rrrene / credo-proposals

Proposals for Credo, the Elixir code analysis tool with a focus on code consistency and teaching
MIT License
9 stars 0 forks source link

Proposal: Enable 'safe' mode for parsing untrusted .credo.exs #47

Open grossvogel opened 6 years ago

grossvogel commented 6 years ago

What were you trying to do?

Run credo with a .config.exs file containing executable Elixir code, without having that code run on my machine. (The context is a kind of linter-as-a-service that runs on GitHub PRs and therefore operates on code from semi-untrusted sources.)

Expected outcome

Credo reads the configuration without executing the code.

Actual outcome

The code was executed.

Proposal

The config loading functions in Credo.ConfigFile already have a safe parameter, and ExsLoader appears to support loading the file without using Code.eval_string, but I don't see a way for a credo user to activate that code path.

I propose either:

I'm happy to work on this, but I wanted to post a proposal to get some guidance on which (if any) of the options above would be preferred.

NobbZ commented 6 years ago

In my opinion this safe mode should not be opt-in, but rather the default if it gets added. Then for trusted config files where I explicitly know that they need to "run" their code and I explicitly trust their contents, I'd like to specify --trusted to enable full evaluation.

rrrene commented 6 years ago

@grossvogel @NobbZ I'm all for it.

I'd suggest to call the CLI option --eval-config-file, so that it's really clear what happens when you use it.