Add security support

tectonic-typesetting · Sep 4, 2021 · 40e51ce · 40e51ce
1 parent ab40d7e
commit 40e51ce
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 3 deletions.
diff --git a/crates/bridge_core/src/lib.rs b/crates/bridge_core/src/lib.rs
@@ -764,6 +764,11 @@ impl SecuritySettings {
     pub fn allow_shell_escape(&self) -> bool {
         !self.disable_insecures
     }
+
+    /// Query whether we're allowed to specify extra paths to read files from.
+    pub fn allow_extra_search_paths(&self) -> bool {
+        !self.disable_insecures
+    }
 }
 
 impl Default for SecuritySettings {

diff --git a/src/driver.rs b/src/driver.rs
@@ -1071,12 +1071,18 @@ impl ProcessingSessionBuilder {
         // move this out of self to get around borrow checker issues
         let hidden_input_paths = self.hidden_input_paths;
 
-        let extra_search_paths = self
-                .unstables
+        let extra_search_paths = if self.security.allow_extra_search_paths() {
+            self.unstables
                 .extra_search_paths
                 .iter()
                 .map(|p| FilesystemIo::new(p, false, false, hidden_input_paths.clone()))
-                .collect();
+                .collect()
+        } else {
+            if !self.unstables.extra_search_paths.is_empty() {
+                tt_warning!(status, "Extra search path(s) ignored due to security");
+            }
+            Vec::new()
+        };
 
         let filesystem = FilesystemIo::new(&filesystem_root, false, true, hidden_input_paths);
 

diff --git a/tests/executable.rs b/tests/executable.rs
@@ -819,4 +819,11 @@ fn extra_search_paths() {
         "\\input 1.tex\n\\bye",
     );
     error_or_panic(&output);
+
+    let output = run_tectonic_with_stdin(
+        tempdir.path(),
+        &[&fmt_arg, "-", "-Zsearch-path=subdirectory/content", "--untrusted"],
+        "\\input 1.tex\n\\bye",
+    );
+    error_or_panic(&output);
 }