about summary refs log tree commit diff
path: root/tests
AgeCommit message (Collapse)AuthorFilesLines
2018-08-03 Merge pull request #2326 from aszlig/fix-symlink-leakEelco Dolstra1-0/+11
Fix symlink leak in restricted eval mode
2018-08-03 Fix symlink leak in restricted eval modeaszlig1-0/+11
In EvalState::checkSourcePath, the path is checked against the list of allowed paths first and later it's checked again *after* resolving symlinks. The resolving of the symlinks is done via canonPath, which also strips out "../" and "./". However after the canonicalisation the error message pointing out that the path is not allowed prints the symlink target in the error message. Even if we'd suppress the message, symlink targets could still be leaked if the symlink target doesn't exist (in this case the error is thrown in canonPath). So instead, we now do canonPath() without symlink resolving first before even checking against the list of allowed paths and then later do the symlink resolving and checking the allowed paths again. The first call to canonPath() should get rid of all the "../" and "./", so in theory the only way to leak a symlink if the attacker is able to put a symlink in one of the paths allowed by restricted evaluation mode. For the latter I don't think this is part of the threat model, because if the attacker can write to that path, the attack vector is even larger. Signed-off-by: aszlig <aszlig@nix.build>
2018-08-02 Allows selectively adding environment variables to pure shells.Samuel Dionne-Riel1-0/+7
Includes documentation and test.
2018-07-05 lib.concatMap and lib.mapAttrs to be builtinsvolth4-0/+10
2018-07-03 tests/search.sh: minor fix to unbreak tests after search ux mergeWill Dietz1-1/+1
2018-07-03 Add a fromTOML primopEelco Dolstra2-0/+185
This is primarily useful for processing Cargo.lock files.
2018-06-06 tests: more robust check for user namespaces availability (canUseSandbox)Aleksandr Pashkov1-5/+3
Issue https://github.com/NixOS/nix/issues/2165
2018-06-05 Don't require --fallback to recover from disappeared binary cache NARsEelco Dolstra1-4/+13
2018-06-05 Improve binary cache fallback testEelco Dolstra1-7/+7
2018-06-05 Remove non-existent NIX_DEBUG_SUBSTEelco Dolstra1-1/+1
2018-05-30 Modularize config settingsEelco Dolstra1-4/+9
Allow global config settings to be defined in multiple Config classes. For example, this means that libutil can have settings and evaluator settings can be moved out of libstore. The Config classes are registered in a new GlobalConfig class to which config files etc. are applied. Relevant to https://github.com/NixOS/nix/issues/2009 in that it removes the need for ad hoc handling of useCaseHack, which was the underlying cause of that issue.
2018-05-24 add docs and testsvolth2-1/+5
2018-05-11 Don't return negative numbers from the flex tokenizerEelco Dolstra1-0/+1
Fixes #1374. Closes #2129.
2018-05-02 Fix builtins.add testEelco Dolstra1-1/+1
Nix prints the floating point number 4.0 as "4".
2018-04-29 add tests for builtins.addTim Sears2-0/+9
2018-04-23 Merge branch 'pos-crash-fix' of git://github.com/dezgeg/nixShea Levy2-0/+2
2018-04-23 Merge branch 'add-test-eval-okay-nested-with' of ↵Shea Levy2-0/+4
git://github.com/ryantrinkle/nix
2018-04-18 add tests for multi searchDaniel Poelzleithner1-0/+5
2018-04-09 Merge branch 'fix/ruby-shebang' of git://github.com/samueldr/nixShea Levy3-0/+23
2018-04-09 Hardcodes `nix-shell` instead of `/usr/bin/env nix-shell`...Samuel Dionne-Riel2-2/+2
... in the ruby shebang test.
2018-04-08 Adds `nix-shell` test for special-cased ruby interpreter.Samuel Dionne-Riel3-0/+23
The test fakes the interpreter only to verify the arguments it would be given.
2018-04-06 Add missing eval-okay-regex-split.exp test fileDoug Beardsley1-0/+1
2018-04-03 libexpr: Make unsafeGetAttrPos not crash on noPosTuomas Tynkkynen2-0/+2
Currently e.g. `builtins.unsafeGetAttrPos "abort" builtins` will eventually segfault because pos->file is an unset Symbol. Found by afl-fuzz.
2018-03-30 Add test eval-okay-nested-withRyan Trinkle2-0/+4
2018-03-16 nix-shell: allow symlinks to .drvsLinus Heckemann1-0/+12
This makes persistent shell environments easier to use.
2018-03-16 Merge pull request #1939 from dezgeg/lexer-fixEelco Dolstra4-0/+6
libexpr: Recognize newline in more places in lexer
2018-03-14 Use boost::format from the boost packageEelco Dolstra1-2/+2
Note that this only requires headers from boost so it doesn't add a runtime dependency. Also, use Nixpkgs 18.03.
