Autoenv rewrite, security and scripting (#2083)
* Add args in .nurc file to environment
* Working dummy version
* Add add_nurc to sync_env command
* Parse .nurc file
* Delete env vars after leaving directory
* Removing vals not working, strangely
* Refactoring, add comment
* Debugging
* Debug by logging to file
* Add and remove env var behavior appears correct
However, it does not use existing code that well.
* Move work to cli.rs
* Parse config directories
* I am in a state of distress
* Rename .nurc to .nu
* Some notes for me
* Refactoring
* Removing vars works, but not done in a very nice fashion
* Refactor env_vars_to_delete
* Refactor env_vars_to_add()
* Move directory environment code to separate file
* Refactor from_config
* Restore env values
* Working?
* Working?
* Update comments and change var name
* Formatting
* Remove vars after leaving dir
* Remove notes I made
* Rename config function
* Clippy
* Cleanup and handle errors
* cargo fmt
* Better error messages, remove last (?) unwrap
* FORMAT PLZ
* Rename whitelisted_directories to allowed_directories
* Add comment to clarify how overwritten values are restored.
* Change list of allowed dirs to indexmap
* Rewrite starting
* rewrite everything
* Overwritten env values tracks an indexmap instead of vector
* Refactor restore function
* Untrack removed vars properly
* Performance concerns
* Performance concerns
* Error handling
* Clippy
* Add type aliases for String and OsString
* Deletion almost works
* Working?
* Error handling and refactoring
* nicer errors
* Add TODO file
* Move outside of loop
* Error handling
* Reworking adding of vars
* Reworking adding of vars
* Ready for testing
* Refactoring
* Restore overwritten vals code
* todo.org
* Remove overwritten values tracking, as it is not needed
* Cleanup, stop tracking overwritten values as nu takes care of it
* Init autoenv command
* Initialize autoenv and autoenv trust
* autoenv trust toml
* toml
* Use serde for autoenv
* Optional directory arg
* Add autoenv untrust command
* ... actually add autoenv untrust this time
* OsString and paths
* Revert "OsString and paths"
This reverts commit e6eedf882498c1365ecfc899e5ec11bd83cb055c.
* Fix path
* Fix path
* Autoenv trust and untrust
* Start using autoenv
* Check hashes
* Use trust functionality when setting vars
* Remove unused code
* Clippy
* Nicer errors for autoenv commands
* Non-working errors
* Update error description
* Satisfy fmt
* Errors
* Errors print, but not nicely
* Nicer errors
* fmt
* Delete accidentally added todo.org file
* Rename direnv to autoenv
* Use ShellError instead of Error
* Change tests to pass, danger zone?
* Clippy and errors
* Clippy... again
* Replace match with or_else
* Use sha2 crate for hashing
* parsing and error msg
* Refactoring
* Only apply vars once
* if parent dir
* Delete vars
* Rework exit code
* Adding works
* restore
* Fix possibility of infinite loop
* Refactoring
* Non-working
* Revert "Non-working"
This reverts commit e231b85570bcb3fc838f950e9f5004c6a7c5a2ac.
* Revert "Revert "Non-working""
This reverts commit 804092e46a752266576b044401cc97c317e41f21.
* Autoenv trust works without restart
* Cargo fix
* Script vars
* Serde
* Serde errors
* Entry and exitscripts
* Clippy
* Support windows and handle errors
* Formatting
* Fix infinite loop on windows
* Debugging windows loop
* More windows infinite loop debugging
* Windows loop debugging #3
* windows loop #4
* Don't return err
* Cleanup unused code
* Infinite loop debug
* Loop debugging
* Check if infinite loop is vars_to_add
* env_vars_to_add does not terminate, skip loop as test
* Hypothesis: std::env::current_dir() is messing with something
* Hypothesis: std::env::current_dir() is messing with something
* plz
* make clippy happy
* debugging in env_vars_to_add
* Debbuging env_vars_to_add #2
* clippy
* clippy..
* Fool clippy
* Fix another infinite loop
* Binary search for error location x)
* Binary search #3
* fmt
* Binary search #4
* more searching...
* closing in... maybe
* PLZ
* Cleanup
* Restore commented out functionality
* Handle case when user gives the directory "."
