From c3a20804a81826ec091a4a096c1987a61e412580 Mon Sep 17 00:00:00 2001
From: Mattias Engdegård <mattiase@acm.org>
Date: Sat, 31 Oct 2020 11:35:06 +0100
Subject: Trim and explain set of safe forms for 'unsafep' (bug#44018)

* lisp/emacs-lisp/unsafep.el:
Add comment explaining the policy for which forms can be considered
'safe' in the sense of unsafep.  Remove ones that didn't make the cut:

 play-sound-file (large attack surface)
 catch, throw (alter program flow, inject data)
 replace-regexp-in-string (execute arbitary code)
 error, signal (deceptive messages)

* test/lisp/emacs-lisp/unsafep-tests.el (unsafep-tests--unsafe):
Add test cases.
* etc/NEWS: Announce the change.
---
 test/lisp/emacs-lisp/unsafep-tests.el | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'test/lisp/emacs-lisp/unsafep-tests.el')

diff --git a/test/lisp/emacs-lisp/unsafep-tests.el b/test/lisp/emacs-lisp/unsafep-tests.el
index dde0e0201d9..06c40d28ca9 100644
--- a/test/lisp/emacs-lisp/unsafep-tests.el
+++ b/test/lisp/emacs-lisp/unsafep-tests.el
@@ -105,6 +105,18 @@
       . (variable (x)))
     ( (let (1) 2)
       . (variable 1))
+    ( (error "asdf")
+      . #'error)
+    ( (signal 'error "asdf")
+      . #'signal)
+    ( (throw 'asdf)
+      . #'throw)
+    ( (catch 'asdf 17)
+      . #'catch)
+    ( (play-sound-file "asdf")
+      . #'play-sound-file)
+    ( (replace-regexp-in-string "a" "b")
+      . #'replace-regexp-in-string)
     )
   "A-list of (FORM . REASON)... that `unsafep' should decide are unsafe.")
 
-- 
cgit v1.2.3