diff --git a/TCB/Cap.ml b/TCB/Cap.ml index 7b72c8cf99d4..b5a1e3979a8e 100644 --- a/TCB/Cap.ml +++ b/TCB/Cap.ml @@ -126,10 +126,10 @@ module Process = struct type env = cap (* advanced stuff - * TODO: subtypes, like timeout signal very important - * TODO: split signal? + * TODO: split signal? use subtypes to make alarm a subtype of signal? *) type signal = cap + type alarm = cap type exit = cap type pid = cap type kill = cap @@ -208,6 +208,7 @@ type console = < stdin ; stdout ; stderr > type argv = < argv : Process.argv > type env = < env : Process.env > type signal = < signal : Process.signal > +type alarm = < alarm : Process.signal > type exit = < exit : Process.exit > type pid = < pid : Process.pid > type kill = < kill : Process.kill > @@ -216,7 +217,7 @@ type fork = < fork : Process.fork > type domain = < domain : Process.domain > type thread = < thread : Process.thread > type process_multi = < pid ; kill ; fork ; domain ; thread > -type process_single = < signal ; exit ; chdir > +type process_single = < signal ; alarm ; exit ; chdir > type process = < argv ; env ; console ; process_single ; process_multi > (* exec *) @@ -271,6 +272,7 @@ let powerbox : all_caps = method kill = () method chdir = () method signal = () + method alarm = () method fork = () method exit = () method domain = () @@ -308,9 +310,10 @@ let stdout_caps_UNSAFE () = end (* !!DO NOT USE!! *) -let fork_caps_UNSAFE () = +let fork_and_alarm_caps_UNSAFE () = object method fork = () + method alarm = () end (* !!DO NOT USE!! *) diff --git a/TCB/Cap.mli b/TCB/Cap.mli index 37966da464bf..4e3cf7b70fc9 100644 --- a/TCB/Cap.mli +++ b/TCB/Cap.mli @@ -31,6 +31,7 @@ module Process : sig type pid type kill type chdir + type alarm (* one of the signal *) (* See also the separate Exec.t *) type fork @@ -119,6 +120,7 @@ type console = < stdin ; stdout ; stderr > type argv = < argv : Process.argv > type env = < env : Process.env > type signal = < signal : Process.signal > +type alarm = < alarm : Process.signal > type exit = < exit : Process.exit > type pid = < pid : Process.pid > type kill = < kill : Process.kill > @@ -127,7 +129,7 @@ type fork = < fork : Process.fork > type domain = < domain : Process.domain > type thread = < thread : Process.thread > type process_multi = < pid ; kill ; fork ; domain ; thread > -type process_single = < signal ; exit ; chdir > +type process_single = < signal ; alarm ; exit ; chdir > type process = < argv ; env ; console ; process_single ; process_multi > (* exec *) @@ -171,7 +173,7 @@ val no_caps : no_caps val network_caps_UNSAFE : unit -> < network > val tmp_caps_UNSAFE : unit -> < tmp > val stdout_caps_UNSAFE : unit -> < stdout > -val fork_caps_UNSAFE : unit -> < fork > +val fork_and_alarm_caps_UNSAFE : unit -> < fork ; alarm > val exec_and_tmp_caps_UNSAFE : unit -> < exec ; tmp > (**************************************************************************) diff --git a/TCB/forbid_process.jsonnet b/TCB/forbid_process.jsonnet index 95e2d876ed6b..b244a2f4170a 100644 --- a/TCB/forbid_process.jsonnet +++ b/TCB/forbid_process.jsonnet @@ -3,9 +3,15 @@ local common = import 'common.libsonnet'; local unix_funcs = [ 'fork', + 'setitimer', //TODO: alarm, signal, kill, waitpid ]; +local sys_funcs = [ + 'sigalrm', + //TODO: set_signal +]; + { rules: [ { @@ -14,6 +20,9 @@ local unix_funcs = [ // Unix [('Unix.' + p) for p in unix_funcs] + [('UUnix.' + p) for p in unix_funcs] + + // Sys + [('Sys.' + p) for p in sys_funcs] + + [('USys.' + p) for p in sys_funcs] + // Parmap ['Parmap.