* fmt
* Use fs::canonicalize for paths
* Create optional script section
* fmt
* Add exitscripts even if no entryscripts are defined
* All sections in .nu-env are now optional
* Re-read config file each directory change
* Hot reload after autoenv untrust, don't run exitscripts if untrusted
* Debugging
* Fix issue with recursive adding of vars
* Thank you for finding my issues Mr. Azure
* use std::env
2020-07-05 19:34:00 +02:00
|
|
|
use crate::commands::WholeStreamCommand;
|
|
|
|
use crate::prelude::*;
|
|
|
|
use nu_errors::ShellError;
|
|
|
|
use nu_protocol::{ReturnSuccess, Signature, UntaggedValue};
|
|
|
|
use serde::Deserialize;
|
|
|
|
use serde::Serialize;
|
|
|
|
use sha2::{Digest, Sha256};
|
|
|
|
use std::io::Read;
|
|
|
|
use std::path::PathBuf;
|
|
|
|
pub struct Autoenv;
|
|
|
|
|
|
|
|
#[derive(Deserialize, Serialize, Debug, Default)]
|
|
|
|
pub struct Trusted {
|
|
|
|
pub files: IndexMap<String, Vec<u8>>,
|
|
|
|
}
|
|
|
|
impl Trusted {
|
|
|
|
pub fn new() -> Self {
|
|
|
|
Trusted {
|
|
|
|
files: IndexMap::new(),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
pub fn file_is_trusted(nu_env_file: &PathBuf, content: &[u8]) -> Result<bool, ShellError> {
|
|
|
|
let contentdigest = Sha256::digest(&content).as_slice().to_vec();
|
2020-07-12 06:14:09 +02:00
|
|
|
let nufile = std::fs::canonicalize(nu_env_file)?;
|
Autoenv rewrite, security and scripting (#2083)
* Add args in .nurc file to environment
* Working dummy version
* Add add_nurc to sync_env command
* Parse .nurc file
* Delete env vars after leaving directory
* Removing vals not working, strangely
* Refactoring, add comment
* Debugging
* Debug by logging to file
* Add and remove env var behavior appears correct
However, it does not use existing code that well.
* Move work to cli.rs
* Parse config directories
* I am in a state of distress
* Rename .nurc to .nu
* Some notes for me
* Refactoring
* Removing vars works, but not done in a very nice fashion
* Refactor env_vars_to_delete
* Refactor env_vars_to_add()
* Move directory environment code to separate file
* Refactor from_config
* Restore env values
* Working?
* Working?
* Update comments and change var name
* Formatting
* Remove vars after leaving dir
* Remove notes I made
* Rename config function
* Clippy
* Cleanup and handle errors
* cargo fmt
* Better error messages, remove last (?) unwrap
* FORMAT PLZ
* Rename whitelisted_directories to allowed_directories
* Add comment to clarify how overwritten values are restored.
* Change list of allowed dirs to indexmap
* Rewrite starting
* rewrite everything
* Overwritten env values tracks an indexmap instead of vector
* Refactor restore function
* Untrack removed vars properly
* Performance concerns
* Performance concerns
* Error handling
* Clippy
* Add type aliases for String and OsString
* Deletion almost works
* Working?
* Error handling and refactoring
* nicer errors
* Add TODO file
* Move outside of loop
* Error handling
* Reworking adding of vars
* Reworking adding of vars
* Ready for testing
* Refactoring
* Restore overwritten vals code
* todo.org
* Remove overwritten values tracking, as it is not needed
* Cleanup, stop tracking overwritten values as nu takes care of it
* Init autoenv command
* Initialize autoenv and autoenv trust
* autoenv trust toml
* toml
* Use serde for autoenv
* Optional directory arg
* Add autoenv untrust command
* ... actually add autoenv untrust this time
* OsString and paths
* Revert "OsString and paths"
This reverts commit e6eedf882498c1365ecfc899e5ec11bd83cb055c.
* Fix path
* Fix path
* Autoenv trust and untrust
* Start using autoenv
* Check hashes
* Use trust functionality when setting vars
* Remove unused code
* Clippy
* Nicer errors for autoenv commands
* Non-working errors
* Update error description
* Satisfy fmt
* Errors
* Errors print, but not nicely
* Nicer errors
* fmt
* Delete accidentally added todo.org file
* Rename direnv to autoenv
* Use ShellError instead of Error
* Change tests to pass, danger zone?
* Clippy and errors
* Clippy... again
* Replace match with or_else
* Use sha2 crate for hashing
* parsing and error msg
* Refactoring
* Only apply vars once
* if parent dir
* Delete vars
* Rework exit code
* Adding works
* restore
* Fix possibility of infinite loop
* Refactoring
* Non-working
* Revert "Non-working"
This reverts commit e231b85570bcb3fc838f950e9f5004c6a7c5a2ac.
