diff options
| author | Colin Ihrig <cjihrig@gmail.com> | 2022-05-19 17:45:09 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-19 17:45:09 -0400 |
| commit | 0a96cb62a83f1d881ebc7fd93dee1796d20f17ff (patch) | |
| tree | b474b9c3f533f6e1eef7b28e273d36b920545c20 | |
| parent | 4daf1bb81ad95652becb16f555efc48a2693cd74 (diff) | |
fix(runtime): improve permission descriptor validation (#14676)
This commit improves the permission descriptor validation by
explicitly checking for object types and using optional
chaining when creating error messages in case the descriptor
is not an object.
Fixes: https://github.com/denoland/deno/issues/14675
| -rw-r--r-- | cli/tests/unit/permissions_test.ts | 15 | ||||
| -rw-r--r-- | runtime/js/10_permissions.js | 11 |
2 files changed, 22 insertions, 4 deletions
diff --git a/cli/tests/unit/permissions_test.ts b/cli/tests/unit/permissions_test.ts index 006bad249..458ef2f28 100644 --- a/cli/tests/unit/permissions_test.ts +++ b/cli/tests/unit/permissions_test.ts @@ -71,3 +71,18 @@ Deno.test(async function permissionURL() { command: new URL(".", import.meta.url), }); }); + +Deno.test(async function permissionDescriptorValidation() { + for (const value of [undefined, null, {}]) { + for (const method of ["query", "request", "revoke"]) { + await assertRejects( + async () => { + // deno-lint-ignore no-explicit-any + await (Deno.permissions as any)[method](value as any); + }, + TypeError, + '"undefined" is not a valid permission name', + ); + } + } +}); diff --git a/runtime/js/10_permissions.js b/runtime/js/10_permissions.js index 1a9be1f27..66c68bbf0 100644 --- a/runtime/js/10_permissions.js +++ b/runtime/js/10_permissions.js @@ -149,7 +149,7 @@ * @returns {desc is Deno.PermissionDescriptor} */ function isValidDescriptor(desc) { - return desc && desc !== null && + return typeof desc === "object" && desc !== null && ArrayPrototypeIncludes(permissionNames, desc.name); } @@ -164,7 +164,8 @@ if (!isValidDescriptor(desc)) { return PromiseReject( new TypeError( - `The provided value "${desc.name}" is not a valid permission name.`, + `The provided value "${desc + ?.name}" is not a valid permission name.`, ), ); } @@ -185,7 +186,8 @@ if (!isValidDescriptor(desc)) { return PromiseReject( new TypeError( - `The provided value "${desc.name}" is not a valid permission name.`, + `The provided value "${desc + ?.name}" is not a valid permission name.`, ), ); } @@ -204,7 +206,8 @@ if (!isValidDescriptor(desc)) { return PromiseReject( new TypeError( - `The provided value "${desc.name}" is not a valid permission name.`, + `The provided value "${desc + ?.name}" is not a valid permission name.`, ), ); } |