Halaman utama Jelajahi Bantuan
Masuk
Red_Acid_Bunny
/
neovim
cermin dari https://github.com/neovim/neovim
Liatin 1
Bintangi 0
Fork 0
Berkas Masalah 0 Wiki
Cabang: master
Ranting Tag
neovim
/
test
/
functional
/
lua
/
secure_spec.lua

secure_spec.lua 13 KB
Permalink Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409 
  1. local t = require('test.testutil')
    2. 

  2. local n = require('test.functional.testnvim')()
    3. 

  3. local Screen = require('test.functional.ui.screen')
    4. 

  4. 

  5. local eq = t.eq
    6. 

  6. local clear = n.clear
    7. 

  7. local command = n.command
    8. 

  8. local pathsep = n.get_pathsep()
    9. 

  9. local is_os = t.is_os
    10. 

  10. local api = n.api
    11. 

  11. local exec_lua = n.exec_lua
    12. 

  12. local feed_command = n.feed_command
    13. 

  13. local feed = n.feed
    14. 

  14. local fn = n.fn
    15. 

  15. local stdpath = fn.stdpath
    16. 

  16. local pcall_err = t.pcall_err
    17. 

  17. local matches = t.matches
    18. 

  18. local read_file = t.read_file
    19. 

  19. 

  20. describe('vim.secure', function()
    21. 

  21.   describe('read()', function()
    22. 

  22.     local xstate = 'Xstate'
    23. 

  23.     local screen ---@type test.functional.ui.screen
    24. 

  24. 

  25.     before_each(function()
    26. 

  26.       clear { env = { XDG_STATE_HOME = xstate } }
    27. 

  27.       n.mkdir_p(xstate .. pathsep .. (is_os('win') and 'nvim-data' or 'nvim'))
    28. 

  28. 

  29.       t.mkdir('Xdir')
    30. 

  30.       t.mkdir('Xdir/Xsubdir')
    31. 

  31.       t.write_file('Xdir/Xfile.txt', [[hello, world]])
    32. 

  32. 

  33.       t.write_file(
    34. 

  34.         'Xfile',
    35. 

  35.         [[
    36. 

  36.         let g:foobar = 42
    37. 

  37.       ]]
    38. 

  38.       )
    39. 

  39.       screen = Screen.new(500, 8)
    40. 

  40.     end)
    41. 

  41. 

  42.     after_each(function()
    43. 

  43.       screen:detach()
    44. 

  44.       os.remove('Xfile')
    45. 

  45.       n.rmdir('Xdir')
    46. 

  46.       n.rmdir(xstate)
    47. 

  47.     end)
    48. 

  48. 

  49.     it('regular file', function()
    50. 

  50.       screen:set_default_attr_ids({
    51. 

  51.         [1] = { bold = true, foreground = Screen.colors.Blue1 },
    52. 

  52.         [2] = { bold = true, reverse = true },
    53. 

  53.         [3] = { bold = true, foreground = Screen.colors.SeaGreen },
    54. 

  54.         [4] = { reverse = true },
    55. 

  55.       })
    56. 

  56. 

  57.       local cwd = fn.getcwd()
    58. 

  58.       local msg = cwd .. pathsep .. 'Xfile is not trusted.'
    59. 

  59.       if #msg >= screen._width then
    60. 

  60.         pending('path too long')
    61. 

  61.         return
    62. 

  62.       end
    63. 

  63. 

  64.       -- Need to use feed_command instead of exec_lua because of the confirmation prompt
    65. 

  65.       feed_command([[lua vim.secure.read('Xfile')]])
    66. 

  66.       screen:expect([[
    67. 

  67.         {MATCH: +}|
    68. 

  68.         {1:~{MATCH: +}}|*3
    69. 

  69.         {2:{MATCH: +}}|
    70. 

  70.         :lua vim.secure.read('Xfile'){MATCH: +}|
    71. 

  71.         {3:]] .. msg .. [[}{MATCH: +}|
    72. 

  72.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
    73. 

  73.       ]])
    74. 

  74.       feed('d')
    75. 

  75.       screen:expect([[
    76. 

  76.         ^{MATCH: +}|
    77. 

  77.         {1:~{MATCH: +}}|*6
    78. 

  78.         {MATCH: +}|
    79. 

  79.       ]])
    80. 

  80. 