* Revert "Revert "Non-working""
This reverts commit 804092e46a752266576b044401cc97c317e41f21.
* Autoenv trust works without restart
* Cargo fix
* Script vars
* Serde
* Serde errors
* Entry and exitscripts
* Clippy
* Support windows and handle errors
* Formatting
* Fix infinite loop on windows
* Debugging windows loop
* More windows infinite loop debugging
* Windows loop debugging #3
* windows loop #4
* Don't return err
* Cleanup unused code
* Infinite loop debug
* Loop debugging
* Check if infinite loop is vars_to_add
* env_vars_to_add does not terminate, skip loop as test
* Hypothesis: std::env::current_dir() is messing with something
* Hypothesis: std::env::current_dir() is messing with something
* plz
* make clippy happy
* debugging in env_vars_to_add
* Debbuging env_vars_to_add #2
* clippy
* clippy..
* Fool clippy
* Fix another infinite loop
* Binary search for error location x)
* Binary search #3
* fmt
* Binary search #4
* more searching...
* closing in... maybe
* PLZ
* Cleanup
* Restore commented out functionality
* Handle case when user gives the directory "."
* fmt
* Use fs::canonicalize for paths
* Create optional script section
* fmt
* Add exitscripts even if no entryscripts are defined
* All sections in .nu-env are now optional
* Re-read config file each directory change
* Hot reload after autoenv untrust, don't run exitscripts if untrusted
* Debugging
* Fix issue with recursive adding of vars
* Thank you for finding my issues Mr. Azure
* use std::env
2020-07-05 19:34:00 +02:00
|
|
|
|
|
|
|
let trusted = read_trusted()?;
|
2020-07-12 06:14:09 +02:00
|
|
|
Ok(trusted.files.get(&nufile.to_string_lossy().to_string()) == Some(&contentdigest))
|
Autoenv rewrite, security and scripting (#2083)
* Add args in .nurc file to environment
* Working dummy version
* Add add_nurc to sync_env command
* Parse .nurc file
* Delete env vars after leaving directory
* Removing vals not working, strangely
* Refactoring, add comment
* Debugging
* Debug by logging to file
* Add and remove env var behavior appears correct
However, it does not use existing code that well.
* Move work to cli.rs
* Parse config directories
* I am in a state of distress
* Rename .nurc to .nu
* Some notes for me
* Refactoring
* Removing vars works, but not done in a very nice fashion
* Refactor env_vars_to_delete
* Refactor env_vars_to_add()
* Move directory environment code to separate file
* Refactor from_config
* Restore env values
* Working?
* Working?
* Update comments and change var name
* Formatting
* Remove vars after leaving dir
* Remove notes I made
* Rename config function
* Clippy
* Cleanup and handle errors
* cargo fmt
* Better error messages, remove last (?) unwrap
* FORMAT PLZ
* Rename whitelisted_directories to allowed_directories
* Add comment to clarify how overwritten values are restored.
* Change list of allowed dirs to indexmap
* Rewrite starting
* rewrite everything
* Overwritten env values tracks an indexmap instead of vector
* Refactor restore function
* Untrack removed vars properly
* Performance concerns
* Performance concerns
* Error handling
* Clippy
* Add type aliases for String and OsString
* Deletion almost works
* Working?
* Error handling and refactoring
* nicer errors
* Add TODO file
* Move outside of loop
* Error handling
* Reworking adding of vars
* Reworking adding of vars
* Ready for testing
* Refactoring
* Restore overwritten vals code
* todo.org
* Remove overwritten values tracking, as it is not needed
* Cleanup, stop tracking overwritten values as nu takes care of it
* Init autoenv command
* Initialize autoenv and autoenv trust
* autoenv trust toml
* toml
* Use serde for autoenv
* Optional directory arg
* Add autoenv untrust command
* ... actually add autoenv untrust this time
* OsString and paths
* Revert "OsString and paths"
This reverts commit e6eedf882498c1365ecfc899e5ec11bd83cb055c.
* Fix path
* Fix path
* Autoenv trust and untrust
* Start using autoenv
* Check hashes
* Use trust functionality when setting vars
* Remove unused code
* Clippy
* Nicer errors for autoenv commands
* Non-working errors
* Update error description
* Satisfy fmt
* Errors
* Errors print, but not nicely
* Nicer errors
* fmt
* Delete accidentally added todo.org file
* Rename direnv to autoenv
* Use ShellError instead of Error
* Change tests to pass, danger zone?
