runtime(dist): centralize safe executable check and add vim library (#13413)

Follow up to 816fbcc26 (patch 9.0.1833: [security] runtime file fixes, 2023-08-31) and f7ac0ef50 (runtime: don't execute external commands when loading ftplugins, 2023-09-06). This puts the logic for safe executable checks in a single place, by introducing a central vim library, so all filetypes benefit from consistency. Notable changes: - dist#vim because the (autoload) namespace for a new runtime support library. Supporting functions should get documentation. It might make life easier for NeoVim devs to make the documentation a new file rather than cram it into existing files, though we may want cross-references to it somewhere… - The gzip and zip plugins need to be opted into by enabling execution of those programs (or the global plugin_exec). This needs documentation or discussion. - This fixes a bug in the zig plugin: code setting s:tmp_cwd was removed in f7ac0ef50 (runtime: don't execute external commands when loading ftplugins, 2023-09-06), but the variable was still referenced. Since the new function takes care of that automatically, the variable is no longer needed. Signed-off-by: D. Ben Knoble <ben.knoble+github@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
author: D. Ben Knoble <ben.knoble+github@gmail.com> 2023-11-04 05:11:17 -0400
committer: GitHub <noreply@github.com> 2023-11-04 10:11:17 +0100
commit: cd8a3eaf5348feacfecab4b374b7ea4ce6a97422 (patch)
tree: 93c6255071557c69bc8e15ee7830a31c0a3a7149 /runtime/ftplugin
parent: 08b1c61e8b67be2b6a95d9b85d3bbf84cc70712f (diff)
4 files changed, 6 insertions, 14 deletions
diff --git a/runtime/ftplugin/awk.vim b/runtime/ftplugin/awk.vim
index 785088ff9b..40fe304cf4 100644
--- a/runtime/ftplugin/awk.vim
+++ b/runtime/ftplugin/awk.vim
@@ -37,8 +37,8 @@ if exists("g:awk_is_gawk")
     let b:undo_ftplugin .= " | setl fp<"
   endif
 
-  " Disabled by default for security reasons.  
-  if get(g:, 'awk_exec', get(g:, 'plugin_exec', 0))
+  " Disabled by default for security reasons.
+  if dist#vim#IsSafeExecutable('awk', 'gawk')
     let path = system("gawk 'BEGIN { printf ENVIRON[\"AWKPATH\"] }'")
     let path = substitute(path, '^\.\=:\|:\.\=$\|:\.\=:', ',,', 'g') " POSIX cwd
     let path = substitute(path, ':', ',', 'g')
diff --git a/runtime/ftplugin/changelog.vim b/runtime/ftplugin/changelog.vim
index a62433378a..ab73949be5 100644
--- a/runtime/ftplugin/changelog.vim
+++ b/runtime/ftplugin/changelog.vim
@@ -57,8 +57,8 @@ if &filetype == 'changelog'
     endif
     let s:default_login = 'unknown'
 
-    " Disabled by default for security reasons.  
-    if get(g:, 'changelog_exec', get(g:, 'plugin_exec', 0))
+    " Disabled by default for security reasons.
+    if dist#vim#IsSafeExecutable('changelog', 'whoami')
       let login = s:login()
     else
       let login = s:default_login
diff --git a/runtime/ftplugin/perl.vim b/runtime/ftplugin/perl.vim
index 7ea0ae980a..c63bd3f9c7 100644
--- a/runtime/ftplugin/perl.vim
+++ b/runtime/ftplugin/perl.vim
@@ -56,12 +56,8 @@ endif
 
 " Set this once, globally.
 if !exists("perlpath")
-    let s:tmp_cwd = getcwd()
     " safety check: don't execute perl binary by default
-    if executable("perl") && get(g:, 'perl_exec', get(g:, 'plugin_exec', 0))
-        \ && (fnamemodify(exepath("perl"), ":p:h") != s:tmp_cwd
-        \ || (index(split($PATH, has("win32") ? ';' : ':'), s:tmp_cwd) != -1
-        \ && s:tmp_cwd != '.'))
+    if dist#vim#IsSafeExecutable('perl', 'perl')
       try
 	if &shellxquote != '"'
 	    let perlpath = system('perl -e "print join(q/,/,@INC)"')
@@ -77,7 +73,6 @@ if !exists("perlpath")
 	" current directory and the directory of the current file.
 	let perlpath = ".,,"
     endif
-    unlet! s:tmp_cwd
 endif
 
 " Append perlpath to the existing path value, if it is set.  Since we don't
diff --git a/runtime/ftplugin/zig.vim b/runtime/ftplugin/zig.vim
index 291fe44b11..28b8cd5a67 100644
--- a/runtime/ftplugin/zig.vim
+++ b/runtime/ftplugin/zig.vim
@@ -41,16 +41,13 @@ let &l:define='\v(<fn>|<const>|<var>|^\s*\#\s*define)'
 
 " Safety check: don't execute zig from current directory
 if !exists('g:zig_std_dir') && exists('*json_decode') &&
-    \  executable('zig') && get(g:, 'zig_exec', get(g:, 'plugin_exec', 0))
-    \ && (fnamemodify(exepath("zig"), ":p:h") != s:tmp_cwd
-    \ || (index(split($PATH,has("win32")? ';' : ':'), s:tmp_cwd) != -1 && s:tmp_cwd != '.'))
+    \  executable('zig') && dist#vim#IsSafeExecutable('zig', 'zig')
     silent let s:env = system('zig env')
     if v:shell_error == 0
         let g:zig_std_dir = json_decode(s:env)['std_dir']
     endif
     unlet! s:env
 endif
-unlet! s:tmp_cwd
 
 if exists('g:zig_std_dir')
     let &l:path = g:zig_std_dir . ',' . &l:path
author	D. Ben Knoble <ben.knoble+github@gmail.com>	2023-11-04 05:11:17 -0400
committer	GitHub <noreply@github.com>	2023-11-04 10:11:17 +0100
commit	cd8a3eaf5348feacfecab4b374b7ea4ce6a97422 (patch)
tree	93c6255071557c69bc8e15ee7830a31c0a3a7149 /runtime/ftplugin
parent	08b1c61e8b67be2b6a95d9b85d3bbf84cc70712f (diff)