  81.       local trust = assert(read_file(stdpath('state') .. pathsep .. 'trust'))
    82. 

  82.       eq(string.format('! %s', cwd .. pathsep .. 'Xfile'), vim.trim(trust))
    83. 

  83.       eq(vim.NIL, exec_lua([[return vim.secure.read('Xfile')]]))
    84. 

  84. 

  85.       os.remove(stdpath('state') .. pathsep .. 'trust')
    86. 

  86. 

  87.       feed_command([[lua vim.secure.read('Xfile')]])
    88. 

  88.       screen:expect([[
    89. 

  89.         {MATCH: +}|
    90. 

  90.         {1:~{MATCH: +}}|*3
    91. 

  91.         {2:{MATCH: +}}|
    92. 

  92.         :lua vim.secure.read('Xfile'){MATCH: +}|
    93. 

  93.         {3:]] .. msg .. [[}{MATCH: +}|
    94. 

  94.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
    95. 

  95.       ]])
    96. 

  96.       feed('a')
    97. 

  97.       screen:expect([[
    98. 

  98.         ^{MATCH: +}|
    99. 

  99.         {1:~{MATCH: +}}|*6
    100. 

  100.         {MATCH: +}|
    101. 

  101.       ]])
    102. 

  102. 

  103.       local hash = fn.sha256(assert(read_file('Xfile')))
    104. 

  104.       trust = assert(read_file(stdpath('state') .. pathsep .. 'trust'))
    105. 

  105.       eq(string.format('%s %s', hash, cwd .. pathsep .. 'Xfile'), vim.trim(trust))
    106. 

  106.       eq('let g:foobar = 42\n', exec_lua([[return vim.secure.read('Xfile')]]))
    107. 

  107. 

  108.       os.remove(stdpath('state') .. pathsep .. 'trust')
    109. 

  109. 

  110.       feed_command([[lua vim.secure.read('Xfile')]])
    111. 

  111.       screen:expect([[
    112. 

  112.         {MATCH: +}|
    113. 

  113.         {1:~{MATCH: +}}|*3
    114. 

  114.         {2:{MATCH: +}}|
    115. 

  115.         :lua vim.secure.read('Xfile'){MATCH: +}|
    116. 

  116.         {3:]] .. msg .. [[}{MATCH: +}|
    117. 

  117.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
    118. 

  118.       ]])
    119. 

  119.       feed('i')
    120. 

  120.       screen:expect([[
    121. 

  121.         ^{MATCH: +}|
    122. 

  122.         {1:~{MATCH: +}}|*6
    123. 

  123.         {MATCH: +}|
    124. 

  124.       ]])
    125. 

  125. 

  126.       -- Trust database is not updated
    127. 

  127.       eq(nil, read_file(stdpath('state') .. pathsep .. 'trust'))
    128. 

  128. 

  129.       feed_command([[lua vim.secure.read('Xfile')]])
    130. 

  130.       screen:expect([[
    131. 

  131.         {MATCH: +}|
    132. 

  132.         {1:~{MATCH: +}}|*3
    133. 

  133.         {2:{MATCH: +}}|
    134. 

  134.         :lua vim.secure.read('Xfile'){MATCH: +}|
    135. 

  135.         {3:]] .. msg .. [[}{MATCH: +}|
    136. 

  136.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
    137. 

  137.       ]])
    138. 

  138.       feed('v')
    139. 

  139.       screen:expect([[
    140. 

  140.         ^let g:foobar = 42{MATCH: +}|
    141. 

  141.         {1:~{MATCH: +}}|*2
    142. 

  142.         {2:]] .. fn.fnamemodify(cwd, ':~') .. pathsep .. [[Xfile [RO]{MATCH: +}}|
    143. 

  143.         {MATCH: +}|
    144. 

  144.         {1:~{MATCH: +}}|
    145. 

  145.         {4:[No Name]{MATCH: +}}|
    146. 

  146.         {MATCH: +}|
    147. 

  147.       ]])
    148. 

  148. 

  149.       -- Trust database is not updated
    150. 

  150.       eq(nil, read_file(stdpath('state') .. pathsep .. 'trust'))
    151. 

  151. 

  152.       -- Cannot write file
    153. 

  153.       pcall_err(command, 'write')
    154. 

  154.       eq(true, api.nvim_get_option_value('readonly', {}))
    155. 

  155.     end)
    156. 

  156. 

