about summary refs log tree commit diff stats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* tlv format for transient editor stateKartik K. Agaram2021-12-252-18/+21
| | | | | Stop interpreting arbitrary Lua code when loading editor state. We don't need that power or security risk.
* sandbox: no system()Kartik K. Agaram2021-12-251-7/+1
| | | | | Too hard to sandbox. Maybe we'll get back to it if there's some use case only it can satisfy.
* cleaner test messageKartik K. Agaram2021-12-231-3/+2
| | | | Was printing over passing tests for some reason.
* errors during tests are now handledKartik K. Agaram2021-12-221-1/+8
| | | | | | | | | | | | | | | | I should have documented that I'd never actually seen that code path trigger before. Here's a minimal test that did it just now: function test_foo() return a+1 end E2: [string "test_foo"]:2: attempt to perform arithmetic on global 'a' (a nil value) A simple missing variable doesn't do it since it just evaluates to nil. Without this commit, the above test was silently continuing to the main app after failing tests.
* more precise control over menu orderKartik K. Agaram2021-12-221-2/+10
| | | | I can't believe I didn't notice this until now.
* fix arrow keys in big picture view on MacKartik K. Agaram2021-12-211-5/+5
| | | | Turns out arrow keys are considered `isprint()` on Mac.
* bugfix: ensure definition to edit has some nameKartik K. Agaram2021-12-211-4/+6
|
* less confusing nameKartik K. Agaram2021-12-212-12/+10
|
* arrow keys in big picture viewKartik K. Agaram2021-12-211-12/+104
|
* gemini: echo urls while typing inKartik K. Agaram2021-12-211-0/+3
| | | | Let's see how much we need to tweak this solution.
* nail down trusted Teliva channels a little moreKartik K. Agaram2021-12-214-9/+16
| | | | | | | | | | | | | | | | | | | | | | In each session, Teliva has to bootstrap a trusted channel with the computer owner while running arbitrarily untrusted code. So let's get really, really precise about what the trusted channel consists of: - the bottom-most row of screen containing the menu - the keystrokes the owner types in - ncurses COLOR_PAIR slots 254 (menu) and 255 (error) One reason the menu colors are important: we don't want people to get used to apps that hide the menu colors by setting default foreground/background to invisible and then drawing their own menu one row up. The error COLOR_PAIR I don't see any reason to carve out right now, but it seems like a good idea for Teliva the framework to not get into the habit of apps doing some things for it. I'm not sure how realistic all this is (I feel quite ill-equipped to think about security), but it seems worthwhile to err on the side of paranoia. Teliva will be paranoid so people don't have to be.
* keep Teliva apps from pretending to be TelivaKartik K. Agaram2021-12-211-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kind of a subtle idea. Teliva the framework is intended to be trustworthy software that people install on their computers. The apps people run using Teliva may be less trustworthy. The whole point of Teliva is to provide a sandbox for running code before you trust it. One way (of many) apps can be malicious is by subtly getting between what people see and reality. Imagine, for example, an app that draws a fake menu bar and offers a different hotkey to edit source code. When someone presses that hotkey they think they're using the standard Teliva editor but they're really using an editor within the app, which the app uses to hide its most malicious bits from view. Down the road Teliva will have more bits of UI, such as for asking for permission to read sensitive data. It's important that people understand what they're granting permission to, that apps can't tamper with the communications channel between them and Teliva. This is likely just one of many ways for an app to break out of its sandbox. Teliva isn't sandboxed yet. I'm just taking my first steps on this journey. In particular, there are other mechanisms for asking for user input besides `getch()`. I don't yet have a big-picture view of the Teliva sandbox. It seems clear that I need to educate people on the difference between different parts of screen. Depending on the app you install, most of the screen may be a dark forest. It'll be important to know where the safe path is, where you can speak to trusted advisors while in the forest.
* pay more attention to where we display the cursorKartik K. Agaram2021-12-181-1/+2
| | | | | It's still just in app control; I'm resisting the urge to introduce "smarts".
* drop ASan from MakefileKartik K. Agaram2021-12-181-2/+2
| | | | | Accidentally added at some point. It's a useful debugging aide, but I don't want to require the additional dependencies on a first run.
* ctrl-u: clear proseKartik K. Agaram2021-12-171-2/+2
|
* better copy on test failuresKartik K. Agaram2021-12-171-1/+4
|
* correct count of test failuresKartik K. Agaram2021-12-171-1/+1
|
* keep tests from messing up big pictureKartik K. Agaram2021-12-171-0/+19
|
* one more protection against Lua stack leakKartik K. Agaram2021-12-171-6/+6
|
* experimental support for test errorsKartik K. Agaram2021-12-171-3/+8
|
* start of a test frameworkKartik K. Agaram2021-12-171-0/+35
| | | | | Follows https://github.com/akkartik/wart, https://github.com/akkartik/mu0, https://github.com/akkartik/mu1 and https://github.com/akkartik/mu.
* yet another stab at reorganizing stack assertionsKartik K. Agaram2021-12-171-9/+14
|
* .Kartik K. Agaram2021-12-171-0/+3
|
* .Kartik K. Agaram2021-12-171-4/+4
|
* more protection against data lossKartik K. Agaram2021-12-172-3/+13
|
* .Kartik K. Agaram2021-12-171-13/+0
|
* protect against data loss in some rare situationsKartik K. Agaram2021-12-161-3/+32
| | | | | | | | | | | Examples: - you try to write file but disk is full - you have two Teliva files being edited at the same time Both are situations where it's impossible to avoid some data loss. However, we should now at least have some valid state of the .tlv file saved to disk where we'd previously end up with a zero-size file or garbage.