$F'] + //TODO Other libs? @@ -22,7 +31,7 @@ local unix_funcs = [ languages: ['ocaml'], paths: { exclude: common.exclude_paths + - ['Parmap_.ml'] + ['Parmap_.ml', 'Time_limit.ml'] }, severity: 'ERROR', message: ||| diff --git a/src/core_cli/Core_CLI.ml b/src/core_cli/Core_CLI.ml index b82e8480aa91..fec35ddd901f 100644 --- a/src/core_cli/Core_CLI.ml +++ b/src/core_cli/Core_CLI.ml @@ -341,7 +341,7 @@ let all_actions (caps : Cap.all_caps) () = " ", Arg_.mk_action_n_conv Fpath.v (Check_rule.check_files - (caps :> < Cap.stdout ; Cap.fork >) + (caps :> < Cap.stdout ; Cap.fork ; Cap.alarm >) !output_format) ); (* this is run by some of our workflows (e.g., check-pro-rules.jsonnet) *) ( "-test_rules", diff --git a/src/core_scan/Core_scan.ml b/src/core_scan/Core_scan.ml index 1f5153b8f590..db9405e65af7 100644 --- a/src/core_scan/Core_scan.ml +++ b/src/core_scan/Core_scan.ml @@ -115,8 +115,8 @@ module Out = Semgrep_output_v1_j semgrep and semgrep-proprietary use the same definition *) type func = Core_scan_config.t -> Core_result.result_or_exn -(* TODO: far more: alarm, stdout (sometimes), ... *) -type caps = < Cap.fork > +(* TODO: stdout (sometimes) *) +type caps = < Cap.fork ; Cap.alarm > (* A target is [Not_scanned] when semgrep didn't find any applicable rules. * The information is useful to return to pysemgrep/osemgrep to @@ -815,7 +815,8 @@ let sca_rules_filtering (target : Target.regular) (rules : Rule.t list) : (*****************************************************************************) (* build the callback for iter_targets_and_get_matches_and_exn_to_errors *) -let mk_target_handler (config : Core_scan_config.t) (valid_rules : Rule.t list) +let mk_target_handler (caps : < Cap.alarm >) (config : Core_scan_config.t) + (valid_rules : Rule.t list) (prefilter_cache_opt : Match_env.prefilter_config) : target_handler = (* Note that this function runs in another process *) function @@ -867,7 +868,11 @@ let mk_target_handler (config : Core_scan_config.t) (valid_rules : Rule.t list) let timeout = Some Match_rules. - { timeout = config.timeout; threshold = config.timeout_threshold } + { + timeout = config.timeout; + threshold = config.timeout_threshold; + caps :> < Cap.alarm >; + } in let matches = (* !!Calling Match_rules!! Calling the matching engine!! *) @@ -907,7 +912,9 @@ let scan_exn (caps : caps) (config : Core_scan_config.t) |> iter_targets_and_get_matches_and_exn_to_errors (caps :> < Cap.fork >) config - (mk_target_handler config valid_rules prefilter_cache_opt) + (mk_target_handler + (caps :> < Cap.alarm >) + config valid_rules prefilter_cache_opt) in let scanned = scanned_of_targets ~targets ~scanned_targets in diff --git a/src/core_scan/Core_scan.mli b/src/core_scan/Core_scan.mli index f9402b5bd4d7..06aa9b11e22d 100644 --- a/src/core_scan/Core_scan.mli +++ b/src/core_scan/Core_scan.mli @@ -1,7 +1,9 @@ (* The type of the semgrep "core" scan. We define it here so that semgrep and semgrep-proprietary use the same definition *) type func = Core_scan_config.t -> Core_result.result_or_exn -type caps = < Cap.fork > + +(* alias to avoid repeating ourselves in many callers *) +type caps = < Cap.fork ; Cap.alarm > (* Entry point. This is used in Core_CLI.ml for semgrep-core, * in Pro_core_CLI for