Restrict Nu with a cleaned environment. (#1222)

crates/nu-test-support/src/fs.rs

@@ -226,10 +226,12 @@ pub fn executable_path() -> PathBuf {
 }
 
 pub fn binaries() -> PathBuf {
-    let mut path = PathBuf::new();
-    path.push("target");
-    path.push("debug");
-    path
+    PathBuf::from(env!("CARGO_MANIFEST_DIR"))
+        .parent()
+        .expect("Couldn't find the debug binaries directory")
+        .parent()
+        .expect("Couldn't find the debug binaries directory")
+        .join("target/debug")
 }
 
 pub fn in_directory(str: impl AsRef<Path>) -> String {

crates/nu-test-support/src/macros.rs

@@ -28,7 +28,18 @@ macro_rules! nu {
             $crate::fs::DisplayPath::display_path(&$path)
         );
 
+        let dummies = $crate::fs::binaries();
+        let dummies = dunce::canonicalize(&dummies).unwrap_or_else(|e| {
+            panic!(
+                "Couldn't canonicalize dummy binaries path {}: {:?}",
+                dummies.display(),
+                e
+            )
+        });
+
         let mut process = match Command::new($crate::fs::executable_path())
+            .env_clear()
+            .env("PATH", dummies)
             .stdin(Stdio::piped())
             .stdout(Stdio::piped())
             .spawn()
@@ -85,7 +96,18 @@ macro_rules! nu_error {
             $crate::fs::DisplayPath::display_path(&$path)
         );
 
+        let dummies = $crate::fs::binaries();
+        let dummies = dunce::canonicalize(&dummies).unwrap_or_else(|e| {
+            panic!(
+                "Couldn't canonicalize dummy binaries path {}: {:?}",
+                dummies.display(),
+                e
+            )
+        });
+
         let mut process = Command::new($crate::fs::executable_path())
+            .env_clear()
+            .env("PATH", dummies)
             .stdout(Stdio::piped())
             .stdin(Stdio::piped())
             .stderr(Stdio::piped())