Enforce sandbox for environment

jsgf · jsgf · commit f78f462f5e54 · 2018-04-25T17:37:20.000-07:00
diff --git a/src/libsyntax_ext/env.rs b/src/libsyntax_ext/env.rs
@@ -21,8 +21,6 @@ use syntax::symbol::{keywords, Symbol};
 use syntax_pos::Span;
 use syntax::tokenstream;
 
-use std::env;
-
 pub fn expand_option_env<'cx>(cx: &'cx mut ExtCtxt,
                               sp: Span,
                               tts: &[tokenstream::TokenTree])
@@ -33,8 +31,10 @@ pub fn expand_option_env<'cx>(cx: &'cx mut ExtCtxt,
     };
 
     let sp = sp.apply_mark(cx.current_expansion.mark);
-    let e = match env::var(&*var.as_str()) {
-        Err(..) => {
+    let env_sb = cx.parse_sess().env_sandbox();
+
+    let e = match env_sb.env_get(&*var.as_str()) {
+        None => {
             let lt = cx.lifetime(sp, keywords::StaticLifetime.ident());
             cx.expr_path(cx.path_all(sp,
                                      true,
@@ -46,7 +46,7 @@ pub fn expand_option_env<'cx>(cx: &'cx mut ExtCtxt,
                                                      ast::Mutability::Immutable)],
                                      Vec::new()))
         }
-        Ok(s) => {
+        Some(s) => {
             cx.expr_call_global(sp,
                                 cx.std_path(&["option", "Option", "Some"]),
                                 vec![cx.expr_str(sp, Symbol::intern(&s))])
@@ -68,6 +68,8 @@ pub fn expand_env<'cx>(cx: &'cx mut ExtCtxt,
         Some(exprs) => exprs.into_iter(),
     };
 
+    let env_sb = cx.parse_sess().env_sandbox();
+
     let var = match expr_to_string(cx, exprs.next().unwrap(), "expected string literal") {
         None => return DummyResult::expr(sp),
         Some((v, _style)) => v,
@@ -87,12 +89,12 @@ pub fn expand_env<'cx>(cx: &'cx mut ExtCtxt,
         return DummyResult::expr(sp);
     }
 
-    let e = match env::var(&*var.as_str()) {
-        Err(_) => {
+    let e = match env_sb.env_get(&*var.as_str()) {
+        None => {
             cx.span_err(sp, &msg.as_str());
             cx.expr_usize(sp, 0)
         }
-        Ok(s) => cx.expr_str(sp, Symbol::intern(&s)),
+        Some(s) => cx.expr_str(sp, Symbol::intern(&s)),
     };
     MacEager::expr(e)
 }
diff --git a/src/test/run-pass/sb-env.rs b/src/test/run-pass/sb-env.rs
@@ -0,0 +1,22 @@
+// Copyright 2017 The Rust Project Developers. See the COPYRIGHT
+// file at the top-level directory of this distribution and at
+// http://rust-lang.org/COPYRIGHT.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+// Test to see how environment sandboxing is working
+// rustc-env:BLOBBIE=FOO
+// rustc-env:FOOBIE=BAR
+// rustc-env:THINGY=OLD
+// compile-flags:--env-allow BLOBBIE --env-define ZIPPIE=BLARG --env-define THINGY=NEW
+
+fn main() {
+    assert_eq!(option_env!("BLOBBIE"), Some("FOO")); // actual environment, allowed to be seen
+    assert_eq!(option_env!("ZIPPIE"), Some("BLARG")); // defined on command-line
+    assert_eq!(option_env!("THINGY"), Some("NEW")); // overridden on command-line
+    assert_eq!(option_env!("FOOBIE"), None); // actual environment, but not allowed to be seen
+}
