From: Tom Gillespie <tgbugs@gmail.com>
To: Ihor Radchenko <yantar92@posteo.net>
Cc: Bastien <bzg@gnu.org>, Kyle Meyer <kyle@kyleam.com>,
emacs-orgmode@gnu.org
Subject: Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable
Date: Mon, 12 Dec 2022 17:53:04 -0800 [thread overview]
Message-ID: <CA+G3_PMwyRrjwJp_AGxnV8P7LbqiPkGfLiQY4rziUo-xcjAUaA@mail.gmail.com> (raw)
In-Reply-To: <874ju0j538.fsf@localhost>
[-- Attachment #1: Type: text/plain, Size: 500 bytes --]
Hi Ihor,
Here's the updated patch using :safe, and an additional
patch for the news entry to make it easier to apply the
core change to bugfix if needed. Best!
Tom
> I am also wondering if we should include this into bugfix.
I can vouch for the fact that trying to work around this in
any other way is going to be a massive pain. For example,
it will be hard to use vanilla 29 for various CI types of things
where someone might need to execute a cell but not
want to allow arbitrary codeblocks.
[-- Attachment #2: 0001-ob-core-add-org-confirm-babel-evaluate-cell-custom-v.patch --]
[-- Type: text/x-patch, Size: 3194 bytes --]
From 4a78e1b5ea98dee569ff690037c661ab5c300194 Mon Sep 17 00:00:00 2001
From: Tom Gillespie <tgbugs@gmail.com>
Date: Sat, 10 Dec 2022 12:11:17 -0800
Subject: [PATCH 1/2] ob-core: add org-confirm-babel-evaluate-cell custom
variable
* lisp/ob-core.el (org-confirm-babel-evaluate-cell): Added to control
execution of cells separate from execution of src blocks, it works in
exactly the same way as `org-confirm-babel-evaluate'.
* lisp/ob-core.el (org-babel-read): `org-confirm-babel-evaluate-cell'
is used to check cells independent of `org-confirm-babel-evaluate'.
Following the change in 10e857d42859a55b23cd4206ffce3ebd0f678583 it
became extremely annoying to tangle files that make extensive use of
elisp expression in src block #+header: statements.
This commit resolves the issue by making it possible to ignore checks
on cells (the old behavior) without compromising general security for
running src blocks.
This is necessary because there is no easy way to hop swap
`org-confirm-babel-evaluate' between `org-get-src-block-info' where
`org-babel-read' is called and the execution of that src block. It
could probably be done using advice around `org-babel-read', but that
is a level of hackery that should be avoided.
---
lisp/ob-core.el | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/lisp/ob-core.el b/lisp/ob-core.el
index 2fa9d8978..d56e47de5 100644
--- a/lisp/ob-core.el
+++ b/lisp/ob-core.el
@@ -128,6 +128,14 @@ remove code block execution from the `\\[org-ctrl-c-ctrl-c]' keybinding."
;; don't allow this variable to be changed through file settings
(put 'org-confirm-babel-evaluate 'safe-local-variable (lambda (x) (eq x t)))
+(defcustom org-confirm-babel-evaluate-cell t
+ "Confirm before evaluating a cell.
+This follows the same conventions as `org-confirm-babel-evaluate'."
+ :group 'org-babel
+ :package-version '(Org . "9.6")
+ :type '(choice boolean function)
+ :safe (lambda (x) (eq x t)))
+
(defcustom org-babel-no-eval-on-ctrl-c-ctrl-c nil
"\\<org-mode-map>\
Remove code block evaluation from the `\\[org-ctrl-c-ctrl-c]' key binding."
@@ -3180,11 +3188,14 @@ situations in which is it not appropriate."
(string= cell "*this*")))
;; Prevent arbitrary function calls.
(if (and (memq (string-to-char cell) '(?\( ?`))
+ (if (functionp org-confirm-babel-evaluate-cell)
+ (funcall org-confirm-babel-evaluate-cell "emacs-lisp" cell)
+ org-confirm-babel-evaluate-cell)
(not (org-babel-confirm-evaluate
- ;; See `org-babel-get-src-block-info'.
- (list "emacs-lisp" (format "%S" cell)
- '((:eval . yes)) nil (format "%S" cell)
- nil nil))))
+ ;; See `org-babel-get-src-block-info'.
+ (list "emacs-lisp" (format "%S" cell)
+ '((:eval . yes)) nil (format "%S" cell)
+ nil nil))))
;; Not allowed.
(user-error "Evaluation of elisp code %S aborted." cell)
(eval (read cell) t)))
--
2.37.4
[-- Attachment #3: 0002-etc-ORG-NEWS-Add-entry-for-org-confirm-babel-evaluat.patch --]
[-- Type: text/x-patch, Size: 1784 bytes --]
From 03aad0a73acfca05245a01e83bae3609e6d3ed04 Mon Sep 17 00:00:00 2001
From: Tom Gillespie <tgbugs@gmail.com>
Date: Mon, 12 Dec 2022 17:45:14 -0800
Subject: [PATCH 2/2] * etc/ORG-NEWS: Add entry for
`org-confirm-babel-evaluate-cell'.
