From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id QCtnLasNXGO6iwAAbAwnHQ
	(envelope-from <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 28 Oct 2022 19:13:15 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id KBlBLasNXGOz3AAAauVa8A
	(envelope-from <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 28 Oct 2022 19:13:15 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 88B78F700
	for <larch@yhetil.org>; Fri, 28 Oct 2022 19:13:15 +0200 (CEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-orgmode-bounces@gnu.org>)
	id 1ooSuB-000265-Tn; Fri, 28 Oct 2022 13:12:27 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <geo-emacs-orgmode@m.gmane-mx.org>)
 id 1ooSuA-00024O-9u
 for emacs-orgmode@gnu.org; Fri, 28 Oct 2022 13:12:26 -0400
Received: from ciao.gmane.io ([116.202.254.214])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <geo-emacs-orgmode@m.gmane-mx.org>)
 id 1ooSu9-0000WM-1N
 for emacs-orgmode@gnu.org; Fri, 28 Oct 2022 13:12:26 -0400
Received: from list by ciao.gmane.io with local (Exim 4.92)
 (envelope-from <geo-emacs-orgmode@m.gmane-mx.org>)
 id 1ooSu5-0006t4-CB
 for emacs-orgmode@gnu.org; Fri, 28 Oct 2022 19:12:21 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: emacs-orgmode@gnu.org
From: Max Nikulin <manikulin@gmail.com>
Subject: Re: [PATCH] Re: [BUG][Security] begin_src :var evaluated before the
 prompt to confirm execution
Date: Sat, 29 Oct 2022 00:12:15 +0700
Message-ID: <tjh2hg$pae$1@ciao.gmane.io>
References: <tjct9e$179u$1@ciao.gmane.io> <87ilk4myev.fsf@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Content-Language: en-US
In-Reply-To: <87ilk4myev.fsf@localhost>
Received-SPF: pass client-ip=116.202.254.214;
 envelope-from=geo-emacs-orgmode@m.gmane-mx.org; helo=ciao.gmane.io
X-Spam_score_int: 26
X-Spam_score: 2.6
X-Spam_bar: ++
X-Spam_report: (2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001,
 FORGED_GMAIL_RCVD=1, FORGED_MUA_MOZILLA=2.309,
 FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001,
 HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001,
 NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-orgmode@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-orgmode>,
 <mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-orgmode>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
 <mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Sender: "Emacs-orgmode" <emacs-orgmode-bounces@gnu.org>
Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1666977195;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=98f8O4XV0eo4U9XHGKnuNlzqKlkahHwCagepS+xly5M=;
	b=kuud7Ivd1ZJOMoSx97TYwgHgQ9PfNJeM4ukN95TulYh1179CK77zN/YvTO1lca+nWVgEFa
	x8CovQGXvlNRoNAa29H/wDYGQZxoD7FD5me97FZwW0fGbYWnH6EznH2PtdkYICjwWJ5180
	s/UlNR6vduFUjUQnwuvqqj4dY7jdPqU8RqkAcSI+9am3uCY1V7ODBIQJTCL/NclDSTgl3r
	rbY77vqdEdxnGHB3aerasQpZXLnp5Hfg3YWyO++Yo6hxzXCs4E7ADk4/61MmdCVBQX25kp
	TxERyUNcXdJAGGci2szT37PJX6ZiOC8A3MSFwLgGntaBJOcXaDuSnYmCsPkMYg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1666977195; a=rsa-sha256; cv=none;
	b=Gkx+crWPsPBuBwyjh4Gi+/fLNGc5nSHbs11eWIhjdAzfx1y5EKtqSepgf+XHV0L/YalAzD
	mIGpdQdOACXbUe9Qaj29vnZk4jO4CzFZ5twuTC8VB7ZbPSfcueTuSmDgrFxTXxfbUKo+o3
	ha3y7MRQ9ILoXJCgbolQFZvLIw37WlT0BhPVLlKOuKFoG3ahBZ/bkQM6OrOAa8mXZ4F2/m
	1CDVhjo54jGc3E7bIeRE28qKeu8JwKx+Xqddhliz9GeOi0jtTSFI5uug++9ltjY9CpyKTt
	FHFTccWXA5QQP8ndAohCLQhXvHxdMBl5J54IdwRYF/nd0U5JpGTeIeOxX0qkSQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: 2.78
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 88B78F700
X-Spam-Score: 2.78
X-Migadu-Scanner: scn1.migadu.com
X-TUID: +SISPsEfDJBh

On 28/10/2022 10:15, Ihor Radchenko wrote:
> 
> See the attached tentative patch.
> I tried to balance between annoying users with query and not evaluating
> unsafe code: '-quoted lists and symbols are still evaluated without
> prompt.
> 
> Let me know if you see any potential issues.

If I got it right, it prompt user for every variable. I believed that 
single prompt is enough for both header arguments and body evaluation. 
Maybe I missed some issue with dependent code blocks. If I remember 
correctly, each block causes a prompt and I am not going to dispute such 
behavior. Unsure if early prompt may increase user confusion since some 
blocks will be evaluated not immediately after related prompt but 
perhaps after some delay to confirm dependent code.

> diff --git a/lisp/ob-core.el b/lisp/ob-core.el
> index 518831ec6..e10ab401c 100644
> --- a/lisp/ob-core.el
> +++ b/lisp/ob-core.el
> @@ -3165,7 +3165,16 @@ (defun org-babel-read (cell &optional inhibit-lisp-eval)
>  	((and (not inhibit-lisp-eval)
>  	      (or (memq (string-to-char cell) '(?\( ?' ?` ?\[))
>  		  (string= cell "*this*")))
> -	 (eval (read cell) t))
> +         ;; Prevent arbitrary function calls.
> +         (if (and (memq (string-to-char cell) '(?\( ?`))
> +                  (not (org-babel-confirm-evaluate
> +                      ;; See `org-babel-get-src-block-info'.
> +                      (list "emacs-lisp" (format "%S" cell)
> +                            '((:eval . yes)) nil (format "%S" cell)
> +                            nil nil))))
> +             ;; Not allowed.
> +             (user-error "Evaluation of elisp code %S aborted." cell)
> +	   (eval (read cell) t)))
>  	((save-match-data
>             (and (string-match "^[[:space:]]*\"\\(.*\\)\"[[:space:]]*$" cell)
>                  (not (string-match "[^\\]\"" (match-string 1 cell)))))