Security: disable the elixir checker by default.

This executes the code your files. This is probably fine if you wrote
the files yourself, but it can be a problem if you're trying to check
third party files. If you are 100% willing to let Vim run the code in
your files, set g:syntastic_enable_elixir_checker to 1 in your vimrc.

References:

https://groups.google.com/d/msg/elixir-lang-talk/B29noPHvQ-8/9JvSGPop7n0J
This commit is contained in:
LCD 47 2014-07-16 18:39:52 +03:00
parent 1e3e0a8254
commit 1d19dff701
4 changed files with 8 additions and 2 deletions

View File

@ -19,7 +19,7 @@ if has('reltime')
lockvar! g:syntastic_start
endif
let g:syntastic_version = '3.4.0-106'
let g:syntastic_version = '3.4.0-107'
lockvar g:syntastic_version
" Sanity checks {{{1

View File

@ -49,6 +49,7 @@ endfunction " }}}2
function! g:SyntasticLoclist.isNewerThan(stamp) " {{{2
if !exists("self._stamp")
let self._stamp = []
return 0
endif
return syntastic#util#compareLexi(self._stamp, a:stamp) > 0
endfunction " }}}2

View File

@ -30,7 +30,7 @@ let s:defaultCheckers = {
\ 'dart': ['dartanalyzer'],
\ 'docbk': ['xmllint'],
\ 'dustjs': ['swiffer'],
\ 'elixir': ['elixir'],
\ 'elixir': [],
\ 'erlang': ['escript'],
\ 'eruby': ['ruby'],
\ 'fortran': ['gfortran'],

View File

@ -24,6 +24,11 @@ function! SyntaxCheckers_elixir_elixir_IsAvailable() dict
endfunction
function! SyntaxCheckers_elixir_elixir_GetLocList() dict
if !exists('g:syntastic_enable_elixir_checker') || !g:syntastic_enable_elixir_checker
call syntastic#log#error('checker elixir/elixir: checks disabled for security reasons; ' .
\ 'set g:syntastic_enable_elixir_checker to 1 to override')
return []
endif
let make_options = {}
let compile_command = 'elixir'