feat(core): add shell > sidecar allowlist and process feature flag [TRI-037] (#18)

2024-10-26 18:12:23 +03:00 · 2021-10-24 09:30:58 -03:00 · 2021-10-24 09:30:58 -03:00 · eed017287f
commit eed017287f
parent 6fbd6dba52
8 changed files with 55 additions and 18 deletions
--- a/.changes/command-feature-flag.md
+++ b/.changes/command-feature-flag.md
@ -0,0 +1,5 @@
+---
+"tauri": patch
+---
+
+The `api::process::Command` APIs are now hidden behind the `command` feature flag.
--- a/.changes/sidecar-allowlist.md
+++ b/.changes/sidecar-allowlist.md
@ -0,0 +1,6 @@
+---
+"tauri-utils": patch
+"tauri": patch
+---
+
+The `shell` allowlist now includes a `sidecar` flag, which enables the use of the `shell` API to execute sidecars.
--- a/core/tauri-utils/src/config.rs
+++ b/core/tauri-utils/src/config.rs
@ -840,6 +840,11 @@ pub struct ShellAllowlistConfig {
  /// Enable binary execution.
  #[serde(default)]
  pub execute: bool,
+  /// Enable sidecar execution, allowing the JavaScript layer to spawn a sidecar program,
+  /// an executable that is shipped with the application.
+  /// For more information see https://tauri.studio/en/docs/usage/guides/bundler/sidecar.
+  #[serde(default)]
+  pub sidecar: bool,
  /// Open URL with the user's default application.
  #[serde(default)]
  pub open: bool,
@ -850,6 +855,7 @@ impl Allowlist for ShellAllowlistConfig {
    let allowlist = Self {
      all: false,
      execute: true,
+      sidecar: true,
      open: true,
    };
    let mut features = allowlist.to_features();
@ -863,6 +869,7 @@ impl Allowlist for ShellAllowlistConfig {
    } else {
      let mut features = Vec::new();
      check_feature!(self, features, execute, "shell-execute");
+      check_feature!(self, features, sidecar, "shell-sidecar");
      check_feature!(self, features, open, "shell-open");
      features
    }
--- a/core/tauri/Cargo.toml
+++ b/core/tauri/Cargo.toml
@ -164,8 +164,10 @@ process-relaunch = []
 protocol-all = ["protocol-asset"]
 protocol-asset = []
 reqwest-client = ["reqwest", "bytes"]
-shell-all = ["shell-execute", "shell-open"]
-shell-execute = ["shared_child", "os_pipe"]
+command = ["shared_child", "os_pipe"]
+shell-all = ["shell-execute", "shell-sidecar", "shell-open"]
+shell-execute = ["command"]
+shell-sidecar = ["command"]
 shell-open = ["open"]
 system-tray = ["tauri-runtime/system-tray", "tauri-runtime-wry/system-tray"]
 updater = ["minisign-verify", "base64", "dialog-ask"]
--- a/core/tauri/build.rs
+++ b/core/tauri/build.rs
@ -51,8 +51,9 @@ fn main() {

    // shell
    shell_all: { any(api_all, feature = "shell-all") },
-    shell_open: { any(shell_all, feature = "shell-open") },
    shell_execute: { any(shell_all, feature = "shell-execute") },
+    shell_sidecar: { any(shell_all, feature = "shell-sidecar") },
+    shell_open: { any(shell_all, feature = "shell-open") },

    // dialog
    dialog_all: { any(api_all, feature = "dialog-all") },
--- a/core/tauri/src/api/process.rs
+++ b/core/tauri/src/api/process.rs
@ -12,9 +12,11 @@ use std::{
  process::{exit, Command as StdCommand},
 };

-#[cfg(shell_execute)]
+#[cfg(feature = "command")]
+#[cfg_attr(doc_cfg, doc(cfg(feature = "command")))]
 mod command;
-#[cfg(shell_execute)]
+#[cfg(feature = "command")]
+#[cfg_attr(doc_cfg, doc(cfg(feature = "command")))]
 pub use command::*;

 /// Gets the current binary.
--- a/core/tauri/src/endpoints/shell.rs
+++ b/core/tauri/src/endpoints/shell.rs
@ -81,13 +81,23 @@ impl Cmd {
        on_event_fn,
        options,
      } => {
-        #[cfg(shell_execute)]
-        {
        let mut command = if options.sidecar {
+          #[cfg(not(shell_sidecar))]
+          return Err(crate::Error::ApiNotAllowlisted(
+            "shell > sidecar".to_string(),
+          ));
+          #[cfg(shell_sidecar)]
          crate::api::process::Command::new_sidecar(program)?
        } else {
+          #[cfg(not(shell_execute))]
+          return Err(crate::Error::ApiNotAllowlisted(
+            "shell > execute".to_string(),
+          ));
+          #[cfg(shell_execute)]
          crate::api::process::Command::new(program)
        };
+        #[cfg(any(shell_execute, shell_sidecar))]
+        {
          command = command.args(args);
          if let Some(cwd) = options.cwd {
            command = command.current_dir(cwd);
@ -116,10 +126,6 @@ impl Cmd {

          Ok(pid.into())
        }
-        #[cfg(not(shell_execute))]
-        Err(crate::Error::ApiNotAllowlisted(
-          "shell > execute".to_string(),
-        ))
      }
      Self::KillChild { pid } => {
        #[cfg(shell_execute)]
--- a/tooling/cli.rs/schema.json
+++ b/tooling/cli.rs/schema.json
@ -103,7 +103,8 @@
          "shell": {
            "all": false,
            "execute": false,
-            "open": false
+            "open": false,
+            "sidecar": false
          },
          "window": {
            "all": false,
@ -338,7 +339,8 @@
          "default": {
            "all": false,
            "execute": false,
-            "open": false
+            "open": false,
+            "sidecar": false
          },
          "allOf": [
            {
@ -1265,6 +1267,11 @@
          "description": "Open URL with the user's default application.",
          "default": false,
          "type": "boolean"
+        },
+        "sidecar": {
+          "description": "Enable sidecar execution, allowing the JavaScript layer to spawn a sidecar program, an executable that is shipped with the application. For more information see https://tauri.studio/en/docs/usage/guides/bundler/sidecar.",
+          "default": false,
+          "type": "boolean"
        }
      },
      "additionalProperties": false
@ -1356,7 +1363,8 @@
            "shell": {
              "all": false,
              "execute": false,
-              "open": false
+              "open": false,
+              "sidecar": false
            },
            "window": {
              "all": false,