Proposal: Enable 'safe' mode for parsing untrusted .credo.exs

[grossvogel]

What were you trying to do?

Run credo with a .config.exs file containing executable Elixir code, without having that code run on my machine. (The context is a kind of linter-as-a-service that runs on GitHub PRs and therefore operates on code from semi-untrusted sources.)

Expected outcome

Credo reads the configuration without executing the code.

Actual outcome

The code was executed.

Proposal

The config loading functions in Credo.ConfigFile already have a safe parameter, and ExsLoader appears to support loading the file without using Code.eval_string, but I don't see a way for a credo user to activate that code path.

I propose either:

• Hard-coding the safe parameter to true when using a custom config file or
• Adding a CLI option to activate safe mode whether loading configs from the directory tree or from a specified path

I'm happy to work on this, but I wanted to post a proposal to get some guidance on which (if any) of the options above would be preferred.

[NobbZ]

In my opinion this safe mode should not be opt-in, but rather the default if it gets added. Then for trusted config files where I explicitly know that they need to "run" their code and I explicitly trust their contents, I'd like to specify --trusted to enable full evaluation.

[rrrene]

@grossvogel @NobbZ I'm all for it.

I'd suggest to call the CLI option --eval-config-file, so that it's really clear what happens when you use it.