  157.     it('directory', function()
    158. 

  158.       screen:set_default_attr_ids({
    159. 

  159.         [1] = { bold = true, foreground = Screen.colors.Blue1 },
    160. 

  160.         [2] = { bold = true, reverse = true },
    161. 

  161.         [3] = { bold = true, foreground = Screen.colors.SeaGreen },
    162. 

  162.         [4] = { reverse = true },
    163. 

  163.       })
    164. 

  164. 

  165.       local cwd = fn.getcwd()
    166. 

  166.       local msg = cwd
    167. 

  167.         .. pathsep
    168. 

  168.         .. 'Xdir is not trusted. DIRECTORY trust is decided only by its name, not its contents.'
    169. 

  169.       if #msg >= screen._width then
    170. 

  170.         pending('path too long')
    171. 

  171.         return
    172. 

  172.       end
    173. 

  173. 

  174.       -- Need to use feed_command instead of exec_lua because of the confirmation prompt
    175. 

  175.       feed_command([[lua vim.secure.read('Xdir')]])
    176. 

  176.       screen:expect([[
    177. 

  177.         {MATCH: +}|
    178. 

  178.         {1:~{MATCH: +}}|*3
    179. 

  179.         {2:{MATCH: +}}|
    180. 

  180.         :lua vim.secure.read('Xdir'){MATCH: +}|
    181. 

  181.         {3:]] .. msg .. [[}{MATCH: +}|
    182. 

  182.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
    183. 

  183.       ]])
    184. 

  184.       feed('d')
    185. 

  185.       screen:expect([[
    186. 

  186.         ^{MATCH: +}|
    187. 

  187.         {1:~{MATCH: +}}|*6
    188. 

  188.         {MATCH: +}|
    189. 

  189.       ]])
    190. 

  190. 

  191.       local trust = assert(read_file(stdpath('state') .. pathsep .. 'trust'))
    192. 

  192.       eq(string.format('! %s', cwd .. pathsep .. 'Xdir'), vim.trim(trust))
    193. 

  193.       eq(vim.NIL, exec_lua([[return vim.secure.read('Xdir')]]))
    194. 

  194. 

  195.       os.remove(stdpath('state') .. pathsep .. 'trust')
    196. 

  196. 

  197.       feed_command([[lua vim.secure.read('Xdir')]])
    198. 

  198.       screen:expect([[
    199. 

  199.         {MATCH: +}|
    200. 

  200.         {1:~{MATCH: +}}|*3
    201. 

  201.         {2:{MATCH: +}}|
    202. 

  202.         :lua vim.secure.read('Xdir'){MATCH: +}|
    203. 

  203.         {3:]] .. msg .. [[}{MATCH: +}|
    204. 

  204.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
    205. 

  205.       ]])
    206. 

  206.       feed('a')
    207. 

  207.       screen:expect([[
    208. 

  208.         ^{MATCH: +}|
    209. 

  209.         {1:~{MATCH: +}}|*6
    210. 

  210.         {MATCH: +}|
    211. 

  211.       ]])
    212. 

  212. 

  213.       -- Directories aren't hashed in the trust database, instead a slug ("directory") is stored
    214. 

  214.       -- instead.
    215. 

  215.       local expected_hash = 'directory'
    216. 

  216.       trust = assert(read_file(stdpath('state') .. pathsep .. 'trust'))
    217. 

  217.       eq(string.format('%s %s', expected_hash, cwd .. pathsep .. 'Xdir'), vim.trim(trust))
    218. 

  218.       eq(true, exec_lua([[return vim.secure.read('Xdir')]]))
    219. 

  219. 

  220.       os.remove(stdpath('state') .. pathsep .. 'trust')
    221. 

  221. 

  222.       feed_command([[lua vim.secure.read('Xdir')]])
    223. 

  223.       screen:expect([[
    224. 

  224.         {MATCH: +}|
    225. 

  225.         {1:~{MATCH: +}}|*3
    226. 

  226.         {2:{MATCH: +}}|
    227. 

  227.         :lua vim.secure.read('Xdir'){MATCH: +}|
    228. 

  228.         {3:]] .. msg .. [[}{MATCH: +}|
    229. 

  229.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
    230. 

  230.       ]])
    231. 

  231.       feed('i')
    232. 

  232.       screen:expect([[
    233. 

  233.         ^{MATCH: +}|
    234. 

