diff options
| author | Björn Linse <bjorn.linse@gmail.com> | 2019-06-26 08:11:51 +0200 |
|---|---|---|
| committer | Björn Linse <bjorn.linse@gmail.com> | 2019-06-26 08:19:57 +0200 |
| commit | 619a86cb1e8640e4b834ef1f85bd62b0fb5609f2 (patch) | |
| tree | 31e8f78201b225c73423c1d5a2716942014b7d88 /test/functional/eval/api_functions_spec.lua | |
| parent | 10c983fabeae6f2cda93404f3aa4ee814baa43f3 (diff) | |
| download | rneovim-619a86cb1e8640e4b834ef1f85bd62b0fb5609f2.tar.gz rneovim-619a86cb1e8640e4b834ef1f85bd62b0fb5609f2.tar.bz2 rneovim-619a86cb1e8640e4b834ef1f85bd62b0fb5609f2.zip | |
eval/api: don't allow the API to be called in the sandbox.
Identifying and maintaining a "secure" subset of the API would be too
much busywork. So just disable the entire thing.
Diffstat (limited to 'test/functional/eval/api_functions_spec.lua')
| -rw-r--r-- | test/functional/eval/api_functions_spec.lua | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/test/functional/eval/api_functions_spec.lua b/test/functional/eval/api_functions_spec.lua index 0e3a88802d..3947f88c0a 100644 --- a/test/functional/eval/api_functions_spec.lua +++ b/test/functional/eval/api_functions_spec.lua @@ -4,7 +4,8 @@ local lfs = require('lfs') local neq, eq, command = helpers.neq, helpers.eq, helpers.command local clear, curbufmeths = helpers.clear, helpers.curbufmeths local exc_exec, expect, eval = helpers.exc_exec, helpers.expect, helpers.eval -local insert = helpers.insert +local insert, meth_pcall = helpers.insert, helpers.meth_pcall +local meths = helpers.meths describe('eval-API', function() before_each(clear) @@ -145,4 +146,10 @@ describe('eval-API', function() ]]) screen:detach() end) + + it('cannot be called from sandbox', function() + eq({false, 'Vim(call):E48: Not allowed in sandbox'}, + meth_pcall(command, "sandbox call nvim_input('ievil')")) + eq({''}, meths.buf_get_lines(0, 0, -1, true)) + end) end) |