* fix another leak in the Lua stackKartik K. Agaram2021-12-161-2/+9
| | | | | This fixes a segfault when scanning through a long history of recent changes (say > 20 changes)
* more consistently show notes in recent changesKartik K. Agaram2021-12-161-1/+5
| | | | | | | | | Teliva emits timestamps in multi-line format end in a newline. As a result, notes get rendered on the next line and are then immediately overwritten by the contents of the definition. This bug was masked by my hacky 'original' timestamps which don't use multi-line format.
* stop leaking on the Lua stack, reduxKartik K. Agaram2021-12-161-11/+19
| | | | | An empty stack is too rigorous a line to hold. Instead we'll just ensure we leave the stack the way we found it.
* Revert "stop leaking on the Lua stack"Kartik K. Agaram2021-12-162-3/+2
| | | | | | | This reverts commit 7c1b9d0b91295323b5ed5ec3e09b46566288bc75. The 'big hammer' isn't good enough. The recent changes view seems to need state on the stack across invocations of the editor.
* stop leaking on the Lua stackKartik K. Agaram2021-12-162-2/+3
| | | | | ..even if at the expense of leaking on the heap. Because the Lua stack has very limited space (~20 slots). When it overflows, we segfault.
* show all functions in big pictureKartik K. Agaram2021-12-131-2/+6
| | | | We were missing functions in some larger programs.
* can again edit notes on changesKartik K. Agaram2021-12-111-4/+4
|
* .Kartik K. Agaram2021-12-111-0/+2
|
* handle non-existent fileKartik K. Agaram2021-12-111-1/+5
|
* bring back commandline argsKartik K. Agaram2021-12-111-1/+18
|
* snapshot: migrate all sample apps to new formatKartik K. Agaram2021-12-112-44/+3
|
* snapshot: writing working?Kartik K. Agaram2021-12-113-45/+112
| | | | | | This is a complete mess. I want to abstract reading multiline strings behind a function, but the lookahead requirements for that are quite stringent. What's a reasonable abstraction here?
* snapshot: key/value lines after multiline stringsKartik K. Agaram2021-12-112-29/+44
|
* snapshot: start reading a new formatKartik K. Agaram2021-12-114-27/+119
| | | | | | | | | | | | | | | I really wanted to avoid getting into defining or parsing new file formats. However, using the entire power of Lua is not ideal, as described earlier in Konrad Hinsen's bug. In addition to everything else, it's a vector for arbitrary code execution when someone loads an untrusted image. I could use JSON, but it requires ugly string escaping. Seems cleaner to just use YAML. But YAML is complex and needs its own dependencies. If I'm going to do my own, might as well make the multi-line string format really clear. I can't yet write the new format.
* commentKartik K. Agaram2021-12-081-0/+2
|
* minor colorscheme tweakKartik K. Agaram2021-12-081-1/+1
|
* display line numbersKartik K. Agaram2021-12-081-12/+29
| | | | | Not my aesthetic choice, but essential at the moment for quickly interpreting Lua errors.
* fix a use-after-freeKartik K. Agaram2021-12-081-2/+2
| | | | Introduced Nov 28. Let's see if my intermittent segfaults stop now.
* .Kartik K. Agaram2021-12-072-3/+3
|
* cleanerKartik K. Agaram2021-12-071-2/+2
|
* slightly improve experience on Konrad Hinsen's bugKartik K. Agaram2021-12-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Steps to reproduce: * Run teliva with some app. * Press ctrl-e to edit the app. * Select some function. * Press ctrl-g and type in some Lua keyword like 'function' or 'while' (Since the first word in a function is often 'function', it becomes the default if you press ctrl-g immediately after entering the editor for a function.) * Type nothing. Run the app. Desired behavior: app continues to run. The definition for the keyword is silently ignored (in future we may want to provide an error message) Behavior before this commit: app silently exited with non-zero status, and refused to restart thereafter until the .tlv file was manually edited to delete the definition for the Lua keyword. Behavior after this commit: app throws an error message like these: * For `function`: ``` src/teliva: x.tlv:99: '(' expected near '=' sorry, you'll need to edit the image directly. press any key to exit. ``` * For `while`: ``` src/teliva: x.tlv:99: unexpected symbol near 'while' sorry, you'll need to edit the image directly. press any key to exit. ``` You still need to edit the .tlv file manually, but the steps for recovery are a bit more discoverable. To fix this properly I also need to fix a looming security hole I've been thinking about for some time. The long-term goal of Teliva is to put the human running apps in control of what they do, by sandboxing accesses to the file system, network and so on. However, even after we build gates on all of Lua's standard libraries, we're still parsing .tlv files as Lua, with all of its power available. Solution: load .tlv files as some sort of JSON-like subset of Lua. Maybe I should just use JSON, and rely on code that's already in Teliva, even if I'm introducing a new notation in the process.
* fix colors in startup errorsKartik K. Agaram2021-12-061-0/+1
|
* slightly more obvious menu copyKartik K. Agaram2021-12-063-9/+44
| | | | Still sucks, though..