  234.         {1:~{MATCH: +}}|*6
    235. 

  235.         {MATCH: +}|
    236. 

  236.       ]])
    237. 

  237. 

  238.       -- Trust database is not updated
    239. 

  239.       eq(nil, read_file(stdpath('state') .. pathsep .. 'trust'))
    240. 

  240. 

  241.       feed_command([[lua vim.secure.read('Xdir')]])
    242. 

  242.       screen:expect([[
    243. 

  243.         {MATCH: +}|
    244. 

  244.         {1:~{MATCH: +}}|*3
    245. 

  245.         {2:{MATCH: +}}|
    246. 

  246.         :lua vim.secure.read('Xdir'){MATCH: +}|
    247. 

  247.         {3:]] .. msg .. [[}{MATCH: +}|
    248. 

  248.         {3:[i]gnore, (v)iew, (d)eny, (a)llow: }^{MATCH: +}|
    249. 

  249.       ]])
    250. 

  250.       feed('v')
    251. 

  251.       screen:expect([[
    252. 

  252.         ^{MATCH: +}|
    253. 

  253.         {1:~{MATCH: +}}|*2
    254. 

  254.         {2:]] .. fn.fnamemodify(cwd, ':~') .. pathsep .. [[Xdir [RO]{MATCH: +}}|
    255. 

  255.         {MATCH: +}|
    256. 

  256.         {1:~{MATCH: +}}|
    257. 

  257.         {4:[No Name]{MATCH: +}}|
    258. 

  258.         {MATCH: +}|
    259. 

  259.       ]])
    260. 

  260. 

  261.       -- Trust database is not updated
    262. 

  262.       eq(nil, read_file(stdpath('state') .. pathsep .. 'trust'))
    263. 

  263.     end)
    264. 

  264.   end)
    265. 

  265. 

  266.   describe('trust()', function()
    267. 

  267.     local xstate = 'Xstate'
    268. 

  268. 

  269.     setup(function()
    270. 

  270.       clear { env = { XDG_STATE_HOME = xstate } }
    271. 

  271.       n.mkdir_p(xstate .. pathsep .. (is_os('win') and 'nvim-data' or 'nvim'))
    272. 

  272.     end)
    273. 

  273. 

  274.     teardown(function()
    275. 

  275.       n.rmdir(xstate)
    276. 

  276.     end)
    277. 

  277. 

  278.     before_each(function()
    279. 

  279.       t.write_file('test_file', 'test')
    280. 

  280.       t.mkdir('test_dir')
    281. 

  281.     end)
    282. 

  282. 

  283.     after_each(function()
    284. 

  284.       os.remove('test_file')
    285. 

  285.       n.rmdir('test_dir')
    286. 

  286.     end)
    287. 

  287. 

  288.     it('returns error when passing both path and bufnr', function()
    289. 

  289.       matches(
    290. 

  290.         '"path" and "bufnr" are mutually exclusive',
    291. 

  291.         pcall_err(exec_lua, [[vim.secure.trust({action='deny', bufnr=0, path='test_file'})]])
    292. 

  292.       )
    293. 

  293.     end)
    294. 

  294. 

  295.     it('returns error when passing neither path or bufnr', function()
    296. 

  296.       matches(
    297. 

  297.         'one of "path" or "bufnr" is required',
    298. 

  298.         pcall_err(exec_lua, [[vim.secure.trust({action='deny'})]])
    299. 

  299.       )
    300. 

  300.     end)
    301. 

  301. 

  302.     it('trust then deny then remove a file using bufnr', function()
    303. 

  303.       local cwd = fn.getcwd()
    304. 

  304.       local hash = fn.sha256(read_file('test_file'))
    305. 

  305.       local full_path = cwd .. pathsep .. 'test_file'
    306. 

  306. 

  307.       command('edit test_file')
    308. 

  308.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
    309. 

  309.       local trust = read_file(stdpath('state') .. pathsep .. 'trust')
    310. 

  310.       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
    311. 

  311. 

  312.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
    313. 

  313.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    314. 

  314.       eq(string.format('! %s', full_path), vim.trim(trust))
    315. 

  315. 

  316.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='remove', bufnr=0})}]]))
    317. 

  317.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    318. 

  318.       eq('', vim.trim(trust))
    319. 

  319.     end)
    320. 

  320. 