---
etc/ORG-NEWS | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/etc/ORG-NEWS b/etc/ORG-NEWS
index 5d5e726e0..16ff5ba67 100644
--- a/etc/ORG-NEWS
+++ b/etc/ORG-NEWS
@@ -12,6 +12,42 @@ See the end of the file for license conditions.
Please send Org bug reports to mailto:emacs-orgmode@gnu.org.
* Version 9.7 (not released yet)
+
+** New options
+*** A new custom setting ~org-confirm-babel-evaluate-cell~ to control confirming execution of cells
+
+Following recent changes to ~org-babel-read~ it became annoying to
+tangle files that make extensive use of elisp expression in src
+block #+header: statements.
+
+~org-confirm-babel-evaluate-cell~ resolves the issue by making it
+possible to ignore checks on cells (the old behavior) without
+compromising general security for running src blocks.
+
+It works in the same way as ~org-confirm-babel-evaluate~, accepting a
+boolean or a function of two arguments (lang body).
+
+Here is an example that works for ~(and)~, ~(or)~, and simple calls to
+~(identity ...)~.
+
+#+begin_src emacs-lisp
+(setq-local
+ org-confirm-babel-evaluate-cell
+ (lambda (lang body)
+ (ignore lang)
+ (let ((rb (read body)))
+ (not ; aka (unless condition t)
+ (or
+ (member rb '((or) (and)))
+ (and
+ (eq (car rb) 'identity)
+ (let ((v (cadr rb)))
+ (or
+ (symbolp v)
+ (stringp v)
+ (numberp v)))))))))
+#+end_src
+
* Version 9.6
** Important announcements and breaking changes
--
2.37.4
next prev parent reply other threads:[~2022-12-13 1:54 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-10 20:28 [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable Tom Gillespie
2022-12-11 2:58 ` Max Nikulin
2022-12-11 20:27 ` Tom Gillespie
2022-12-11 20:37 ` Tom Gillespie
2022-12-11 20:46 ` Kyle Meyer
2022-12-11 21:08 ` Tom Gillespie
2022-12-12 10:20 ` Ihor Radchenko
2022-12-13 1:53 ` Tom Gillespie [this message]
2022-12-13 9:03 ` Ihor Radchenko
2022-12-13 16:31 ` Max Nikulin
2022-12-13 21:16 ` Tom Gillespie
2022-12-14 16:40 ` Max Nikulin
2022-12-14 18:24 ` Tom Gillespie
2022-12-15 9:18 ` Ihor Radchenko
2022-12-15 9:25 ` Tom Gillespie
2022-12-15 9:57 ` tomas
2022-12-15 9:10 ` Ihor Radchenko
2022-12-15 12:10 ` Max Nikulin
2022-12-15 12:25 ` Ihor Radchenko
2022-12-15 14:46 ` Max Nikulin
2022-12-15 21:08 ` Tim Cross
2022-12-16 6:07 ` Ihor Radchenko
2022-12-16 7:22 ` Tim Cross
2022-12-18 14:19 ` Ihor Radchenko
2022-12-18 21:37 ` Tim Cross
2022-12-20 0:00 ` Tom Gillespie
2022-12-20 0:06 ` Tom Gillespie
2022-12-25 11:00 ` Ihor Radchenko
2022-12-18 14:12 ` Ihor Radchenko
2022-12-25 11:06 ` Ihor Radchenko
2022-12-29 15:58 ` Bastien Guerry
2022-12-29 16:33 ` Max Nikulin
2022-12-29 16:35 ` Ihor Radchenko
2022-12-30 8:52 ` Bastien
2022-12-30 11:10 ` Max Nikulin
2022-12-30 17:43 ` Tom Gillespie
2022-12-31 13:48 ` Ihor Radchenko
2022-12-31 16:15 ` Tom Gillespie
2023-01-02 8:34 ` [SECURITY] Arbitrary code evaluation security in Org (was: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable) Ihor Radchenko
2023-01-02 10:59 ` [SECURITY] Arbitrary code evaluation security in Org Greg Minshall
2023-01-03 9:52 ` [SECURITY] Tangling can overwrite arbitrary tangling targets, including important user files (was: [SECURITY] Arbitrary code evaluation security in Org) Ihor Radchenko
2023-01-02 19:00 ` [SECURITY] Arbitrary code evaluation security in Org (was: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable) Tim Cross
2023-01-03 11:00 ` Ihor Radchenko
2023-01-07 13:12 ` Ihor Radchenko
2023-01-02 15:13 ` [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable Bastien Guerry
2023-01-02 15:17 ` Ihor Radchenko
2023-01-02 15:15 ` Bastien
2022-12-13 4:16 ` Kyle Meyer
2022-12-13 16:15 ` Max Nikulin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+G3_PMwyRrjwJp_AGxnV8P7LbqiPkGfLiQY4rziUo-xcjAUaA@mail.gmail.com \
--to=tgbugs@gmail.com \
--cc=bzg@gnu.org \
--cc=emacs-orgmode@gnu.org \
--cc=kyle@kyleam.com \
--cc=yantar92@posteo.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).