From eed017287fed2ade689af4268e8b63b9c9f2e585 Mon Sep 17 00:00:00 2001
From: Lucas Fernandes Nogueira <lucas@tauri.studio>
Date: Sun, 24 Oct 2021 09:30:58 -0300
Subject: [PATCH] feat(core): add `shell > sidecar` allowlist and `process`
 feature flag [TRI-037] (#18)

---
 .changes/command-feature-flag.md  |  5 +++++
 .changes/sidecar-allowlist.md     |  6 ++++++
 core/tauri-utils/src/config.rs    |  7 +++++++
 core/tauri/Cargo.toml             |  6 ++++--
 core/tauri/build.rs               |  3 ++-
 core/tauri/src/api/process.rs     |  6 ++++--
 core/tauri/src/endpoints/shell.rs | 26 ++++++++++++++++----------
 tooling/cli.rs/schema.json        | 14 +++++++++++---
 8 files changed, 55 insertions(+), 18 deletions(-)
 create mode 100644 .changes/command-feature-flag.md
 create mode 100644 .changes/sidecar-allowlist.md

diff --git a/.changes/command-feature-flag.md b/.changes/command-feature-flag.md
new file mode 100644
index 000000000..7868da9f2
--- /dev/null
+++ b/.changes/command-feature-flag.md
@@ -0,0 +1,5 @@
+---
+"tauri": patch
+---
+
+The `api::process::Command` APIs are now hidden behind the `command` feature flag.
\ No newline at end of file
diff --git a/.changes/sidecar-allowlist.md b/.changes/sidecar-allowlist.md
new file mode 100644
index 000000000..f85d37c34
--- /dev/null
+++ b/.changes/sidecar-allowlist.md
@@ -0,0 +1,6 @@
+---
+"tauri-utils": patch
+"tauri": patch
+---
+
+The `shell` allowlist now includes a `sidecar` flag, which enables the use of the `shell` API to execute sidecars.
diff --git a/core/tauri-utils/src/config.rs b/core/tauri-utils/src/config.rs
index 04d302c7d..3bbf3c995 100644
--- a/core/tauri-utils/src/config.rs
+++ b/core/tauri-utils/src/config.rs
@@ -840,6 +840,11 @@ pub struct ShellAllowlistConfig {
   /// Enable binary execution.
   #[serde(default)]
   pub execute: bool,
+  /// Enable sidecar execution, allowing the JavaScript layer to spawn a sidecar program,
+  /// an executable that is shipped with the application.
+  /// For more information see https://tauri.studio/en/docs/usage/guides/bundler/sidecar.
+  #[serde(default)]
+  pub sidecar: bool,
   /// Open URL with the user's default application.
   #[serde(default)]
   pub open: bool,
@@ -850,6 +855,7 @@ impl Allowlist for ShellAllowlistConfig {
     let allowlist = Self {
       all: false,
       execute: true,
+      sidecar: true,
       open: true,
     };
     let mut features = allowlist.to_features();
@@ -863,6 +869,7 @@ impl Allowlist for ShellAllowlistConfig {
     } else {
       let mut features = Vec::new();
       check_feature!(self, features, execute, "shell-execute");
+      check_feature!(self, features, sidecar, "shell-sidecar");
       check_feature!(self, features, open, "shell-open");
       features
     }
diff --git a/core/tauri/Cargo.toml b/core/tauri/Cargo.toml
index f5fb009d9..965b32827 100644
--- a/core/tauri/Cargo.toml
+++ b/core/tauri/Cargo.toml
@@ -164,8 +164,10 @@ process-relaunch = []
 protocol-all = ["protocol-asset"]
 protocol-asset = []
 reqwest-client = ["reqwest", "bytes"]
-shell-all = ["shell-execute", "shell-open"]
-shell-execute = ["shared_child", "os_pipe"]
+command = ["shared_child", "os_pipe"]
+shell-all = ["shell-execute", "shell-sidecar", "shell-open"]
+shell-execute = ["command"]
+shell-sidecar = ["command"]
 shell-open = ["open"]
 system-tray = ["tauri-runtime/system-tray", "tauri-runtime-wry/system-tray"]
 updater = ["minisign-verify", "base64", "dialog-ask"]
diff --git a/core/tauri/build.rs b/core/tauri/build.rs
index 767d8f02d..b988f7872 100644
--- a/core/tauri/build.rs
+++ b/core/tauri/build.rs
@@ -51,8 +51,9 @@ fn main() {
 
