Fix #1708 - Don't modify linters or register fixers in the sandbox

This commit is contained in:
w0rp 2018-07-17 21:39:50 +01:00
parent 7952ebe77e
commit 5453e0e1a4
No known key found for this signature in database
GPG key ID: 0FC1ECAA8C81CD83
3 changed files with 57 additions and 1 deletions

View file

@ -242,6 +242,9 @@ endfunction
" Add a function for fixing problems to the registry.
" (name, func, filetypes, desc, aliases)
function! ale#fix#registry#Add(name, func, filetypes, desc, ...) abort
" This command will throw from the sandbox.
let &equalprg=&equalprg
if type(a:name) != type('')
throw '''name'' must be a String'
endif

View file

@ -50,6 +50,9 @@ endfunction
" This is only for tests.
" Do not call this function.
function! ale#linter#GetLintersLoaded() abort
" This command will throw from the sandbox.
let &equalprg=&equalprg
return s:linters
endfunction
@ -289,6 +292,9 @@ function! ale#linter#PreProcess(filetype, linter) abort
endfunction
function! ale#linter#Define(filetype, linter) abort
" This command will throw from the sandbox.
let &equalprg=&equalprg
if !has_key(s:linters, a:filetype)
let s:linters[a:filetype] = []
endif
@ -304,6 +310,12 @@ function! ale#linter#PreventLoading(filetype) abort
endfunction
function! ale#linter#GetAll(filetypes) abort
" Don't return linters in the sandbox.
" Otherwise a sandboxed script could modify them.
if ale#util#InSandbox()
return []
endif
let l:combined_linters = []
for l:filetype in a:filetypes

View file

@ -24,10 +24,13 @@ Before:
let g:ale_buffer_info = {}
After:
unlet! b:in_sandbox
unlet! b:result
delfunction TestCallback
call ale#linter#Reset()
let g:ale_buffer_info = {}
unlet! b:in_sandbox
Given foobar (Some imaginary filetype):
foo
@ -61,3 +64,41 @@ Execute(ALE shouldn't blow up if file cleanup happens in a sandbox):
AssertEqual ['/tmp/foo'], g:ale_buffer_info[3].temporary_file_list
AssertEqual ['/tmp/bar'], g:ale_buffer_info[3].temporary_directory_list
Execute(You shouldn't be able to define linters from the sandbox):
call ale#linter#Reset()
call ale#linter#PreventLoading('testft')
AssertThrows sandbox call ale#linter#Define('testft', {
\ 'name': 'testlinter',
\ 'output_stream': 'stdout',
\ 'executable': 'testlinter',
\ 'command': 'testlinter',
\ 'callback': 'testCB',
\})
AssertEqual 'Vim(let):E48: Not allowed in sandbox', g:vader_exception
AssertEqual [], ale#linter#GetAll(['testft'])
Execute(You shouldn't be able to register fixers from the sandbox):
call ale#fix#registry#Clear()
AssertThrows sandbox call ale#fix#registry#Add('prettier', '', ['javascript'], 'prettier')
AssertEqual 'Vim(let):E48: Not allowed in sandbox', g:vader_exception
AssertEqual [], ale#fix#registry#CompleteFixers('', 'ALEFix ', 7)
Execute(You shouldn't be able to get linters from the sandbox, to prevent tampering):
AssertThrows sandbox call ale#linter#GetLintersLoaded()
AssertEqual 'Vim(let):E48: Not allowed in sandbox', g:vader_exception
call ale#linter#Reset()
sandbox let b:result = ale#linter#GetAll(['testft'])
AssertEqual 0, len(b:result)
let b:result = ale#linter#GetAll(['testft'])
AssertEqual 1, len(b:result)
sandbox let b:result = ale#linter#GetAll(['testft'])
AssertEqual 0, len(b:result)