GNOME Bugzilla – Bug 771520
Write a very documented test for the seed_init_constrained scenario.
Last modified: 2016-09-16 12:57:53 UTC
And slightly update some API in order to really expose the sandboxing granularity that this engine initialization method offers.
Created attachment 335685 [details] [review] seed-importer: set empty search path on init. If imports is available, there's no reason to error out with a cryptic message (searchPath is not an array), it's better to just let the import attempt happen, with the user obtaining and undefined object instead of an exception.
Created attachment 335686 [details] [review] seed.h: fix exposed prototypes
Created attachment 335687 [details] [review] seed-engine: expose API to initialize the importer.
Created attachment 335688 [details] [review] seed-builtins: expose API to init builtins Examples of builtins are "print" or "quit".
Created attachment 335689 [details] [review] Add a very documented test to demonstrate sandboxing .. of the engine using mostly existing API.
Review of attachment 335685 [details] [review]: Looks good to me, just a typo in the commit message "and undefined object" → "an undefined object". I'd also put "imports" (and "searchPath", even if it's less relevant there) in some kind of quotes/backticks/whatever to make it clear that they are identifiers.
Review of attachment 335686 [details] [review]: This is a bit weird because it would be an API break, but it's just the prototype to be wrong and the actual function already takes a pointer so it's not an ABI break. Looks good. :)
Review of attachment 335687 [details] [review]: Looks good, taking in consideration some pre-existing weirdness. :D ::: libseed/seed-private.h @@ +43,3 @@ JSContextGroupRef group; gchar* program_name; + gboolean importer_initialized; This is a private re-definition of the publicly exported struct. I don't understand its purpose, but as things stands it seems right to update it in both places. ::: libseed/seed.h @@ +68,3 @@ SeedContextGroup group; gchar* program_name; + gboolean importer_initialized; This would be an ABI break, but I guess it's safe to assume people don't allocate this by hand but only through seed_init() so it's not an issue. I wonder why these are public though, but it has nothing to do with this commit. :)
Review of attachment 335688 [details] [review]: Looks good to me.
Review of attachment 335689 [details] [review]: Looks good to me, just the wrong year on a copyright header. :) ::: tests/c/test-module-whitelist.c @@ +15,3 @@ + * along with Seed. If not, see <http://www.gnu.org/licenses/>. + * + * Copyright © 2015 Robert Bosch Car Multimedia GmbH © 2016 I suppose. :)
Attachment 335685 [details] pushed as 692b87b - seed-importer: set empty search path on init. Attachment 335686 [details] pushed as b168f28 - seed.h: fix exposed prototypes Attachment 335687 [details] pushed as 82e6e90 - seed-engine: expose API to initialize the importer. Attachment 335688 [details] pushed as 1a4f19e - seed-builtins: expose API to init builtins Attachment 335689 [details] pushed as 941a8c5 - Add a very documented test to demonstrate sandboxing