2018-03-13 Merge pull request #1906 from dtzWill/fix/nix-searchShea Levy3-1/+65
nix search: tests and fix #1893 and part of #1892
2018-03-02 Merge branch 'write-failure-fixes' of git://github.com/lheckemann/nixShea Levy2-0/+11
2018-03-02 libexpr: Recognize newline in more places in lexerTuomas Tynkkynen4-0/+6
Flex's regexes have an annoying feature: the dot matches everything except a newline. This causes problems for expressions like: "${0}\ " where the backslash-newline combination matches this rule instead of the intended one mentioned in the comment: <STRING>\$|\\|\$\\ { /* This can only occur when we reach EOF, otherwise the above (...|\$[^\{\"\\]|\\.|\$\\.)+ would have triggered. This is technically invalid, but we leave the problem to the parser who fails with exact location. */ return STR; } However, the parser actually accepts the resulting token sequence ('"' DOLLAR_CURLY 0 '}' STR '"'), which is a problem because the lexer rule didn't assign anything to yylval. Ultimately this leads to a crash when dereferencing a NULL pointer in ExprConcatStrings::bindVars(). The fix does change the syntax of the language in some corner cases but I think it's only turning previously invalid (or crashing) syntax to valid syntax. E.g. "a\ b" and ''a''\ b'' were previously syntax errors but now both result in "a\nb". Found by afl-fuzz.
2018-03-01 tests/search.sh: simplify, don't rely on consistent orderingWill Dietz1-7/+3
2018-02-26 libexpr: Fix prim_replaceStrings() to work on an empty source stringTuomas Tynkkynen2-1/+4
Otherwise, running e.g. nix-instantiate --eval -E --strict 'builtins.replaceStrings [""] ["X"] "abc"' would just hang in an infinite loop. Found by afl-fuzz. First attempt of this was reverted in e2d71bd1862cdda because it caused another infinite loop, which is fixed now and a test added.
2018-02-25 tests: test nix search behaviorWill Dietz3-1/+69
2018-02-22 Merge branch 'fix/dry-run-partially' of https://github.com/dtzWill/nixEelco Dolstra2-0/+53
2018-02-21 Revert "libexpr: Fix prim_replaceStrings() to work on an empty source string"Eelco Dolstra2-3/+1
This reverts commit 4ea9707591beceacf9988b3c185faf50da238403. It causes an infinite loop in Nixpkgs evaluation, e.g. "nix-instantiate -A hello" hung. PR #1886.
2018-02-19 libexpr: Fix prim_replaceStrings() to work on an empty source stringTuomas Tynkkynen2-1/+3
Otherwise, running e.g. nix-instantiate --eval -E --strict 'builtins.replaceStrings [""] ["X"] "abc"' would just hang in an infinite loop. Found by afl-fuzz.
2018-02-19 Merge branch 'register-settings' of https://github.com/shlevy/nixEelco Dolstra2-3/+12
2018-02-14 Add splitVersion primop.Shea Levy2-0/+2
Fixes #1868.
2018-02-13 Allow plugins to define new settings.Shea Levy2-3/+12
2018-02-13 Fix plugin tests on darwinShea Levy3-7/+7
2018-02-13 Fix #1762Linus Heckemann2-0/+11
nix-store --export, nix-store --dump, and nix dump-path would previously fail silently if writing the data out failed, because a) FdSink::write ignored exceptions, and b) the commands relied on FdSink's destructor, which ignores exceptions, to flush the data out. This could cause rather opaque issues with installing nixos, because nix-store --export would happily proceed even if it couldn't write its data out (e.g. if nix-store --import on the other side of the pipe failed). This commit adds tests that expose these issues in the nix-store commands, and fixes them for all three.
2018-02-13 Allow includes from nix.confShea Levy1-0/+5
2018-02-13 Merge branch 'register-constant' of https://github.com/shlevy/nixEelco Dolstra2-3/+3
2018-02-13 Merge branch 'plugins' of https://github.com/shlevy/nixEelco Dolstra4-2/+29
2018-02-08 Allow using RegisterPrimop to define constants.Shea Levy2-3/+3
This enables plugins to add new constants, as well as new primops.
2018-02-08 Add plugins to make Nix more extensible.Shea Levy4-2/+29
All plugins in plugin-files will be dlopened, allowing them to statically construct instances of the various Register* types Nix supports.
2018-02-08 nix-env: Fix parsing of --systemEelco Dolstra1-0/+3
https://hydra.nixos.org/build/68827814
2018-02-08 dsa -> ed25519Eelco Dolstra2-8/+8
DSS is disabled by default in NixOS 18.03. https://hydra.nixos.org/build/68788560
2018-02-07 build-dry: disable failing portion of test until issue is fixedWill Dietz1-1/+4
2018-02-07 tests: Add (failing) tests for reported --dry-run issues.Will Dietz2-0/+50