feat(core): add `shell > sidecar` allowlist and `process` feature flag [TRI-037] (#18)

.changes/command-feature-flag.md

@@ -0,0 +1,5 @@
+---
+"tauri": patch
+---
+
+The `api::process::Command` APIs are now hidden behind the `command` feature flag.

.changes/sidecar-allowlist.md

@@ -0,0 +1,6 @@
+---
+"tauri-utils": patch
+"tauri": patch
+---
+
+The `shell` allowlist now includes a `sidecar` flag, which enables the use of the `shell` API to execute sidecars.

core/tauri-utils/src/config.rs

@@ -840,6 +840,11 @@ pub struct ShellAllowlistConfig {
   /// Enable binary execution.
   #[serde(default)]
   pub execute: bool,
+  /// Enable sidecar execution, allowing the JavaScript layer to spawn a sidecar program,
+  /// an executable that is shipped with the application.
+  /// For more information see https://tauri.studio/en/docs/usage/guides/bundler/sidecar.
+  #[serde(default)]
+  pub sidecar: bool,
   /// Open URL with the user's default application.
   #[serde(default)]
   pub open: bool,
@@ -850,6 +855,7 @@ impl Allowlist for ShellAllowlistConfig {
     let allowlist = Self {
       all: false,
       execute: true,
+      sidecar: true,
       open: true,
     };
     let mut features = allowlist.to_features();
@@ -863,6 +869,7 @@ impl Allowlist for ShellAllowlistConfig {
     } else {
       let mut features = Vec::new();
       check_feature!(self, features, execute, "shell-execute");
+      check_feature!(self, features, sidecar, "shell-sidecar");
       check_feature!(self, features, open, "shell-open");
       features
     }

core/tauri/Cargo.toml

@@ -164,8 +164,10 @@ process-relaunch = []
 protocol-all = ["protocol-asset"]
 protocol-asset = []
 reqwest-client = ["reqwest", "bytes"]
-shell-all = ["shell-execute", "shell-open"]
-shell-execute = ["shared_child", "os_pipe"]
+command = ["shared_child", "os_pipe"]
+shell-all = ["shell-execute", "shell-sidecar", "shell-open"]
+shell-execute = ["command"]
+shell-sidecar = ["command"]
 shell-open = ["open"]
 system-tray = ["tauri-runtime/system-tray", "tauri-runtime-wry/system-tray"]
 updater = ["minisign-verify", "base64", "dialog-ask"]

core/tauri/build.rs

@@ -51,8 +51,9 @@ fn main() {
 
     // shell
     shell_all: { any(api_all, feature = "shell-all") },
-    shell_open: { any(shell_all, feature = "shell-open") },
     shell_execute: { any(shell_all, feature = "shell-execute") },
+    shell_sidecar: { any(shell_all, feature = "shell-sidecar") },
+    shell_open: { any(shell_all, feature = "shell-open") },
 
     // dialog
     dialog_all: { any(api_all, feature = "dialog-all") },

core/tauri/src/api/process.rs

@@ -12,9 +12,11 @@ use std::{
   process::{exit, Command as StdCommand},
 };
 
-#[cfg(shell_execute)]
+#[cfg(feature = "command")]
+#[cfg_attr(doc_cfg, doc(cfg(feature = "command")))]
 mod command;
-#[cfg(shell_execute)]
+#[cfg(feature = "command")]
+#[cfg_attr(doc_cfg, doc(cfg(feature = "command")))]
 pub use command::*;
 
 /// Gets the current binary.

core/tauri/src/endpoints/shell.rs

@@ -81,13 +81,23 @@ impl Cmd {
         on_event_fn,
         options,
       } => {
-        #[cfg(shell_execute)]
+        let mut command = if options.sidecar {
+          #[cfg(not(shell_sidecar))]
+          return Err(crate::Error::ApiNotAllowlisted(
+            "shell > sidecar".to_string(),
+          ));
+          #[cfg(shell_sidecar)]
+          crate::api::process::Command::new_sidecar(program)?
+        } else {
+          #[cfg(not(shell_execute))]
+          return Err(crate::Error::ApiNotAllowlisted(
+            "shell > execute".to_string(),
+          ));
+          #[cfg(shell_execute)]
+          crate::api::process::Command::new(program)
+        };
+        #[cfg(any(shell_execute, shell_sidecar))]
         {
-          let mut command = if options.sidecar {
-            crate::api::process::Command::new_sidecar(program)?
-          } else {
-            crate::api::process::Command::new(program)
-          };
           command = command.args(args);
           if let Some(cwd) = options.cwd {
             command = command.current_dir(cwd);
@@ -116,10 +126,6 @@ impl Cmd {
 
           Ok(pid.into())
         }
-        #[cfg(not(shell_execute))]
-        Err(crate::Error::ApiNotAllowlisted(
-          "shell > execute".to_string(),
-        ))
       }
       Self::KillChild { pid } => {
         #[cfg(shell_execute)]

tooling/cli.rs/schema.json

@@ -103,7 +103,8 @@
           "shell": {
             "all": false,
             "execute": false,
-            "open": false
+            "open": false,
+            "sidecar": false
           },
           "window": {
             "all": false,
@@ -338,7 +339,8 @@
           "default": {
             "all": false,
             "execute": false,
-            "open": false
+            "open": false,
+            "sidecar": false
           },
           "allOf": [
             {
@@ -1265,6 +1267,11 @@
           "description": "Open URL with the user's default application.",
           "default": false,
           "type": "boolean"
+        },
+        "sidecar": {
+          "description": "Enable sidecar execution, allowing the JavaScript layer to spawn a sidecar program, an executable that is shipped with the application. For more information see https://tauri.studio/en/docs/usage/guides/bundler/sidecar.",
+          "default": false,
+          "type": "boolean"
         }
       },
       "additionalProperties": false
@@ -1356,7 +1363,8 @@
             "shell": {
               "all": false,
               "execute": false,
-              "open": false
+              "open": false,
+              "sidecar": false
             },
             "window": {
               "all": false,