);
}
- let toml_v = toml::from_document(doc).with_context(|| {
+ let toml_v: toml::Value = toml::from_document(doc).with_context(|| {
format!("failed to parse value from --config argument `{arg}`")
})?;
+ if toml_v
+ .get("registry")
+ .and_then(|v| v.as_table())
+ .and_then(|t| t.get("token"))
+ .is_some()
+ {
+ bail!("registry.token cannot be set through --config for security reasons");
+ } else if let Some((k, _)) = toml_v
+ .get("registries")
+ .and_then(|v| v.as_table())
+ .and_then(|t| t.iter().find(|(_, v)| v.get("token").is_some()))
+ {
+ bail!(
+ "registries.{}.token cannot be set through --config for security reasons",
+ k
+ );
+ }
+
CV::from_toml(Definition::Cli, toml_v)
.with_context(|| format!("failed to convert --config argument `{arg}`"))?
};
);
}
+#[cargo_test]
+fn no_disallowed_values() {
+ let config = ConfigBuilder::new()
+ .config_arg("registry.token=\"hello\"")
+ .build_err();
+ assert_error(
+ config.unwrap_err(),
+ "registry.token cannot be set through --config for security reasons",
+ );
+ let config = ConfigBuilder::new()
+ .config_arg("registries.crates-io.token=\"hello\"")
+ .build_err();
+ assert_error(
+ config.unwrap_err(),
+ "registries.crates-io.token cannot be set through --config for security reasons",
+ );
+}
+
#[cargo_test]
fn no_inline_table_value() {
// Disallow inline tables