aboutsummaryrefslogtreecommitdiff
path: root/tests/eval.sh
diff options
context:
space:
mode:
authorTom Bereknyei <tomberek@gmail.com>2022-04-21 16:41:37 -0400
committerTom Bereknyei <tomberek@gmail.com>2022-04-21 16:41:37 -0400
commitf25112d3832b93a2bc8abe7936e6355dae9a25d5 (patch)
tree186d85f2f087bab22612dd2c6014146014140b49 /tests/eval.sh
parent9345b4e9ca1b14071b471851508b37edfc2d1248 (diff)
fix: builtins.toFile adds path to allowedPaths
The produced path is then allowed be imported or utilized elsewhere: ``` assert (43 == import (builtins.toFile "source" "43")); "good" ``` This will still fail on write-only stores.
Diffstat (limited to 'tests/eval.sh')
-rw-r--r--tests/eval.sh2
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/eval.sh b/tests/eval.sh
index 2e5ceb969..d74976019 100644
--- a/tests/eval.sh
+++ b/tests/eval.sh
@@ -20,6 +20,8 @@ nix eval --expr 'assert 1 + 2 == 3; true'
[[ $(nix eval attr --json -f "./eval.nix") == '{"foo":"bar"}' ]]
[[ $(nix eval int -f - < "./eval.nix") == 123 ]]
+# Check if toFile can be utilized during restricted eval
+[[ $(nix eval --restrict-eval --expr 'import (builtins.toFile "source" "42")') == 42 ]]
nix-instantiate --eval -E 'assert 1 + 2 == 3; true'
[[ $(nix-instantiate -A int --eval "./eval.nix") == 123 ]]