diff options
author | Tom Bereknyei <tomberek@gmail.com> | 2022-04-21 16:41:37 -0400 |
---|---|---|
committer | Tom Bereknyei <tomberek@gmail.com> | 2022-04-21 16:41:37 -0400 |
commit | f25112d3832b93a2bc8abe7936e6355dae9a25d5 (patch) | |
tree | 186d85f2f087bab22612dd2c6014146014140b49 /tests/eval.sh | |
parent | 9345b4e9ca1b14071b471851508b37edfc2d1248 (diff) |
fix: builtins.toFile adds path to allowedPaths
The produced path is then allowed be imported or utilized elsewhere:
```
assert (43 == import (builtins.toFile "source" "43")); "good"
```
This will still fail on write-only stores.
Diffstat (limited to 'tests/eval.sh')
-rw-r--r-- | tests/eval.sh | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/eval.sh b/tests/eval.sh index 2e5ceb969..d74976019 100644 --- a/tests/eval.sh +++ b/tests/eval.sh @@ -20,6 +20,8 @@ nix eval --expr 'assert 1 + 2 == 3; true' [[ $(nix eval attr --json -f "./eval.nix") == '{"foo":"bar"}' ]] [[ $(nix eval int -f - < "./eval.nix") == 123 ]] +# Check if toFile can be utilized during restricted eval +[[ $(nix eval --restrict-eval --expr 'import (builtins.toFile "source" "42")') == 42 ]] nix-instantiate --eval -E 'assert 1 + 2 == 3; true' [[ $(nix-instantiate -A int --eval "./eval.nix") == 123 ]] |