From 5453e0e1a43302226da1d1d753e162af0231f9d3 Mon Sep 17 00:00:00 2001 From: w0rp Date: Tue, 17 Jul 2018 21:39:50 +0100 Subject: [PATCH] Fix #1708 - Don't modify linters or register fixers in the sandbox --- autoload/ale/fix/registry.vim | 3 +++ autoload/ale/linter.vim | 12 +++++++++ test/test_sandbox_execution.vader | 43 ++++++++++++++++++++++++++++++- 3 files changed, 57 insertions(+), 1 deletion(-) diff --git a/autoload/ale/fix/registry.vim b/autoload/ale/fix/registry.vim index 539234c0..e148ecd6 100644 --- a/autoload/ale/fix/registry.vim +++ b/autoload/ale/fix/registry.vim @@ -242,6 +242,9 @@ endfunction " Add a function for fixing problems to the registry. " (name, func, filetypes, desc, aliases) function! ale#fix#registry#Add(name, func, filetypes, desc, ...) abort + " This command will throw from the sandbox. + let &equalprg=&equalprg + if type(a:name) != type('') throw '''name'' must be a String' endif diff --git a/autoload/ale/linter.vim b/autoload/ale/linter.vim index 22e3c5dc..aa602f7e 100644 --- a/autoload/ale/linter.vim +++ b/autoload/ale/linter.vim @@ -50,6 +50,9 @@ endfunction " This is only for tests. " Do not call this function. function! ale#linter#GetLintersLoaded() abort + " This command will throw from the sandbox. + let &equalprg=&equalprg + return s:linters endfunction @@ -289,6 +292,9 @@ function! ale#linter#PreProcess(filetype, linter) abort endfunction function! ale#linter#Define(filetype, linter) abort + " This command will throw from the sandbox. + let &equalprg=&equalprg + if !has_key(s:linters, a:filetype) let s:linters[a:filetype] = [] endif @@ -304,6 +310,12 @@ function! ale#linter#PreventLoading(filetype) abort endfunction function! ale#linter#GetAll(filetypes) abort + " Don't return linters in the sandbox. + " Otherwise a sandboxed script could modify them. + if ale#util#InSandbox() + return [] + endif + let l:combined_linters = [] for l:filetype in a:filetypes diff --git a/test/test_sandbox_execution.vader b/test/test_sandbox_execution.vader index 7f4941fd..4dbcb0db 100644 --- a/test/test_sandbox_execution.vader +++ b/test/test_sandbox_execution.vader @@ -24,10 +24,13 @@ Before: let g:ale_buffer_info = {} After: + unlet! b:in_sandbox + unlet! b:result + delfunction TestCallback call ale#linter#Reset() let g:ale_buffer_info = {} - unlet! b:in_sandbox + Given foobar (Some imaginary filetype): foo @@ -61,3 +64,41 @@ Execute(ALE shouldn't blow up if file cleanup happens in a sandbox): AssertEqual ['/tmp/foo'], g:ale_buffer_info[3].temporary_file_list AssertEqual ['/tmp/bar'], g:ale_buffer_info[3].temporary_directory_list + +Execute(You shouldn't be able to define linters from the sandbox): + call ale#linter#Reset() + call ale#linter#PreventLoading('testft') + + AssertThrows sandbox call ale#linter#Define('testft', { + \ 'name': 'testlinter', + \ 'output_stream': 'stdout', + \ 'executable': 'testlinter', + \ 'command': 'testlinter', + \ 'callback': 'testCB', + \}) + AssertEqual 'Vim(let):E48: Not allowed in sandbox', g:vader_exception + AssertEqual [], ale#linter#GetAll(['testft']) + +Execute(You shouldn't be able to register fixers from the sandbox): + call ale#fix#registry#Clear() + AssertThrows sandbox call ale#fix#registry#Add('prettier', '', ['javascript'], 'prettier') + AssertEqual 'Vim(let):E48: Not allowed in sandbox', g:vader_exception + AssertEqual [], ale#fix#registry#CompleteFixers('', 'ALEFix ', 7) + +Execute(You shouldn't be able to get linters from the sandbox, to prevent tampering): + AssertThrows sandbox call ale#linter#GetLintersLoaded() + AssertEqual 'Vim(let):E48: Not allowed in sandbox', g:vader_exception + + call ale#linter#Reset() + + sandbox let b:result = ale#linter#GetAll(['testft']) + + AssertEqual 0, len(b:result) + + let b:result = ale#linter#GetAll(['testft']) + + AssertEqual 1, len(b:result) + + sandbox let b:result = ale#linter#GetAll(['testft']) + + AssertEqual 0, len(b:result)