Initial Commit

2020-04-06 12:36:14 +05:30 · 2020-04-06 12:36:14 +05:30 · 09e64a5277
commit 09e64a5277
7 changed files with 176 additions and 0 deletions
--- a/13
+++ b/13
@ -0,0 +1,13 @@
+Copyright (c) 2020, Andinus <andinus@nand.sh>
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--- a/README.org
+++ b/README.org
@ -0,0 +1,65 @@
+#+HTML_HEAD: <link rel="stylesheet" href="../../static/style.css">
+#+HTML_HEAD: <link rel="icon" href="../../static/lynx/favicon.png" type="image/png">
+#+EXPORT_FILE_NAME: index
+#+OPTIONS: toc:nil
+#+TOC: headlines 2
+#+TITLE: Lynx
+
+Lynx is a simple /unveil/ wrapper.
+
+| Project Home    | [[https://andinus.nand.sh/lynx][Lynx]]           |
+| Source Code     | [[https://tildegit.org/andinus/lynx][Andinus / Lynx]] |
+| GitHub (Mirror) | [[https://github.com/andinus/lynx][Lynx - GitHub]]  |
+
+* Examples
+** UnveilCommands
+UnveilCommands takes a slice of commands & unveils them one by one, it will
+return an error if unveil fails at any step. "no such file or directory" error
+is ignored because binaries are not placed in every PATH.
+
+Default permission is "rx".
+
+#+BEGIN_SRC go
+package main
+
+import "tildegit.org/andinus/lynx"
+
+func main() {
+	commands := []string{"cd", "ls", "rm"}
+
+	err = lynx.UnveilCommands(commands)
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+#+END_SRC
+** UnveilPaths / UnveilPathsStrict
+UnveilPaths takes a map of path, permission & unveils them one by one, it will
+return an error if unveil fails at any step. "no such file or directory" error
+is ignored, if you want to get that error too then use UnveilPathsStrict.
+
+#+BEGIN_SRC go
+package main
+
+import "tildegit.org/andinus/lynx"
+
+func main() {
+	paths := make(map[string]string)
+
+	paths["/home"] = "r"
+	paths["/dev/null"] = "rw"
+	paths["/etc/examples"] = "rwc"
+	paths["/root"] = "rwcx"
+
+	err = lynx.UnveilPaths(paths)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// This will return an error if the path doesn't exist.
+	err = lynx.UnveilPathsStrict(paths)
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+#+END_SRC
--- a/build/ci/drone.yml
+++ b/build/ci/drone.yml
@ -0,0 +1,14 @@
+---
+kind: pipeline
+name: testing
+
+steps:
+- name: vet
+  image: golang:1.13
+  commands:
+    - go vet ./...
+
+- name: test
+  image: golang:1.13
+  commands:
+    - go test -v ./...
--- a/commands.go
+++ b/commands.go
@ -0,0 +1,39 @@
+package lynx
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"golang.org/x/sys/unix"
+)
+
+// UnveilCommands takes a slice of commands & unveils them one by one,
+// it will return an error if unveil fails at any step. "no such file
+// or directory" error is ignored.
+func UnveilCommands(commands []string) error {
+	// Get $PATH & split it in a list.
+	pathList := strings.Split(os.Getenv("PATH"), ":")
+
+	// We work on unveiling each command one by one.
+	for _, cmd := range commands {
+		// Unveil this command on every PATH.
+		for _, path := range pathList {
+			err := unix.Unveil(fmt.Sprintf("%s/%s",
+				path, cmd), "rx")
+
+			// "no such file or directory" error is
+			// ignored because binaries are not placed in
+			// every PATH.
+			if err != nil && err.Error() != "no such file or directory" {
+				// Better error message could be
+				// returned like one that includes the
+				// path on which unveil failed.
+				return err
+			}
+		}
+	}
+	// Returning nil because err can be "no such file or
+	// directory" which needs to be ignored.
+	return nil
+}
--- a/go.mod
+++ b/go.mod
@ -0,0 +1,5 @@
+module tildegit.org/andinus/lynx
+
+go 1.13
+
+require golang.org/x/sys v0.0.0-20200331124033-c3d80250170d
--- a/go.sum
+++ b/go.sum
@ -0,0 +1,2 @@
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d h1:nc5K6ox/4lTFbMVSL9WRR81ixkcwXThoiF6yf+R9scA=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
--- a/paths.go
+++ b/paths.go
@ -0,0 +1,38 @@
+// Package lynx is a simple wrapper to unveil.
+package lynx
+
+import "golang.org/x/sys/unix"
+
+// UnveilPaths takes a map of path, permission & unveils them one by
+// one, it will return an error if unveil fails at any step. "no such
+// file or directory" error is ignored.
+func UnveilPaths(paths map[string]string) error {
+	for k, v := range paths {
+		err := unix.Unveil(k, v)
+
+		// "no such file or directory" error is ignored.
+		if err != nil && err.Error() != "no such file or directory" {
+			// Better error message could be returned like
+			// one that includes the path on which unveil
+			// failed.
+			return err
+		}
+	}
+	// Returning nil because err can be "no such file or
+	// directory" which needs to be ignored.
+	return nil
+}
+
+// UnveilPathsStrict takes a map of path, permission & unveils them
+// one by one, it will return an error if unveil fails at any steop.
+// No error is ignored.
+func UnveilPathsStrict(paths map[string]string) (err error) {
+	for k, v := range paths {
+		err = unix.Unveil(k, v)
+
+		if err != nil {
+			return
+		}
+	}
+	return
+}