Skip to content

Update warning message for --git-url and --zip-file lib install flags #1088

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 30, 2020
Merged

Update warning message for --git-url and --zip-file lib install flags #1088

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 15 additions & 5 deletions cli/lib/install.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,13 @@ package lib

import (
"context"
"fmt"
"os"
"strings"

"github.com/arduino/arduino-cli/cli/errorcodes"
"github.com/arduino/arduino-cli/cli/feedback"
"github.com/arduino/arduino-cli/cli/globals"
"github.com/arduino/arduino-cli/cli/instance"
"github.com/arduino/arduino-cli/cli/output"
"github.com/arduino/arduino-cli/commands/lib"
Expand All @@ -41,10 +44,8 @@ func initInstallCommand() *cobra.Command {
Run: runInstallCommand,
}
installCommand.Flags().BoolVar(&installFlags.noDeps, "no-deps", false, "Do not install dependencies.")
if configuration.Settings.GetBool("library.enable_unsafe_install") {
installCommand.Flags().BoolVar(&installFlags.gitURL, "git-url", false, "Enter git url for libraries hosted on repositories")
installCommand.Flags().BoolVar(&installFlags.zipPath, "zip-path", false, "Enter a path to zip file")
}
installCommand.Flags().BoolVar(&installFlags.gitURL, "git-url", false, "Enter git url for libraries hosted on repositories")
installCommand.Flags().BoolVar(&installFlags.zipPath, "zip-path", false, "Enter a path to zip file")
return installCommand
}

Expand All @@ -58,7 +59,16 @@ func runInstallCommand(cmd *cobra.Command, args []string) {
instance := instance.CreateInstanceIgnorePlatformIndexErrors()

if installFlags.zipPath || installFlags.gitURL {
feedback.Print("--git-url and --zip-path flags are dangerous, use it at your own risk.")
if !configuration.Settings.GetBool("library.enable_unsafe_install") {
documentationURL := "https://arduino.github.io/arduino-cli/latest/configuration/#configuration-keys"
if !strings.Contains(globals.VersionInfo.VersionString, "git") {
split := strings.Split(globals.VersionInfo.VersionString, ".")
documentationURL = fmt.Sprintf("https://arduino.github.io/arduino-cli/%s.%s/configuration/#configuration-keys", split[0], split[1])
}
feedback.Errorf("--git-url and --zip-path are disabled by default, for more information see: %v", documentationURL)
os.Exit(errorcodes.ErrGeneric)
}
feedback.Print("--git-url and --zip-path flags allow installing untrusted files, use it at your own risk.")
}

if installFlags.zipPath {
Expand Down
18 changes: 9 additions & 9 deletions test/test_lib.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,13 +173,13 @@ def test_install_git_url_and_zip_path_flags_visibility(run_command, data_dir, do
git_url = "https://github.com/arduino-libraries/WiFi101.git"
res = run_command(f"lib install --git-url {git_url}")
assert res.failed
assert "Error: unknown flag: --git-url" in res.stderr
assert "--git-url and --zip-path are disabled by default, for more information see:" in res.stderr

assert run_command("lib download [email protected]")
zip_path = Path(downloads_dir, "libraries", "AudioZero-1.0.0.zip")
res = run_command(f"lib install --zip-path {zip_path}")
assert res.failed
assert "Error: unknown flag: --zip-path" in res.stderr
assert "--git-url and --zip-path are disabled by default, for more information see:" in res.stderr

env = {
"ARDUINO_DATA_DIR": data_dir,
Expand All @@ -190,11 +190,11 @@ def test_install_git_url_and_zip_path_flags_visibility(run_command, data_dir, do
# Verifies installation is successful when flags are enabled with env var
res = run_command(f"lib install --git-url {git_url}", custom_env=env)
assert res.ok
assert "--git-url and --zip-path flags are dangerous, use it at your own risk." in res.stdout
assert "--git-url and --zip-path flags allow installing untrusted files, use it at your own risk." in res.stdout

res = run_command(f"lib install --zip-path {zip_path}", custom_env=env)
assert res.ok
assert "--git-url and --zip-path flags are dangerous, use it at your own risk." in res.stdout
assert "--git-url and --zip-path flags allow installing untrusted files, use it at your own risk." in res.stdout

# Uninstall libraries to install them again
assert run_command("lib uninstall WiFi101 AudioZero")
Expand All @@ -204,11 +204,11 @@ def test_install_git_url_and_zip_path_flags_visibility(run_command, data_dir, do

res = run_command(f"lib install --git-url {git_url}")
assert res.ok
assert "--git-url and --zip-path flags are dangerous, use it at your own risk." in res.stdout
assert "--git-url and --zip-path flags allow installing untrusted files, use it at your own risk." in res.stdout

res = run_command(f"lib install --zip-path {zip_path}")
assert res.ok
assert "--git-url and --zip-path flags are dangerous, use it at your own risk." in res.stdout
assert "--git-url and --zip-path flags allow installing untrusted files, use it at your own risk." in res.stdout


def test_install_with_git_url(run_command, data_dir, downloads_dir):
Expand All @@ -224,11 +224,11 @@ def test_install_with_git_url(run_command, data_dir, downloads_dir):
# Test git-url library install
res = run_command("lib install --git-url https://github.com/arduino-libraries/WiFi101.git")
assert res.ok
assert "--git-url and --zip-path flags are dangerous, use it at your own risk." in res.stdout
assert "--git-url and --zip-path flags allow installing untrusted files, use it at your own risk." in res.stdout

# Test failing-install as repository already exists
res = run_command("lib install --git-url https://github.com/arduino-libraries/WiFi101.git")
assert "--git-url and --zip-path flags are dangerous, use it at your own risk." in res.stdout
assert "--git-url and --zip-path flags allow installing untrusted files, use it at your own risk." in res.stdout
assert "Error installing Git Library: repository already exists" in res.stderr


Expand All @@ -249,7 +249,7 @@ def test_install_with_zip_path(run_command, data_dir, downloads_dir):
# Test zip-path install
res = run_command(f"lib install --zip-path {zip_path}")
assert res.ok
assert "--git-url and --zip-path flags are dangerous, use it at your own risk." in res.stdout
assert "--git-url and --zip-path flags allow installing untrusted files, use it at your own risk." in res.stdout


def test_update_index(run_command):
Expand Down