* Clippy and errors
* Clippy... again
* Replace match with or_else
* Use sha2 crate for hashing
* parsing and error msg
* Refactoring
* Only apply vars once
* if parent dir
* Delete vars
* Rework exit code
* Adding works
* restore
* Fix possibility of infinite loop
* Refactoring
* Non-working
* Revert "Non-working"
This reverts commit e231b85570bcb3fc838f950e9f5004c6a7c5a2ac.
* Revert "Revert "Non-working""
This reverts commit 804092e46a752266576b044401cc97c317e41f21.
* Autoenv trust works without restart
* Cargo fix
* Script vars
* Serde
* Serde errors
* Entry and exitscripts
* Clippy
* Support windows and handle errors
* Formatting
* Fix infinite loop on windows
* Debugging windows loop
* More windows infinite loop debugging
* Windows loop debugging #3
* windows loop #4
* Don't return err
* Cleanup unused code
* Infinite loop debug
* Loop debugging
* Check if infinite loop is vars_to_add
* env_vars_to_add does not terminate, skip loop as test
* Hypothesis: std::env::current_dir() is messing with something
* Hypothesis: std::env::current_dir() is messing with something
* plz
* make clippy happy
* debugging in env_vars_to_add
* Debbuging env_vars_to_add #2
* clippy
* clippy..
* Fool clippy
* Fix another infinite loop
* Binary search for error location x)
* Binary search #3
* fmt
* Binary search #4
* more searching...
* closing in... maybe
* PLZ
* Cleanup
* Restore commented out functionality
* Handle case when user gives the directory "."
* fmt
* Use fs::canonicalize for paths
* Create optional script section
* fmt
* Add exitscripts even if no entryscripts are defined
* All sections in .nu-env are now optional
* Re-read config file each directory change
* Hot reload after autoenv untrust, don't run exitscripts if untrusted
* Debugging
* Fix issue with recursive adding of vars
* Thank you for finding my issues Mr. Azure
* use std::env
2020-07-05 19:34:00 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
pub fn read_trusted() -> Result<Trusted, ShellError> {
|
|
|
|
let config_path = config::default_path_for(&Some(PathBuf::from("nu-env.toml")))?;
|
|
|
|
|
|
|
|
let mut file = std::fs::OpenOptions::new()
|
|
|
|
.read(true)
|
|
|
|
.create(true)
|
|
|
|
.write(true)
|
|
|
|
.open(config_path)
|
|
|
|
.or_else(|_| {
|
|
|
|
Err(ShellError::untagged_runtime_error(
|
|
|
|
"Couldn't open nu-env.toml",
|
|
|
|
))
|
|
|
|
})?;
|
|
|
|
let mut doc = String::new();
|
|
|
|
file.read_to_string(&mut doc)?;
|
|
|
|
|
|
|
|
let allowed = toml::de::from_str(doc.as_str()).unwrap_or_else(|_| Trusted::new());
|
|
|
|
Ok(allowed)
|
|
|
|
}
|
|
|
|
|
|
|
|
#[async_trait]
|
|
|
|
impl WholeStreamCommand for Autoenv {
|
|
|
|
fn name(&self) -> &str {
|
|
|
|
"autoenv"
|
|
|
|
}
|
|
|
|
fn usage(&self) -> &str {
|
|
|
|
// "Mark a .nu-env file in a directory as trusted. Needs to be re-run after each change to the file or its filepath."
|
|
|
|
"Manage directory specific environments"
|
|
|
|
}
|
|
|
|
fn signature(&self) -> Signature {
|
|
|
|
Signature::build("autoenv")
|
|
|
|
}
|
|
|
|
async fn run(
|
|
|
|
&self,
|
|
|
|
_args: CommandArgs,
|
|
|
|
registry: &CommandRegistry,
|
|
|
|
) -> Result<OutputStream, ShellError> {
|
|
|
|
let registry = registry.clone();
|
|
|
|
Ok(OutputStream::one(ReturnSuccess::value(
|
|
|
|
UntaggedValue::string(crate::commands::help::get_help(&Autoenv, ®istry))
|
|
|
|
.into_value(Tag::unknown()),
|
|
|
|
)))
|
|
|
|
}
|
|
|
|
|
|
|
|
fn examples(&self) -> Vec<Example> {
|
|
|
|
vec![Example {
|
|
|
|
description: "Allow .nu-env file in current directory",
|
|
|
|
example: "autoenv trust",
|
|
|
|
result: None,
|
|
|
|
}]
|
|
|
|
}
|
|
|
|
}
|