forgot to attach the patch.
T.
On 05/11/2016 02:34, LyX Ticket Tracker wrote:
#10481: Hardening LyX against potential misuse
-------------------------+--------------------------
Reporter: t.cucinotta | Owner: lasgouttes
Type: enhancement | Status: new
Priority: highest | Milestone:
Component: general | Version: unspecified
Severity: major | Resolution:
Keywords: |
-------------------------+--------------------------
Comment (by t.cucinotta):
I just uploaded 2nd revision of patch that solves my prior issue of the
question not being posted for on-screen display -- found the code in
GraphicsConverter.cpp duplicating behavior of Converter.cpp who knows why
(!) -- the only difference seems that GraphicsConverter likes Python
wrapping!
I had to repeat the same code snippet there as well, but it's in a point
where I have no context about the document buffer/file, so can't show the
"Yes to all for document" button in this case :-(!
Any comment welcome, thanks!
commit c05e9a52
Author: Tommaso Cucinotta <tomm...@lyx.org>
Date: Sat Nov 5 01:00:44 2016 +0100
Add needauth option to converters that need explicit user authorization before being run.
Addressing #10481.
Converters marked with the new "needauth" option won't be run unless
the user gives explicit authorization, which is asked on-demand when
the converter is about to be run (question is not asked if the file is
cached and the converter is not needed).
The user prompt has a 3rd button (yes to all for document) so that
he/she's not prompted again for the same converter over the same document
(identified through buffer->filePath()).
diff --git a/lib/configure.py b/lib/configure.py
index 09d053e9..705aed6c 100644
--- a/lib/configure.py
+++ b/lib/configure.py
@@ -749,8 +749,8 @@ def checkConverterEntries():
rc_entry = [r'''\converter latex lyx "%% -f $$i $$o" ""
\converter latexclipboard lyx "%% -fixedenc utf8 -f $$i $$o" ""
\converter literate lyx "%% -n -m noweb -f $$i $$o" ""
-\converter sweave lyx "%% -n -m sweave -f $$i $$o" ""
-\converter knitr lyx "%% -n -m knitr -f $$i $$o" ""'''], not_found = 'tex2lyx')
+\converter sweave lyx "%% -n -m sweave -f $$i $$o" "needauth"
+\converter knitr lyx "%% -n -m knitr -f $$i $$o" "needauth"'''], not_found = 'tex2lyx')
if path == '':
logger.warning("Failed to find tex2lyx on your system.")
@@ -763,24 +763,24 @@ def checkConverterEntries():
\converter literate dviluatex "%%" ""'''])
#
checkProg('a Sweave -> LaTeX converter', ['Rscript --verbose --no-save --no-restore $$s/scripts/lyxsweave.R $$p$$i $$p$$o $$e $$r'],
- rc_entry = [r'''\converter sweave latex "%%" ""
-\converter sweave pdflatex "%%" ""
-\converter sweave xetex "%%" ""
-\converter sweave luatex "%%" ""
-\converter sweave dviluatex "%%" ""'''])
+ rc_entry = [r'''\converter sweave latex "%%" "needauth"
+\converter sweave pdflatex "%%" "needauth"
+\converter sweave xetex "%%" "needauth"
+\converter sweave luatex "%%" "needauth"
+\converter sweave dviluatex "%%" "needauth"'''])
#
checkProg('a knitr -> LaTeX converter', ['Rscript --verbose --no-save --no-restore $$s/scripts/lyxknitr.R $$p$$i $$p$$o $$e $$r'],
- rc_entry = [r'''\converter knitr latex "%%" ""
-\converter knitr pdflatex "%%" ""
-\converter knitr xetex "%%" ""
-\converter knitr luatex "%%" ""
-\converter knitr dviluatex "%%" ""'''])
+ rc_entry = [r'''\converter knitr latex "%%" "needauth"
+\converter knitr pdflatex "%%" "needauth"
+\converter knitr xetex "%%" "needauth"
+\converter knitr luatex "%%" "needauth"
+\converter knitr dviluatex "%%" "needauth"'''])
#
checkProg('a Sweave -> R/S code converter', ['Rscript --verbose --no-save --no-restore $$s/scripts/lyxstangle.R $$i $$e $$r'],
- rc_entry = [ r'\converter sweave r "%%" ""' ])
+ rc_entry = [ r'\converter sweave r "%%" "needauth"' ])
#
checkProg('a knitr -> R/S code converter', ['Rscript --verbose --no-save --no-restore $$s/scripts/lyxknitr.R $$p$$i $$p$$o $$e $$r tangle'],
