fix: shell allowlist scope

2024-12-29 14:04:19 +03:00 · 2021-12-27 13:44:19 -03:00 · 2021-12-27 13:44:19 -03:00 · b43019a2b0
commit b43019a2b0
parent 2e212e1eac
4 changed files with 17 additions and 4 deletions
--- a/core/tauri-utils/src/config.rs
+++ b/core/tauri-utils/src/config.rs
@ -2099,8 +2099,9 @@ mod build {
      let fs = &self.fs;
      let protocol = &self.protocol;
      let http = &self.http;
+      let shell = &self.shell;
      tokens.append_all(
-        quote! { ::tauri::utils::config::AllowlistConfig { fs: #fs, protocol: #protocol, http: #http, ..Default::default() } },
+        quote! { ::tauri::utils::config::AllowlistConfig { fs: #fs, protocol: #protocol, http: #http, shell: #shell, ..Default::default() } },
      )
    }
  }
--- a/core/tauri/src/app.rs
+++ b/core/tauri/src/app.rs
@ -1023,6 +1023,7 @@ impl<R: Runtime> Builder<R> {
        app.package_info(),
        &env,
        &app.config().tauri.allowlist.fs.scope,
+        true,
      ),
      #[cfg(protocol_asset)]
      asset_protocol: FsScope::for_fs_api(
@ -1030,6 +1031,7 @@ impl<R: Runtime> Builder<R> {
        app.package_info(),
        &env,
        &app.config().tauri.allowlist.protocol.asset_scope,
+        true,
      ),
      #[cfg(http_request)]
      http: crate::scope::HttpScope::for_http_api(&app.config().tauri.allowlist.http.scope),
@ -1039,6 +1041,7 @@ impl<R: Runtime> Builder<R> {
        app.package_info(),
        &env,
        &app.config().tauri.allowlist.shell.scope,
+        false,
      ),
    });
    app.manage(env);
--- a/core/tauri/src/scope/fs.rs
+++ b/core/tauri/src/scope/fs.rs
@ -16,6 +16,7 @@ use crate::api::path::parse as parse_path;
 #[derive(Clone)]
 pub struct Scope {
  allow_patterns: Vec<Pattern>,
+  is_fs_path: bool,
 }

 impl fmt::Debug for Scope {
@ -29,17 +30,19 @@ impl fmt::Debug for Scope {
          .map(|p| p.as_str())
          .collect::<Vec<&str>>(),
      )
+      .field("is_fs_path", &self.is_fs_path)
      .finish()
  }
 }

 impl Scope {
-  /// Creates a new scope from the allowlist's `fs` scope configuration.
+  /// Creates a new scope from a `FsAllowlistScope` configuration.
  pub fn for_fs_api(
    config: &Config,
    package_info: &PackageInfo,
    env: &Env,
    scope: &FsAllowlistScope,
+    is_fs_path: bool,
  ) -> Self {
    let mut allow_patterns = Vec::new();
    for path in &scope.0 {
@ -53,13 +56,16 @@ impl Scope {
        }
      }
    }
-    Self { allow_patterns }
+    Self {
+      allow_patterns,
+      is_fs_path,
+    }
  }

  /// Determines if the given path is allowed on this scope.
  pub fn is_allowed<P: AsRef<Path>>(&self, path: P) -> bool {
    let path = path.as_ref();
-    let path = if !path.exists() {
+    let path = if !path.exists() || !self.is_fs_path {
      crate::Result::Ok(path.to_path_buf())
    } else {
      std::fs::canonicalize(path).map_err(Into::into)
--- a/examples/api/src-tauri/tauri.conf.json
+++ b/examples/api/src-tauri/tauri.conf.json
@ -71,6 +71,9 @@
      "fs": {
        "scope": ["$APP/db", "$DOWNLOAD/**", "$RESOURCE/**"]
      },
+      "shell": {
+        "scope": ["sh", "cmd"]
+      },
      "protocol": {
        "asset": true,
        "assetScope": ["$RESOURCE/**"]