From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id qIUREYRHlWNwegEAbAwnHQ (envelope-from ) for ; Sun, 11 Dec 2022 03:59:16 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id 4Ho6EIRHlWNyBQEAG6o9tA (envelope-from ) for ; Sun, 11 Dec 2022 03:59:16 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BEA3F8313 for ; Sun, 11 Dec 2022 03:59:15 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1p4CXr-0008Er-T5; Sat, 10 Dec 2022 21:58:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p4CXq-0008Ei-HV for emacs-orgmode@gnu.org; Sat, 10 Dec 2022 21:58:26 -0500 Received: from ciao.gmane.io ([116.202.254.214]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p4CXp-00065D-1t for emacs-orgmode@gnu.org; Sat, 10 Dec 2022 21:58:26 -0500 Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1p4CXl-0008hM-42 for emacs-orgmode@gnu.org; Sun, 11 Dec 2022 03:58:21 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: emacs-orgmode@gnu.org From: Max Nikulin Subject: Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable Date: Sun, 11 Dec 2022 09:58:14 +0700 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Content-Language: en-US In-Reply-To: Received-SPF: pass client-ip=116.202.254.214; envelope-from=geo-emacs-orgmode@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: 25 X-Spam_score: 2.5 X-Spam_bar: ++ X-Spam_report: (2.5 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.288, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1670727556; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=zMlukYD+JFMU9XgUrFusAkF6SUE2nYOcNLAjSQ9TnJU=; b=I+G73WhZbePyp5pRgR2OjSQFMAXFgGKY4cQDnRNwee2PyE+L1PR0+AUANi3CM6xGmg34r4 Q1ztLhur6olnlXXFXCgb2XfzZy9kXfMgeLk1t7cfE+/qAmc9N1mNTBc+QvrzyctyQsZYD0 EpH+F9ZdHWgS5Ol7qnpc3j0koV2UNDTh+6uo7BvZUejZlurk0NFwZ1VVM3b2JqasWzbiFL xQVjeTx1iPhQq3R8T12uv1+J7JsTKqZg+/rMCI8Yjzf4VVJpPExEgVxIu6Mn7A6NYnltgP cGbdudYhKRKKClJw5Vs6Wx1qvj/m+OtPiXPAb4vweu3p1Vrcarty2Xx1RMibUQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1670727556; a=rsa-sha256; cv=none; b=mAPoWGt5hxSEktQrl/hbTGWiLrXUdau6bc9Cy8vZx2Xk2s6T4fnEFVnKiDJY50s9eBOyW0 6eVDXnzgyyoU62xKgQcAgkwXAYhLJa+upZsG45WoZx7hkX3i5mjXXeIRuSg5ZXHjjEdyKI y/hUitFEAGcO9Kzzh+2y6YnLmZH1vjaaz2XkZAG5t1Yw9uRlUGdzd2JXPpsmLGPR/6SYQG 2ZMFNRyCA0108Gus3CRjkWE8Y77ZgWijN02NC+1j7fEeqP+WEtP14w1qLPT0MyCC+nzfxb h5kTCYAWEhSW/sbD+LvEmP2hLbCyBS5yY5dhmbeevNNFTijc2uLQ3mGKASX67Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 2.75 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: BEA3F8313 X-Spam-Score: 2.75 X-Migadu-Scanner: scn1.migadu.com X-TUID: ZHZ3RDqLqA9v On 11/12/2022 03:28, Tom Gillespie wrote: > Here is a patch that improves the ergonomics and thus hopefully > the security for the recent changes to check evaluation for cells. Tom, thank you for the patch. Frankly speaking, I was expecting this kind of complains, but I could not suggest any solution. I am not familiar with org-babel code, so my comments may be false alarms. > * lisp/ob-core.el (org-confirm-babel-evaluate-cell): Added to control > execution of cells separate from execution of src blocks, it works in > exactly the same way as org-confirm-babel-evaluate. I am not sure concerning "exactly". lisp/ob-core.el:248 `org-confirm-babel-evaluate' is called with 2 arguments. In your patch `org-confirm-babel-evaluate-cell' has a single argument. > This commit resolves the issue by making it possible to ignore checks > on cells (the old behavior) without compromising general security for > running src blocks. It seems, you do not change defaults. Could you, please, provide an example of configuration that is less annoying, but still safe? > This is necessary because there is no easy way to hop swap > org-confirm-babel-evaluate between org-get-src-block-info where > org-babel-read is called and the execution of that src block. It could > probably be done using advice around org-babel-read, but that is a > level of hackery that should be avoided. I was thinking if it is possible to collect requests to confirm and to allow the user to decide for the whole bunch of expressions and code blocks. Besides implementation issues, there is a question concerning UI that will allow to inspect code to be evaluated. > diff --git a/lisp/ob-core.el b/lisp/ob-core.el ...> +(defcustom org-confirm-babel-evaluate-cell t > + "Confirm before evaluating a cell." Calling convention for the case of function value is not described. If it is really the same as for `org-confirm-babel-evaluate' then this user option should be mentioned in the docstring. > + :group 'org-babel > + :version "29.1" :package-version instead of :version? > + :type '(choice boolean function)) > +;; don't allow this variable to be changed through file settings > +(put 'org-confirm-babel-evaluate-cell 'safe-local-variable (lambda (x) (eq x t))) Is there any reason to not use the :safe property of `defcustom'? I see that you take definition of `org-confirm-babel-evaluate' as a template so I wonder if there is some particular reason or the original code was just written before introducing of :safe.