- rc_entry = [ r'\converter knitr r "%%" ""' ])
+ rc_entry = [ r'\converter knitr r "%%" "needauth"' ])
#
checkProg('an HTML -> LaTeX converter', ['html2latex $$i', 'gnuhtml2latex',
'htmltolatex -input $$i -output $$o', 'htmltolatex.jar -input $$i -output $$o'],
diff --git a/src/Converter.cpp b/src/Converter.cpp
index 58e486e6..e7687837 100644
--- a/src/Converter.cpp
+++ b/src/Converter.cpp
@@ -100,7 +100,7 @@ Converter::Converter(string const & f, string const & t,
string const & c, string const & l)
: from_(f), to_(t), command_(c), flags_(l),
From_(0), To_(0), latex_(false), xml_(false),
- need_aux_(false), nice_(false)
+ need_aux_(false), nice_(false), need_auth_(false)
{}
@@ -128,6 +128,8 @@ void Converter::readFlags()
parselog_ = flag_value;
else if (flag_name == "nice")
nice_ = true;
+ else if (flag_name == "needauth")
+ need_auth_ = true;
}
if (!result_dir_.empty() && result_file_.empty())
result_file_ = "index." + formats.extension(to_);
@@ -177,6 +179,7 @@ void Converters::add(string const & from, string const & to,
converter.setFlags(flags);
}
converter.readFlags();
+ lyxerr << "converter " << from << " " << to << " " << command << " " << flags << " needauth=" << converter.need_auth() << std::endl;
// The latex_command is used to update the .aux file when running
// a converter that uses it.
@@ -402,6 +405,18 @@ bool Converters::convert(Buffer const * buffer,
"tmpfile.out"));
}
+ if (conv.need_auth()) {
+ std::string const & fname = buffer->filePath();
+ if (auth_files.find(fname) == auth_files.end()) {
+ int choice = frontend::Alert::prompt(
+ _("Confirm use of converter"), bformat(_("LyX is about to call converter '%1$s', which is potentially dangerous. Continue?"), from_utf8(conv.command())),
+ 0, 0, _("&No"), _("&Yes"), _("Yes to &all for document"));
+ if (choice == 0)
+ return false;
+ else if (choice == 2)
+ auth_files.insert(fname);
+ }
+ }
if (conv.latex()) {
run_latex = true;
string command = conv.command();
diff --git a/src/Converter.h b/src/Converter.h
index c9c44238..2ee4af3c 100644
--- a/src/Converter.h
+++ b/src/Converter.h
@@ -70,6 +70,8 @@ public:
///
bool need_aux() const { return need_aux_; }
///
+ bool need_auth() const { return need_auth_; }
+ ///
bool nice() const { return nice_; }
///
std::string const result_dir() const { return result_dir_; }
@@ -101,6 +103,8 @@ private:
bool need_aux_;
/// we need a "nice" file from the backend, c.f. OutputParams.nice.
bool nice_;
+ /// Use of this converter needs explicit user authorization
+ bool need_auth_;
/// If the converter put the result in a directory, then result_dir
/// is the name of the directory
trivstring result_dir_;
@@ -210,6 +214,8 @@ private:
bool copy);
///
Graph G_;
+ /// set of files authorized for external conversion
+ std::set<std::string> auth_files;
};
/// The global instance.
diff --git a/src/graphics/GraphicsConverter.cpp b/src/graphics/GraphicsConverter.cpp
index 67b1580f..b27aeea5 100644
--- a/src/graphics/GraphicsConverter.cpp
+++ b/src/graphics/GraphicsConverter.cpp
@@ -15,6 +15,7 @@
#include "Converter.h"
#include "Format.h"
+#include "frontends/alert.h"
#include "support/lassert.h"
#include "support/convert.h"
#include "support/debug.h"
@@ -372,6 +373,14 @@ static void build_script(string const & from_file,
outfile = tempfile.name().toFilesystemEncoding();
}
+ if (conv.need_auth()) {
+ docstring const & question = bformat(from_utf8("LyX is about to call converter '%1$s', which is potentially dangerous. Continue?"), from_utf8(conv.command()));
+ int choice = frontend::Alert::prompt(
+ from_utf8("Confirm use of converter"), question, 0, 0, from_utf8("&No"), from_utf8("&Yes"));
+ if (choice == 0)
+ return;
+ }
+
// Store these names in the python script
script << "infile = "
<< quoteName(infile, quote_python) << "\n"