semgrep-core-proprietary, in tests, and finally @@ -26,7 +28,7 @@ type caps = < Cap.fork > * or UConsole. In theory, scan() can be completely pure. * * We require Cap.fork for Parmap. - * TODO: require Cap.alarm (for timeout in Check_rules()), and more. + * We require Cap.alarm for timeout in Check_rules(). * * The scan function has the type [func] defined above. * diff --git a/src/engine/Match_rules.ml b/src/engine/Match_rules.ml index 14927debd4e6..95117bfce97d 100644 --- a/src/engine/Match_rules.ml +++ b/src/engine/Match_rules.ml @@ -35,7 +35,7 @@ exception File_timeout of Rule_ID.t list (* TODO make this one of the Semgrep_error_code exceptions *) exception Multistep_rules_not_available -type timeout_config = { timeout : float; threshold : int } +type timeout_config = { timeout : float; threshold : int; caps : < Cap.alarm > } (*****************************************************************************) (* Helpers *) diff --git a/src/engine/Match_rules.mli b/src/engine/Match_rules.mli index 498a86a42bdf..f8b45968288d 100644 --- a/src/engine/Match_rules.mli +++ b/src/engine/Match_rules.mli @@ -1,7 +1,7 @@ (* this can be raised when timeout_threshold is set *) exception File_timeout of Rule_ID.t list -type timeout_config = { timeout : float; threshold : int } +type timeout_config = { timeout : float; threshold : int; caps : < Cap.alarm > } (* Matches many rules against one target. This function is called from * Test_engine.ml, Test_subcommand.ml, and of course Core_scan.ml diff --git a/src/metachecking/Check_rule.ml b/src/metachecking/Check_rule.ml index 0cdfc8524a3c..64fcd875f702 100644 --- a/src/metachecking/Check_rule.ml +++ b/src/metachecking/Check_rule.ml @@ -318,8 +318,10 @@ let run_checks (caps : Core_scan.caps) (metachecks : Fpath.t) in semgrep_found_errs @ ocaml_found_errs -(* for semgrep-core -check_rules, called from pysemgrep --validate *) -let check_files (caps : < Cap.stdout ; Cap.fork >) +(* for semgrep-core -check_rules, called from pysemgrep --validate + * caps = Core_scan.caps + Cap.stdout + *) +let check_files (caps : < Cap.stdout ; Cap.fork ; Cap.alarm >) (output_format : Core_scan_config.output_format) (input : Fpath.t list) : unit = let errors = diff --git a/src/metachecking/Check_rule.mli b/src/metachecking/Check_rule.mli index f18a6d22733d..4e45cd647d49 100644 --- a/src/metachecking/Check_rule.mli +++ b/src/metachecking/Check_rule.mli @@ -9,7 +9,7 @@ val run_checks : (* -check_rules *) val check_files : - < Cap.stdout ; Cap.fork > -> + < Cap.stdout ; Cap.fork ; Cap.alarm > -> Core_scan_config.output_format -> Fpath.t list -> unit diff --git a/src/osemgrep/cli/CLI.ml b/src/osemgrep/cli/CLI.ml index 0bf017fe1a13..990318845abc 100644 --- a/src/osemgrep/cli/CLI.ml +++ b/src/osemgrep/cli/CLI.ml @@ -44,7 +44,8 @@ type caps = ; Cap.signal ; Cap.tmp ; Cap.chdir - ; Cap.fork > + ; Cap.fork + ; Cap.alarm > let default_subcommand = "scan" @@ -198,7 +199,12 @@ let dispatch_subcommand (caps : caps) (argv : string array) = | "scan" -> Scan_subcommand.main (caps - :> < Cap.stdout ; Cap.network ; Cap.tmp ; Cap.chdir ; Cap.fork >) + :> < Cap.stdout + ; Cap.network + ; Cap.tmp + ; Cap.chdir + ; Cap.fork + ; Cap.alarm >) subcmd_argv | "ci" -> Ci_subcommand.main @@ -208,7 +214,8 @@ let dispatch_subcommand (caps : caps) (argv : string array) = ; Cap.exec ; Cap.tmp ; Cap.chdir - ; Cap.fork >) + ; Cap.fork + ; Cap.alarm >) subcmd_argv | "install-semgrep-pro" -> Install_semgrep_pro_subcommand.main @@ -217,7 +224,8 @@ let dispatch_subcommand (caps : caps) (argv : string array) = (* osemgrep-only: and by default! no need experimental! *) | "lsp" -> Lsp_subcommand.main - (caps :> < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork >) + (caps + :> < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm >) subcmd_argv | "logout" -> Logout_subcommand.main (caps :> < Cap.stdout >) subcmd_argv diff --git a/src/osemgrep/cli/CLI.mli b/src/osemgrep/cli/CLI.mli index 807ec98a4325..a2cd8b4f5959 100644 --- a/src/osemgrep/cli/CLI.mli +++ b/src/osemgrep/cli/CLI.mli @@ -9,7 +9,8 @@ type caps = ; Cap.signal ; Cap.tmp ; Cap.chdir - ; Cap.fork > + ; Cap.fork + ; Cap.alarm > (* Parse the semgrep command line, run the requested subcommand, and return diff --git a/src/osemgrep/cli_ci/Ci_subcommand.ml b/src/osemgrep/cli_ci/Ci_subcommand.ml index 67fc811b39e5..b01b2b2e005d 100644 --- a/src/osemgrep/cli_ci/Ci_subcommand.ml +++ b/src/osemgrep/cli_ci/Ci_subcommand.ml @@ -90,7 +90,13 @@ module OutJ = Semgrep_output_v1_j * TODO: probably far more needed at some point *) type caps = - < Cap.stdout ; Cap.network ; Cap.exec ; Cap.tmp ; Cap.chdir ; Cap.fork > + < Cap.stdout + ; Cap.network + ; Cap.exec + ; Cap.tmp + ; Cap.chdir + ; Cap.fork + ; Cap.alarm > (*****************************************************************************) (* Error management *) @@ -823,7 +829,7 @@ let run_conf (caps : caps) (ci_conf : Ci_CLI.conf) : Exit_code.t = in let res = Scan_subcommand.check_targets_with_rules - (caps :> < Cap.stdout ; Cap.chdir ; Cap.tmp ; Cap.fork >) + (caps :> < Cap.stdout ; Cap.chdir ; Cap.tmp ; Cap.fork ; Cap.alarm >) conf profiler rules_and_origin targets_and_ignored in match res with diff --git a/src/osemgrep/cli_ci/Ci_subcommand.mli b/src/osemgrep/cli_ci/Ci_subcommand.mli index 1e355d5d77bc..469cce8f9bcd 100644 --- a/src/osemgrep/cli_ci/Ci_subcommand.mli +++ b/src/osemgrep/cli_ci/Ci_subcommand.mli @@ -1,5 +1,14 @@ module OutJ = Semgrep_output_v1_j +type caps = + < Cap.stdout + ; Cap.network + ; Cap.exec + ; Cap.tmp + ; Cap.chdir + ; Cap.fork + ; Cap.alarm > + (* Parse a semgrep-ci command, execute it and exit. @@ -7,16 +16,9 @@ module OutJ = Semgrep_output_v1_j This function returns an exit code to be passed to the 'exit' function. *) -val main : - < Cap.network ; Cap.stdout ; Cap.exec ; Cap.tmp ; Cap.chdir ; Cap.fork > -> - string array -> - Exit_code.t +val main : caps -> string array -> Exit_code.t (* internal *) -val run_conf : - < Cap.network ; Cap.stdout ; Cap.exec ; Cap.tmp ; Cap.chdir ; Cap.fork > -> - Ci_CLI.conf -> - Exit_code.t - +val run_conf : caps -> Ci_CLI.conf -> Exit_code.t val rule_is_blocking : JSON.t -> bool val finding_is_blocking : OutJ.cli_match -> bool diff --git a/src/osemgrep/cli_lsp/Lsp_subcommand.ml b/src/osemgrep/cli_lsp/Lsp_subcommand.ml index 9380be8ac50c..f7c632d0f7ad 100644 --- a/src/osemgrep/cli_lsp/Lsp_subcommand.ml +++ b/src/osemgrep/cli_lsp/Lsp_subcommand.ml @@ -9,7 +9,7 @@ (*****************************************************************************) (* Types *) (*****************************************************************************) -type caps = < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork > +type caps = < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm > (* Set IO here since it is specific