     // shell
     shell_all: { any(api_all, feature = "shell-all") },
-    shell_open: { any(shell_all, feature = "shell-open") },
     shell_execute: { any(shell_all, feature = "shell-execute") },
+    shell_sidecar: { any(shell_all, feature = "shell-sidecar") },
+    shell_open: { any(shell_all, feature = "shell-open") },
 
     // dialog
     dialog_all: { any(api_all, feature = "dialog-all") },
diff --git a/core/tauri/src/api/process.rs b/core/tauri/src/api/process.rs
index 1e6175786..c523bbdcd 100644
--- a/core/tauri/src/api/process.rs
+++ b/core/tauri/src/api/process.rs
@@ -12,9 +12,11 @@ use std::{
   process::{exit, Command as StdCommand},
 };
 
-#[cfg(shell_execute)]
+#[cfg(feature = "command")]
+#[cfg_attr(doc_cfg, doc(cfg(feature = "command")))]
 mod command;
-#[cfg(shell_execute)]
+#[cfg(feature = "command")]
+#[cfg_attr(doc_cfg, doc(cfg(feature = "command")))]
 pub use command::*;
 
 /// Gets the current binary.
diff --git a/core/tauri/src/endpoints/shell.rs b/core/tauri/src/endpoints/shell.rs
index 33ba145b7..38e3456f4 100644
--- a/core/tauri/src/endpoints/shell.rs
+++ b/core/tauri/src/endpoints/shell.rs
@@ -81,13 +81,23 @@ impl Cmd {
         on_event_fn,
         options,
       } => {
-        #[cfg(shell_execute)]
+        let mut command = if options.sidecar {
+          #[cfg(not(shell_sidecar))]
+          return Err(crate::Error::ApiNotAllowlisted(
+            "shell > sidecar".to_string(),
+          ));
+          #[cfg(shell_sidecar)]
+          crate::api::process::Command::new_sidecar(program)?
+        } else {
+          #[cfg(not(shell_execute))]
+          return Err(crate::Error::ApiNotAllowlisted(
+            "shell > execute".to_string(),
+          ));
+          #[cfg(shell_execute)]
+          crate::api::process::Command::new(program)
+        };
+        #[cfg(any(shell_execute, shell_sidecar))]
         {
-          let mut command = if options.sidecar {
-            crate::api::process::Command::new_sidecar(program)?
-          } else {
-            crate::api::process::Command::new(program)
-          };
           command = command.args(args);
           if let Some(cwd) = options.cwd {
             command = command.current_dir(cwd);
@@ -116,10 +126,6 @@ impl Cmd {
 
           Ok(pid.into())
         }
-        #[cfg(not(shell_execute))]
-        Err(crate::Error::ApiNotAllowlisted(
-          "shell > execute".to_string(),
-        ))
       }
       Self::KillChild { pid } => {
         #[cfg(shell_execute)]
diff --git a/tooling/cli.rs/schema.json b/tooling/cli.rs/schema.json
index c7265e48b..c3ccfb3f4 100644
--- a/tooling/cli.rs/schema.json
+++ b/tooling/cli.rs/schema.json
@@ -103,7 +103,8 @@
           "shell": {
             "all": false,
             "execute": false,
-            "open": false
+            "open": false,
+            "sidecar": false
           },
           "window": {
             "all": false,
@@ -338,7 +339,8 @@
           "default": {
             "all": false,
             "execute": false,
-            "open": false
+            "open": false,
+            "sidecar": false
           },
           "allOf": [
             {
@@ -1265,6 +1267,11 @@
           "description": "Open URL with the user's default application.",
           "default": false,
           "type": "boolean"
+        },
+        "sidecar": {
+          "description": "Enable sidecar execution, allowing the JavaScript layer to spawn a sidecar program, an executable that is shipped with the application. For more information see https://tauri.studio/en/docs/usage/guides/bundler/sidecar.",
+          "default": false,
+          "type": "boolean"
         }
       },
       "additionalProperties": false
@@ -1356,7 +1363,8 @@
             "shell": {
               "all": false,
               "execute": false,
-              "open": false
+              "open": false,
+              "sidecar": false
             },
             "window": {
               "all": false,