  321.     it('deny then trust then remove a file using bufnr', function()
    322. 

  322.       local cwd = fn.getcwd()
    323. 

  323.       local hash = fn.sha256(read_file('test_file'))
    324. 

  324.       local full_path = cwd .. pathsep .. 'test_file'
    325. 

  325. 

  326.       command('edit test_file')
    327. 

  327.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='deny', bufnr=0})}]]))
    328. 

  328.       local trust = read_file(stdpath('state') .. pathsep .. 'trust')
    329. 

  329.       eq(string.format('! %s', full_path), vim.trim(trust))
    330. 

  330. 

  331.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
    332. 

  332.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    333. 

  333.       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
    334. 

  334. 

  335.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='remove', bufnr=0})}]]))
    336. 

  336.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    337. 

  337.       eq('', vim.trim(trust))
    338. 

  338.     end)
    339. 

  339. 

  340.     it('trust using bufnr then deny then remove a file using path', function()
    341. 

  341.       local cwd = fn.getcwd()
    342. 

  342.       local hash = fn.sha256(read_file('test_file'))
    343. 

  343.       local full_path = cwd .. pathsep .. 'test_file'
    344. 

  344. 

  345.       command('edit test_file')
    346. 

  346.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
    347. 

  347.       local trust = read_file(stdpath('state') .. pathsep .. 'trust')
    348. 

  348.       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
    349. 

  349. 

  350.       eq(
    351. 

  351.         { true, full_path },
    352. 

  352.         exec_lua([[return {vim.secure.trust({action='deny', path='test_file'})}]])
    353. 

  353.       )
    354. 

  354.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    355. 

  355.       eq(string.format('! %s', full_path), vim.trim(trust))
    356. 

  356. 

  357.       eq(
    358. 

  358.         { true, full_path },
    359. 

  359.         exec_lua([[return {vim.secure.trust({action='remove', path='test_file'})}]])
    360. 

  360.       )
    361. 

  361.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    362. 

  362.       eq('', vim.trim(trust))
    363. 

  363.     end)
    364. 

  364. 

  365.     it('deny then trust then remove a file using bufnr', function()
    366. 

  366.       local cwd = fn.getcwd()
    367. 

  367.       local hash = fn.sha256(read_file('test_file'))
    368. 

  368.       local full_path = cwd .. pathsep .. 'test_file'
    369. 

  369. 

  370.       command('edit test_file')
    371. 

  371.       eq(
    372. 

  372.         { true, full_path },
    373. 

  373.         exec_lua([[return {vim.secure.trust({action='deny', path='test_file'})}]])
    374. 

  374.       )
    375. 

  375.       local trust = read_file(stdpath('state') .. pathsep .. 'trust')
    376. 

  376.       eq(string.format('! %s', full_path), vim.trim(trust))
    377. 

  377. 

  378.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
    379. 

  379.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    380. 

  380.       eq(string.format('%s %s', hash, full_path), vim.trim(trust))
    381. 

  381. 

  382.       eq(
    383. 

  383.         { true, full_path },
    384. 

  384.         exec_lua([[return {vim.secure.trust({action='remove', path='test_file'})}]])
    385. 

  385.       )
    386. 

  386.       trust = read_file(stdpath('state') .. pathsep .. 'trust')
    387. 

  387.       eq('', vim.trim(trust))
    388. 

  388.     end)
    389. 

  389. 

  390.     it('trust returns error when buffer not associated to file', function()
    391. 

  391.       command('new')
    392. 

  392.       eq(
    393. 

  393.         { false, 'buffer is not associated with a file' },
    394. 

  394.         exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]])
    395. 

  395.       )
    396. 

  396.     end)
    397. 

  397. 

  398.     it('trust directory bufnr', function()
    399. 

  399.       local cwd = fn.getcwd()
    400. 

  400.       local full_path = cwd .. pathsep .. 'test_dir'
    401. 

  401.       command('edit test_dir')
    402. 

  402. 

  403.       eq({ true, full_path }, exec_lua([[return {vim.secure.trust({action='allow', bufnr=0})}]]))
    404. 

  404.       local trust = read_file(stdpath('state') .. pathsep .. 'trust')
    405. 

  405.       eq(string.format('directory %s', full_path), vim.trim(trust))
    406. 

  406.     end)
    407. 

  407.   end)
    408. 

  408. end)
    409. 

  409.