local trust = read_file(stdpath('state') .. pathsep .. 'trust')
    259. 

  259.       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
    260. 

  260. 

  261.       eq(
    262. 

  262.         { true, full_path },
    263. 

  263.         exec_lua([[return {vim.secure.trust({action='deny', path='test_file'})}]])
    264. 

  264.       )
    265. 

  265.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    266. 

  266.       eq(string.format('! %s', full_path), vim.trim(trust))
    267. 

  267. 

  268.       eq(
    269. 

  269.         { true, full_path },
    270. 

  270.         exec_lua([[return {vim.secure.trust({action='remove', path='test_file'})}]])
    271. 

  271.       )
    272. 

  272.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    273. 

  273.       eq('', vim.trim(trust))
    274. 

  274.     end)
    275. 

  275. 

  276.     it('deny then trust then remove a file using bufnr', function()
    277. 

  277.       local cwd = fn.getcwd()
    278. 

  278.       local hash = fn.sha256(read_file('test_file'))
    279. 

  279.       local full_path = cwd .. pathsep .. 'test_file'
    280. 

  280. 

  281.       command('edit test_file')
    282. 

  282.       eq(
    283. 

  283.         { true, full_path },
    284. 

  284.         exec_lua([[return {vim.secure.trust({action='deny', path='test_file'})}]])
    285. 

  285.       )
    286. 

  286.       local trust = read_file(stdpath('state') .. pathsep .. 'trust')
    287. 

  287.       eq(string.format('! %s', full_path), vim.trim(trust))
    288. 

  288. 

  289.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
    290. 

  290.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    291. 

  291.       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
    292. 

  292. 

  293.       eq(
    294. 

  294.         { true, full_path },
    295. 

  295.         exec_lua([[return {vim.secure.trust({action='remove', path='test_file'})}]])
    296. 

  296.       )
    297. 

  297.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    298. 

  298.       eq('', vim.trim(trust))
    299. 

  299.     end)
    300. 

  300. 

  301.     it('trust returns error when buffer not associated to file', function()
    302. 

  302.       command('new')
    303. 

  303.       eq(
    304. 

  304.         { false, 'buffer is not associated with a file' },
    305. 

  305.         exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]])
    306. 

  306.       )
    307. 

  307.     end)
    308. 

  308.   end)
    309. 

  309. end)
    310. 

  310.