forked from lix-project/lix
Merge pull request #5826 from NixOS/fixup-5807
Properly return false on `builtins.pathExists /someNonAllowedPath`
This commit is contained in:
commit
6ca2db2dad
2 changed files with 25 additions and 7 deletions
|
@ -89,18 +89,28 @@ StringMap EvalState::realiseContext(const PathSet & context)
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
static Path realisePath(EvalState & state, const Pos & pos, Value & v, bool requireAbsolutePath = true)
|
struct RealisePathFlags {
|
||||||
|
// Whether to check whether the path is a valid absolute path
|
||||||
|
bool requireAbsolutePath = true;
|
||||||
|
// Whether to check that the path is allowed in pure eval mode
|
||||||
|
bool checkForPureEval = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
static Path realisePath(EvalState & state, const Pos & pos, Value & v, const RealisePathFlags flags = {})
|
||||||
{
|
{
|
||||||
PathSet context;
|
PathSet context;
|
||||||
|
|
||||||
Path path = requireAbsolutePath
|
Path path = flags.requireAbsolutePath
|
||||||
? state.coerceToPath(pos, v, context)
|
? state.coerceToPath(pos, v, context)
|
||||||
: state.coerceToString(pos, v, context, false, false);
|
: state.coerceToString(pos, v, context, false, false);
|
||||||
|
|
||||||
StringMap rewrites = state.realiseContext(context);
|
StringMap rewrites = state.realiseContext(context);
|
||||||
|
|
||||||
return state.checkSourcePath(
|
auto realPath = state.toRealPath(rewriteStrings(path, rewrites), context);
|
||||||
state.toRealPath(rewriteStrings(path, rewrites), context));
|
|
||||||
|
return flags.checkForPureEval
|
||||||
|
? state.checkSourcePath(realPath)
|
||||||
|
: realPath;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Add and attribute to the given attribute map from the output name to
|
/* Add and attribute to the given attribute map from the output name to
|
||||||
|
@ -1371,7 +1381,12 @@ static void prim_pathExists(EvalState & state, const Pos & pos, Value * * args,
|
||||||
{
|
{
|
||||||
Path path;
|
Path path;
|
||||||
try {
|
try {
|
||||||
path = realisePath(state, pos, *args[0]);
|
// We don’t check the path right now, because we don’t want to throw if
|
||||||
|
// the path isn’t allowed, but just return false
|
||||||
|
// (and we can’t just catch the exception here because we still want to
|
||||||
|
// throw if something in the evaluation of `*args[0]` tries to access an
|
||||||
|
// unauthorized path)
|
||||||
|
path = realisePath(state, pos, *args[0], { .checkForPureEval = false });
|
||||||
} catch (InvalidPathError & e) {
|
} catch (InvalidPathError & e) {
|
||||||
throw EvalError({
|
throw EvalError({
|
||||||
.msg = hintfmt(
|
.msg = hintfmt(
|
||||||
|
@ -1382,7 +1397,7 @@ static void prim_pathExists(EvalState & state, const Pos & pos, Value * * args,
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
mkBool(v, pathExists(path));
|
mkBool(v, pathExists(state.checkSourcePath(path)));
|
||||||
} catch (SysError & e) {
|
} catch (SysError & e) {
|
||||||
/* Don't give away info from errors while canonicalising
|
/* Don't give away info from errors while canonicalising
|
||||||
‘path’ in restricted mode. */
|
‘path’ in restricted mode. */
|
||||||
|
@ -1496,7 +1511,7 @@ static void prim_findFile(EvalState & state, const Pos & pos, Value * * args, Va
|
||||||
Path path;
|
Path path;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
path = realisePath(state, pos, *i->value, false);
|
path = realisePath(state, pos, *i->value, { .requireAbsolutePath = false });
|
||||||
} catch (InvalidPathError & e) {
|
} catch (InvalidPathError & e) {
|
||||||
throw EvalError({
|
throw EvalError({
|
||||||
.msg = hintfmt("cannot find '%1%', since path '%2%' is not valid", path, e.path),
|
.msg = hintfmt("cannot find '%1%', since path '%2%' is not valid", path, e.path),
|
||||||
|
|
|
@ -11,6 +11,9 @@ missingImpureErrorMsg=$(! nix eval --expr 'builtins.readFile ./pure-eval.sh' 2>&
|
||||||
echo "$missingImpureErrorMsg" | grep -q -- --impure || \
|
echo "$missingImpureErrorMsg" | grep -q -- --impure || \
|
||||||
fail "The error message should mention the “--impure” flag to unblock users"
|
fail "The error message should mention the “--impure” flag to unblock users"
|
||||||
|
|
||||||
|
[[ $(nix eval --expr 'builtins.pathExists ./pure-eval.sh') == false ]] || \
|
||||||
|
fail "Calling 'pathExists' on a non-authorised path should return false"
|
||||||
|
|
||||||
(! nix eval --expr builtins.currentTime)
|
(! nix eval --expr builtins.currentTime)
|
||||||
(! nix eval --expr builtins.currentSystem)
|
(! nix eval --expr builtins.currentSystem)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue