Add --no-filesystem-checker flag to globally disable filesystem read/write checks (#5278)

Fixes #5248

I kept all the `os.Checker`s in place and made them check a threadlocal
to see whether to perform a check or not, rather than swapping out the
`Checker` based on the flag. This is necessary to support cases like
`BuildFileCls` where plumbing in the flag is not easy.

Updated the `os-checker` integration tests to cover this, and mentioned
it in the sandbox example tests

Author: lihaoyi

core/api/src/mill/api/FilesystemCheckerEnabled.scala

@@ -0,0 +1,3 @@
+package mill.api
+
+object FilesystemCheckerEnabled extends scala.util.DynamicVariable(true)

core/define/src/mill/define/internal/ResolveChecker.scala

@@ -3,14 +3,16 @@ package mill.define.internal
 class ResolveChecker(workspace: os.Path) extends os.Checker {
   def onRead(path: os.ReadablePath): Unit = {
     path match {
-      case path: os.Path =>
+      case path: os.Path if mill.api.FilesystemCheckerEnabled.value =>
         sys.error(s"Reading from ${path.relativeTo(workspace)} not allowed during resolution phase")
       case _ =>
     }
   }
 
   def onWrite(path: os.Path): Unit = {
-    sys.error(s"Writing to ${path.relativeTo(workspace)} not allowed during resolution phase")
+    if (mill.api.FilesystemCheckerEnabled.value) {
+      sys.error(s"Writing to ${path.relativeTo(workspace)} not allowed during resolution phase")
+    }
   }
 
   def withResolveChecker[T](f: () => T): T = {

core/exec/src/mill/exec/GroupExecution.scala

@@ -35,6 +35,7 @@ private trait GroupExecution {
   def getEvaluator: () => EvaluatorApi
   def headerData: String
   def offline: Boolean
+
   lazy val parsedHeaderData: Map[String, ujson.Value] = {
     import org.snakeyaml.engine.v2.api.{Load, LoadSettings}
     val loaded = new Load(LoadSettings.builder().build()).loadFromString(headerData)
@@ -536,7 +537,7 @@ private object GroupExecution {
     val executionChecker = new os.Checker {
       def onRead(path: os.ReadablePath): Unit = path match {
         case path: os.Path =>
-          if (!isCommand && !isInput) {
+          if (!isCommand && !isInput && mill.api.FilesystemCheckerEnabled.value) {
             if (path.startsWith(workspace) && !validReadDests.exists(path.startsWith(_))) {
               sys.error(
                 s"Reading from ${path.relativeTo(workspace)} not allowed during execution of `$terminal`"
@@ -547,7 +548,7 @@ private object GroupExecution {
       }
 
       def onWrite(path: os.Path): Unit = {
-        if (!isCommand) {
+        if (!isCommand && mill.api.FilesystemCheckerEnabled.value) {
           if (path.startsWith(workspace) && !validWriteDests.exists(path.startsWith(_))) {
             sys.error(
               s"Writing to ${path.relativeTo(workspace)} not allowed during execution of `$terminal`"

example/depth/sandbox/1-task/build.mill

@@ -83,6 +83,12 @@ def bannedWriteTaskOverridden = Task {
 hello
 */
 
+// You can also disable it globally by passing in `--no-filesystem-checker` to Mill:
+
+/** Usage
+> ./mill --no-filesystem-checker bannedReadTask
+*/
+
 //== `os.pwd` redirection
 
 // === Task `os.pwd` redirection

integration/failure/os-checker/resources/build.mill

@@ -17,3 +17,8 @@ def baz = Task { 1 }
 if (false) {
   os.write(moduleDir / "file.txt", "hello", createFolders = true)
 }
+
+object allowed extends Module {
+  os.write(moduleDir / "file.txt", "hello", createFolders = true)
+  def allowedTask = Task {}
+}

integration/failure/os-checker/src/OsCheckerTests.scala

@@ -11,16 +11,16 @@ object OsCheckerTests extends UtestIntegrationTestSuite {
       val res = tester.eval("foo.bar")
 
       assert(res.isSuccess == false)
-      assert(res.err.contains(
-        s"Writing to foo not allowed during resolution phase"
-      ))
+      assert(res.err.contains(s"Writing to foo not allowed during resolution phase"))
 
       val res2 = tester.eval("qux")
 
       assert(res2.isSuccess == false)
-      assert(res2.err.contains(
-        s"Writing to file.txt not allowed during execution of `qux`"
-      ))
+      assert(res2.err.contains(s"Writing to file.txt not allowed during execution of `qux`"))
+
+      val res2allowed = tester.eval(("--no-filesystem-checker", "qux"))
+
+      assert(res2allowed.isSuccess)
 
       tester.modifyFile(workspacePath / "build.mill", _.replace("if (false)", "if (true)"))
       val res3 = tester.eval("baz")
@@ -35,12 +35,16 @@ object OsCheckerTests extends UtestIntegrationTestSuite {
         workspacePath / "build.mill",
         _ + "\nprintln(os.read(mill.define.BuildCtx.workspaceRoot / \"build.mill\"))"
       )
+
+      val res4allowed = tester.eval(("--no-filesystem-checker", "allowed.allowedTask"))
+
+      assert(res4allowed.isSuccess)
+
+      tester.eval("shutdown")
       val res4 = tester.eval("baz")
 
       assert(res4.isSuccess == false)
-      assert(res4.err.contains(
-        s"Reading from build.mill not allowed during resolution phase"
-      ))
+      assert(res4.err.contains(s"Reading from build.mill not allowed during resolution phase"))
 
     }
   }

runner/daemon/src/mill/daemon/MillCliConfig.scala

@@ -165,14 +165,22 @@ case class MillCliConfig(
     )
     noWaitForBuildLock: Flag = Flag(),
     @arg(
-      doc =
-        """Try to work offline.
-          |This tells modules that support it to work offline and avoid any access to the internet.
-          |This is on a best effort basis.
-          |There are currently no guarantees that modules don't attempt to fetch remote sources."""
-          .stripMargin
+      doc = """
+        Try to work offline.
+        This tells modules that support it to work offline and avoid any access to the internet.
+        This is on a best effort basis.
+        There are currently no guarantees that modules don't attempt to fetch remote sources.
+      """
     )
     offline: Flag = Flag(),
+    @arg(
+      doc = """
+        Globally disables the checks that prevent you from reading and writing to disallowed 
+        files or folders during evaluation. Useful as an escape hatch in case you desperately
+        need to do something unusual and you are willing to take the risk
+      """
+    )
+    noFilesystemChecker: Flag = Flag(),
     @arg(
       doc = """Runs Mill in tab-completion mode"""
     )

runner/daemon/src/mill/daemon/MillMain0.scala

@@ -246,30 +246,33 @@ object MillMain0 {
                         // ensure all tasks re-run even though no inputs may have changed
                         if (enterKeyPressed) os.remove(out / OutFiles.millSelectiveExecution)
                         mill.define.SystemStreams.withStreams(logger.streams) {
-                          tailManager.withOutErr(logger.streams.out, logger.streams.err) {
-
-                            new MillBuildBootstrap(
-                              projectRoot = BuildCtx.workspaceRoot,
-                              output = out,
-                              // In BSP server, we want to evaluate as many tasks as possible,
-                              // in order to give as many results as available in BSP responses
-                              keepGoing = bspMode || config.keepGoing.value,
-                              imports = config.imports,
-                              env = env,
-                              ec = ec,
-                              targetsAndParams = targetsAndParams,
-                              prevRunnerState = prevState.getOrElse(stateCache),
-                              logger = logger,
-                              needBuildFile = needBuildFile(config),
-                              requestedMetaLevel = config.metaLevel,
-                              config.allowPositional.value,
-                              systemExit = systemExit,
-                              streams0 = streams,
-                              selectiveExecution = config.watch.value,
-                              offline = config.offline.value
-                            ).evaluate()
+                          mill.api.FilesystemCheckerEnabled.withValue(
+                            !config.noFilesystemChecker.value
+                          ) {
+                            tailManager.withOutErr(logger.streams.out, logger.streams.err) {
+
+                              new MillBuildBootstrap(
+                                projectRoot = BuildCtx.workspaceRoot,
+                                output = out,
+                                // In BSP server, we want to evaluate as many tasks as possible,
+                                // in order to give as many results as available in BSP responses
+                                keepGoing = bspMode || config.keepGoing.value,
+                                imports = config.imports,
+                                env = env,
+                                ec = ec,
+                                targetsAndParams = targetsAndParams,
+                                prevRunnerState = prevState.getOrElse(stateCache),
+                                logger = logger,
+                                needBuildFile = needBuildFile(config),
+                                requestedMetaLevel = config.metaLevel,
+                                config.allowPositional.value,
+                                systemExit = systemExit,
+                                streams0 = streams,
+                                selectiveExecution = config.watch.value,
+                                offline = config.offline.value
+                              ).evaluate()
+                            }
                           }
-
                         }
                       }