forked from lix-project/lix
Properly return false on builtins.pathExists /someNonAllowedPath
Follow-up from https://github.com/NixOS/nix/pull/5807 to fix https://github.com/NixOS/nix/pull/5807#issuecomment-1000135394
This commit is contained in:
parent
7feb741e00
commit
dc89dfa7b3
2 changed files with 25 additions and 7 deletions
|
@ -89,18 +89,28 @@ StringMap EvalState::realiseContext(const PathSet & context)
|
|||
return res;
|
||||
}
|
||||
|
||||
static Path realisePath(EvalState & state, const Pos & pos, Value & v, bool requireAbsolutePath = true)
|
||||
struct RealisePathFlags {
|
||||
// Whether to check whether the path is a valid absolute path
|
||||
bool requireAbsolutePath = true;
|
||||
// Whether to check that the path is allowed in pure eval mode
|
||||
bool checkForPureEval = true;
|
||||
};
|
||||
|
||||
static Path realisePath(EvalState & state, const Pos & pos, Value & v, const RealisePathFlags flags = {})
|
||||
{
|
||||
PathSet context;
|
||||
|
||||
Path path = requireAbsolutePath
|
||||
Path path = flags.requireAbsolutePath
|
||||
? state.coerceToPath(pos, v, context)
|
||||
: state.coerceToString(pos, v, context, false, false);
|
||||
|
||||
StringMap rewrites = state.realiseContext(context);
|
||||
|
||||
return state.checkSourcePath(
|
||||
state.toRealPath(rewriteStrings(path, rewrites), context));
|
||||
auto realPath = state.toRealPath(rewriteStrings(path, rewrites), context);
|
||||
|
||||
return flags.checkForPureEval
|
||||
? state.checkSourcePath(realPath)
|
||||
: realPath;
|
||||
}
|
||||
|
||||
/* Add and attribute to the given attribute map from the output name to
|
||||
|
@ -1371,7 +1381,12 @@ static void prim_pathExists(EvalState & state, const Pos & pos, Value * * args,
|
|||
{
|
||||
Path path;
|
||||
try {
|
||||
path = realisePath(state, pos, *args[0]);
|
||||
// We don’t check the path right now, because we don’t want to throw if
|
||||
// the path isn’t allowed, but just return false
|
||||
// (and we can’t just catch the exception here because we still want to
|
||||
// throw if something in the evaluation of `*args[0]` tries to access an
|
||||
// unauthorized path)
|
||||
path = realisePath(state, pos, *args[0], { .checkForPureEval = false });
|
||||
} catch (InvalidPathError & e) {
|
||||
throw EvalError({
|
||||
.msg = hintfmt(
|
||||
|
@ -1382,7 +1397,7 @@ static void prim_pathExists(EvalState & state, const Pos & pos, Value * * args,
|
|||
}
|
||||
|
||||
try {
|
||||
mkBool(v, pathExists(path));
|
||||
mkBool(v, pathExists(state.checkSourcePath(path)));
|
||||
} catch (SysError & e) {
|
||||
/* Don't give away info from errors while canonicalising
|
||||
‘path’ in restricted mode. */
|
||||
|
@ -1496,7 +1511,7 @@ static void prim_findFile(EvalState & state, const Pos & pos, Value * * args, Va
|
|||
Path path;
|
||||
|
||||
try {
|
||||
path = realisePath(state, pos, *i->value, false);
|
||||
path = realisePath(state, pos, *i->value, { .requireAbsolutePath = false });
|
||||
} catch (InvalidPathError & e) {
|
||||
throw EvalError({
|
||||
.msg = hintfmt("cannot find '%1%', since path '%2%' is not valid", path, e.path),
|
||||
|
|
|
@ -11,6 +11,9 @@ missingImpureErrorMsg=$(! nix eval --expr 'builtins.readFile ./pure-eval.sh' 2>&
|
|||
echo "$missingImpureErrorMsg" | grep -q -- --impure || \
|
||||
fail "The error message should mention the “--impure” flag to unblock users"
|
||||
|
||||
[[ $(nix eval --expr 'builtins.pathExists ./pure-eval.sh') == false ]] || \
|
||||
fail "Calling 'pathExists' on a non-authorised path should return false"
|
||||
|
||||
(! nix eval --expr builtins.currentTime)
|
||||
(! nix eval --expr builtins.currentSystem)
|
||||
|
||||
|
|
Loading…
Reference in a new issue