age-core: Start plugin binaries in a temporary working directory

We don't want plugin binaries to make any assumptions about where they are run from. The easiest way to ensure this is to always run them from a fresh temporary directory. Closes str4d/rage#200.
2025-04-03 19:07:42 +03:00 · 2021-02-08 00:54:57 +00:00 · 2021-02-08 00:54:57 +00:00 · 42b7ce6958
commit 42b7ce6958
parent 13e1c35277
3 changed files with 60 additions and 4 deletions
--- a/age-core/Cargo.toml
+++ b/age-core/Cargo.toml
@ -34,8 +34,11 @@ nom = { version = "6", default-features = false, features = ["alloc"] }
 # Secret management
 secrecy = "0.7"

+# Plugin backend
+tempfile = { version = "3.2.0", optional = true }
+
 [features]
-plugin = []
+plugin = ["tempfile"]
 unstable = []

 [lib]
--- a/age-core/src/plugin.rs
+++ b/age-core/src/plugin.rs
@ -34,13 +34,16 @@ pub struct Connection<R: Read, W: Write> {
    input: BufReader<R>,
    output: W,
    buffer: String,
+    _working_dir: Option<tempfile::TempDir>,
 }

 impl Connection<ChildStdout, ChildStdin> {
    /// Start a plugin binary with the given state machine.
    pub fn open(binary: &Path, state_machine: &str) -> io::Result<Self> {
-        let process = Command::new(binary)
+        let working_dir = tempfile::tempdir()?;
+        let process = Command::new(binary.canonicalize()?)
            .arg(format!("--age-plugin={}", state_machine))
+            .current_dir(working_dir.path())
            .stdin(Stdio::piped())
            .stdout(Stdio::piped())
            .stderr(Stdio::piped())
@ -51,6 +54,7 @@ impl Connection<ChildStdout, ChildStdin> {
            input,
            output,
            buffer: String::new(),
+            _working_dir: Some(working_dir),
        })
    }
 }
@ -62,6 +66,7 @@ impl Connection<io::Stdin, io::Stdout> {
            input: BufReader::new(io::stdin()),
            output: io::stdout(),
            buffer: String::new(),
+            _working_dir: None,
        }
    }
 }
@ -418,11 +423,13 @@ mod tests {
            input: BufReader::new(PipeReader::new(plugin_to_client.clone())),
            output: PipeWriter::new(client_to_plugin.clone()),
            buffer: String::new(),
+            _working_dir: None,
        };
        let mut plugin_conn = Connection {
            input: BufReader::new(PipeReader::new(client_to_plugin)),
            output: PipeWriter::new(plugin_to_client),
            buffer: String::new(),
+            _working_dir: None,
        };

        client_conn