Support --allow-paths in the CLI

ethereum · Apr 19, 2017 · ef9e809 · ef9e809
1 parent 3cacea7
commit ef9e809
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/Changelog.md b/Changelog.md
@@ -2,6 +2,8 @@
 
 Features:
  * Support ``interface`` contracts.
+ * Commandline interface: Support ``--allow-paths`` to define trusted import paths. Note: the
+   path(s) of the supplied contract(s) is always trusted.
 
 Bugfixes:
  * Type system: Contract inheriting from base with unimplemented constructor should be abstract.

diff --git a/docs/using-the-compiler.rst b/docs/using-the-compiler.rst
@@ -29,6 +29,8 @@ files reside, so things like ``import "/etc/passwd";`` only work if you add ``=/
 
 If there are multiple matches due to remappings, the one with the longest common prefix is selected.
 
+Important to note is that paths of included sources files and paths defined by remappings are allowed to include, but everything else is rejected. Additional paths can be added via the ``--allow-paths /sample/path,/another/sample/path`` switch.
+
 If your contracts use :ref:`libraries <libraries>`, you will notice that the bytecode contains substrings of the form ``__LibraryName______``. You can use ``solc`` as a linker meaning that it will insert the library addresses for you at those points:
 
 Either add ``--libraries "Math:0x12345678901234567890 Heap:0xabcdef0123456"`` to your command to provide an address for each library or store the string in a file (one library per line) and run ``solc`` using ``--libraries fileName``.

diff --git a/solc/CommandLineInterface.cpp b/solc/CommandLineInterface.cpp
@@ -102,6 +102,7 @@ static string const g_strSrcMapRuntime = "srcmap-runtime";
 static string const g_strVersion = "version";
 static string const g_stdinFileNameStr = "<stdin>";
 static string const g_strMetadataLiteral = "metadata-literal";
+static string const g_strAllowPaths = "allow-paths";
 
 static string const g_argAbi = g_strAbi;
 static string const g_argAddStandard = g_strAddStandard;
@@ -131,6 +132,7 @@ static string const g_argSignatureHashes = g_strSignatureHashes;
 static string const g_argVersion = g_strVersion;
 static string const g_stdinFileName = g_stdinFileNameStr;
 static string const g_argMetadataLiteral = g_strMetadataLiteral;
+static string const g_argAllowPaths = g_strAllowPaths;
 
 /// Possible arguments to for --combined-json
 static set<string> const g_combinedJsonArgs{
@@ -533,7 +535,12 @@ Allowed options)",
 			"Switch to linker mode, ignoring all options apart from --libraries "
 			"and modify binaries in place."
 		)
-		(g_argMetadataLiteral.c_str(), "Store referenced sources are literal data in the metadata output.");
+		(g_argMetadataLiteral.c_str(), "Store referenced sources are literal data in the metadata output.")
+		(
+			g_argAllowPaths.c_str(),
+			po::value<string>()->value_name("path(s)"),
+			"Allow a given path for imports. A list of paths can be supplied by separating them with a comma."
+		);
 	po::options_description outputComponents("Output Components");
 	outputComponents.add_options()
 		(g_argAst.c_str(), "AST of all source files.")
@@ -601,6 +608,13 @@ Allowed options)",
 
 bool CommandLineInterface::processInput()
 {
+	if (m_args.count(g_argAllowPaths))
+	{
+		vector<string> paths;
+		for (string const& path: boost::split(paths, m_args[g_argAllowPaths].as<string>(), boost::is_any_of(",")))
+			m_allowedDirectories.push_back(boost::filesystem::path(path));
+	}
+
 	readInputFilesAndConfigureRemappings();
 
 	if (m_args.count(g_argLibraries))