to the LS entrypoint *) (* This one utilizes unix IO, but the JS version does not *) diff --git a/src/osemgrep/cli_lsp/Lsp_subcommand.mli b/src/osemgrep/cli_lsp/Lsp_subcommand.mli index 2670b4b568ff..8ec95ad88785 100644 --- a/src/osemgrep/cli_lsp/Lsp_subcommand.mli +++ b/src/osemgrep/cli_lsp/Lsp_subcommand.mli @@ -1,3 +1,5 @@ +type caps = < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm > + (* Parse a semgrep-lsp command, execute it and exit. @@ -5,13 +7,7 @@ This function returns an exit code to be passed to the 'exit' function. *) -val main : - < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork > -> - string array -> - Exit_code.t +val main : caps -> string array -> Exit_code.t (* internal *) -val run_conf : - < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork > -> - Lsp_CLI.conf -> - Exit_code.t +val run_conf : caps -> Lsp_CLI.conf -> Exit_code.t diff --git a/src/osemgrep/cli_scan/Scan_subcommand.ml b/src/osemgrep/cli_scan/Scan_subcommand.ml index 1709fcde85c0..b8c1a8430884 100644 --- a/src/osemgrep/cli_scan/Scan_subcommand.ml +++ b/src/osemgrep/cli_scan/Scan_subcommand.ml @@ -43,7 +43,9 @@ type caps = *) Cap.chdir ; (* for Parmap in Core_scan *) - Cap.fork > + Cap.fork + ; (* for Check_rules timeout *) + Cap.alarm > (*****************************************************************************) (* Metrics *) @@ -523,9 +525,11 @@ let adjust_nosemgrep_and_autofix ~keep_ignored (res : Core_runner.result) : (*****************************************************************************) (* Yet another check targets with rules *) (*****************************************************************************) -(* this is called also from Ci_subcommand.ml *) +(* this is called also from Ci_subcommand.ml. + * caps = topevel caps - Cap.network + *) let check_targets_with_rules - (caps : < Cap.stdout ; Cap.chdir ; Cap.tmp ; Cap.fork >) + (caps : < Cap.stdout ; Cap.chdir ; Cap.tmp ; Cap.fork ; Cap.alarm >) (conf : Scan_CLI.conf) (profiler : Profiler.t) (rules_and_origins : Rule_fetching.rules_and_origin list) (targets_and_skipped : Fpath.t list * Out.skipped_target list) : @@ -776,7 +780,7 @@ let run_scan_conf (caps : caps) (conf : Scan_CLI.conf) : Exit_code.t = (* step3: let's go *) let res = check_targets_with_rules - (caps :> < Cap.stdout ; Cap.chdir ; Cap.tmp ; Cap.fork >) + (caps :> < Cap.stdout ; Cap.chdir ; Cap.tmp ; Cap.fork ; Cap.alarm >) conf profiler rules_and_origins targets_and_skipped in @@ -867,7 +871,7 @@ let run_conf (caps : caps) (conf : Scan_CLI.conf) : Exit_code.t = (Common2.some conf.test) | _ when conf.validate <> None -> Validate_subcommand.run_conf - (caps :> < Cap.stdout ; Cap.network ; Cap.tmp ; Cap.fork >) + (caps :> < Cap.stdout ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm >) (Common2.some conf.validate) | _ when conf.show <> None -> Show_subcommand.run_conf diff --git a/src/osemgrep/cli_scan/Scan_subcommand.mli b/src/osemgrep/cli_scan/Scan_subcommand.mli index d539213d0426..b1259dafd969 100644 --- a/src/osemgrep/cli_scan/Scan_subcommand.mli +++ b/src/osemgrep/cli_scan/Scan_subcommand.mli @@ -9,7 +9,8 @@ subcommands when using legacy flags (e.g., with 'semgrep scan --test'). *) -type caps = < Cap.stdout ; Cap.network ; Cap.tmp ; Cap.chdir ; Cap.fork > +type caps = + < Cap.stdout ; Cap.network ; Cap.tmp ; Cap.chdir ; Cap.fork ; Cap.alarm > val main : caps -> string array -> Exit_code.t @@ -19,7 +20,7 @@ val run_scan_conf : caps -> Scan_CLI.conf -> Exit_code.t (* internal: also used in CI *) val check_targets_with_rules : - < Cap.stdout ; Cap.chdir ; Cap.tmp ; Cap.fork > -> + < Cap.stdout ; Cap.chdir ; Cap.tmp ; Cap.fork ; Cap.alarm > -> Scan_CLI.conf -> Profiler.t -> Rule_fetching.rules_and_origin list -> diff --git a/src/osemgrep/cli_scan/Validate_subcommand.ml b/src/osemgrep/cli_scan/Validate_subcommand.ml index 873effe95332..7b85ced28ed8 100644 --- a/src/osemgrep/cli_scan/Validate_subcommand.ml +++ b/src/osemgrep/cli_scan/Validate_subcommand.ml @@ -39,7 +39,7 @@ module Out = Semgrep_output_v1_t (*****************************************************************************) (* TODO: should use stdout, right now we abuse Logs.app *) -type caps = < Cap.stdout ; Cap.network ; Cap.tmp ; Cap.fork > +type caps = < Cap.stdout ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm > (* a slice of Scan_CLI.conf *) type conf = { diff --git a/src/osemgrep/cli_scan/Validate_subcommand.mli b/src/osemgrep/cli_scan/Validate_subcommand.mli index e8b94f9c530e..b3f18b3b989d 100644 --- a/src/osemgrep/cli_scan/Validate_subcommand.mli +++ b/src/osemgrep/cli_scan/Validate_subcommand.mli @@ -11,4 +11,6 @@ type conf = { [@@deriving show] val run_conf : - < Cap.stdout ; Cap.network ; Cap.tmp ; Cap.fork > -> conf -> Exit_code.t + < Cap.stdout ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm > -> + conf -> + Exit_code.t diff --git a/src/osemgrep/language_server/LS.mli b/src/osemgrep/language_server/LS.mli index b5f863300c09..e6a94e2bd633 100644 --- a/src/osemgrep/language_server/LS.mli +++ b/src/osemgrep/language_server/LS.mli @@ -2,5 +2,7 @@ val capabilities : Lsp.Types.ServerCapabilities.t (** The capabilities of the server. This is used to inform the client of what the server can do. Exposed for testing *) -val start : < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork > -> unit Lwt.t -(** Entry point of the language server. This will start the server, and communicate over stdin/out using the Language Server Protocol *) +val start : + < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm > -> unit Lwt.t +(** Entry point of the language server. This will start the server, and + communicate over stdin/out using the Language Server Protocol *) diff --git a/src/osemgrep/language_server/Test_LS_e2e.mli b/src/osemgrep/language_server/Test_LS_e2e.mli index 086000cdc3ee..95472a12ae7b 100644 --- a/src/osemgrep/language_server/Test_LS_e2e.mli +++ b/src/osemgrep/language_server/Test_LS_e2e.mli @@ -1,7 +1,9 @@ -val tests : < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork > -> Testo.t list +val tests : + < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm > -> Testo.t list val lwt_tests : - < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork > -> Testo_lwt.t list + < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm > -> + Testo_lwt.t list (* Shared with the main test suite. TODO: relocate to a more logical library? *) diff --git a/src/osemgrep/language_server/Unit_LS.mli b/src/osemgrep/language_server/Unit_LS.mli index e960399e8c77..548bcfb833fe 100644 --- a/src/osemgrep/language_server/Unit_LS.mli +++ b/src/osemgrep/language_server/Unit_LS.mli @@ -1 +1,2 @@ -val tests : < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork > -> Testo.t list +val tests : + < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm > -> Testo.t list diff --git a/src/osemgrep/language_server/server/RPC_server.mli b/src/osemgrep/language_server/server/RPC_server.mli index 1396d2368b34..98496a6ff87e 100644 --- a/src/osemgrep/language_server/server/RPC_server.mli +++ b/src/osemgrep/language_server/server/RPC_server.mli @@ -65,6 +65,6 @@ val handle_client_message : went wrong while handling it) *) val create : - < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork > -> + < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm > -> Lsp.Types.ServerCapabilities.t -> t diff --git a/src/osemgrep/language_server/server/Session.ml b/src/osemgrep/language_server/server/Session.ml index 7ee365c96b66..92f049b97893 100644 --- a/src/osemgrep/language_server/server/Session.ml +++ b/src/osemgrep/language_server/server/Session.ml @@ -65,7 +65,7 @@ type t = { search_config : Search_config.t option; metrics : LS_metrics.t; is_intellij : bool; - caps : < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork >; [@opaque] + caps : < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm >; [@opaque] } [@@deriving show] diff --git a/src/osemgrep/language_server/server/Session.mli b/src/osemgrep/language_server/server/Session.mli index 11d824e53433..bbddda621914 100644 --- a/src/osemgrep/language_server/server/Session.mli +++ b/src/osemgrep/language_server/server/Session.mli @@ -38,14 +38,16 @@ type t = { search_config : Search_config.t option; metrics : LS_metrics.t; is_intellij : bool; - caps : < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork >; [@opaque] + caps : < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm >; [@opaque] } val show : t -> string (** [show t] returns a string representation of the session *) val create : - < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork > -> ServerCapabilities.t -> t + < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm > -> + ServerCapabilities.t -> + t (** [create caps capabilities] creates a [Session.t] given server capabilities *) val send_metrics : diff --git a/src/tests/Test.ml b/src/tests/Test.ml index 8057ddad8850..1fde268486f6 100644 --- a/src/tests/Test.ml +++ b/src/tests/Test.ml @@ -81,13 +81,20 @@ let tests (caps : Cap.all_caps) = Unit_jsonnet.tests (); Unit_metachecking.tests (caps :> Core_scan.caps); (* OSemgrep tests *) - Unit_LS.tests (caps :> < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork >); + Unit_LS.tests + (caps :> < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm >); Unit_Login.tests caps; Unit_Fetching.tests (caps :> < Cap.network ; Cap.tmp >); Test_is_blocking_helpers.tests; Test_login_subcommand.tests (caps :> < Cap.stdout ; Cap.network >); Test_scan_subcommand.tests - (caps :> < Cap.stdout ; Cap.network ; Cap.tmp ; Cap.chdir ; Cap.fork >); + (caps + :> < Cap.stdout + ; Cap.network + ; Cap.tmp + ; Cap.chdir + ; Cap.fork + ; Cap.alarm >); Unit_test_subcommand.tests (caps :> < Cap.stdout ; Cap.network ; Cap.tmp >); Test_show_subcommand.tests @@ -100,7 +107,7 @@ let tests (caps : Cap.all_caps) = (* And the SSL issues they've been testing have been stable *) (*Unit_Networking.tests;*) Test_LS_e2e.tests - (caps :> < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork >); + (caps :> < Cap.random ; Cap.network ; Cap.tmp ; Cap.fork ; Cap.alarm >); (* End OSemgrep tests *) Spacegrep_tests.Test.tests (); Aliengrep.Unit_tests.tests;