diff options
| author | Luca Casonato <hello@lcas.dev> | 2024-09-03 11:24:25 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-03 11:24:25 +0200 |
| commit | 5cf97f539bb0c3d2bda918f53cd4a976c03b37e3 (patch) | |
| tree | 82f05b270b3df52609e3d0d6c86a768d1399e257 | |
| parent | b5695d02df75719bca0df1aae0622b22761b1533 (diff) | |
BREAKING(permissions): remove --allow-hrtime (#25367)
Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because
it is already possible to get access to high resolution timers through
workers and SharedArrayBuffer.
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
34 files changed, 30 insertions, 270 deletions
diff --git a/cli/args/flags.rs b/cli/args/flags.rs index 98db40a1e..44f97010f 100644 --- a/cli/args/flags.rs +++ b/cli/args/flags.rs @@ -619,8 +619,6 @@ pub struct PermissionFlags { pub allow_all: bool, pub allow_env: Option<Vec<String>>, pub deny_env: Option<Vec<String>>, - pub allow_hrtime: bool, - pub deny_hrtime: bool, pub allow_ffi: Option<Vec<String>>, pub deny_ffi: Option<Vec<String>>, pub allow_net: Option<Vec<String>>, @@ -641,8 +639,6 @@ impl PermissionFlags { self.allow_all || self.allow_env.is_some() || self.deny_env.is_some() - || self.allow_hrtime - || self.deny_hrtime || self.allow_ffi.is_some() || self.deny_ffi.is_some() || self.allow_net.is_some() @@ -690,8 +686,6 @@ impl PermissionFlags { allow_all: self.allow_all, allow_env: self.allow_env.clone(), deny_env: self.deny_env.clone(), - allow_hrtime: self.allow_hrtime, - deny_hrtime: self.deny_hrtime, allow_net: self.allow_net.clone(), deny_net: self.deny_net.clone(), allow_ffi: convert_option_str_to_path_buf(&self.allow_ffi, initial_cwd)?, @@ -905,14 +899,6 @@ impl Flags { _ => {} } - if self.permissions.allow_hrtime { - args.push("--allow-hrtime".to_string()); - } - - if self.permissions.deny_hrtime { - args.push("--deny-hrtime".to_string()); - } - args } @@ -996,8 +982,6 @@ impl Flags { pub fn has_permission_in_argv(&self) -> bool { self.argv.iter().any(|arg| { arg == "--allow-all" - || arg == "--allow-hrtime" - || arg == "--deny-hrtime" || arg.starts_with("--allow-env") || arg.starts_with("--deny-env") || arg.starts_with("--allow-ffi") @@ -1025,7 +1009,6 @@ impl Flags { self.permissions.allow_write = Some(vec![]); self.permissions.allow_sys = Some(vec![]); self.permissions.allow_ffi = Some(vec![]); - self.permissions.allow_hrtime = true; } pub fn resolve_watch_exclude_set( @@ -1393,7 +1376,6 @@ fn handle_repl_flags(flags: &mut Flags, repl_flags: ReplFlags) { flags.permissions.allow_sys = Some(vec![]); flags.permissions.allow_write = Some(vec![]); flags.permissions.allow_ffi = Some(vec![]); - flags.permissions.allow_hrtime = true; } flags.subcommand = DenoSubcommand::Repl(repl_flags); } @@ -3098,8 +3080,6 @@ Docs: <c>https://docs.deno.com/go/permissions</> <p(245)>--allow-run | --allow-run="whoami,ps"</> <g>--allow-ffi[=<<PATH>...]</> (Unstable) Allow loading dynamic libraries. Optionally specify allowed directories or files. <p(245)>--allow-ffi | --allow-ffi="./libfoo.so"</> - <g>--allow-hrtime</> Allow high-resolution time measurement. Note: this can enable timing attacks and fingerprinting. - <p(245)>--allow-hrtime</> <g> --deny-read[=<<PATH>...]</> Deny file system read access. Optionally specify denied paths. <p(245)>--deny-read | --deny-read="/etc,/var/log.txt"</> <g> --deny-write[=<<PATH>...]</> Deny file system write access. Optionally specify denied paths. @@ -3114,8 +3094,6 @@ Docs: <c>https://docs.deno.com/go/permissions</> <p(245)>--deny-run | --deny-run="whoami,ps"</> <g>--deny-ffi[=<<PATH>...]</> (Unstable) Deny loading dynamic libraries. Optionally specify denied directories or files. <p(245)>--deny-ffi | --deny-ffi="./libfoo.so"</> - <g>--deny-hrtime</> Deny high-resolution time measurement. - <p(245)>--deny-hrtime</> "#)) .arg( Arg::new("allow-all") @@ -3312,14 +3290,14 @@ Docs: <c>https://docs.deno.com/go/permissions</> Arg::new("allow-hrtime") .long("allow-hrtime") .action(ArgAction::SetTrue) - .help("Allow high-resolution time measurement. Note: this can enable timing attacks and fingerprinting") + .help("REMOVED in Deno 2.0") .hide(true), ) .arg( Arg::new("deny-hrtime") .long("deny-hrtime") .action(ArgAction::SetTrue) - .help("Deny high-resolution time measurement. Note: this can prevent timing attacks and fingerprinting") + .help("REMOVED in Deno 2.0") .hide(true), ) .arg( @@ -4802,12 +4780,8 @@ fn permission_args_parse(flags: &mut Flags, matches: &mut ArgMatches) { debug!("ffi denylist: {:#?}", &flags.permissions.deny_ffi); } - if matches.get_flag("allow-hrtime") { - flags.permissions.allow_hrtime = true; - } - - if matches.get_flag("deny-hrtime") { - flags.permissions.deny_hrtime = true; + if matches.get_flag("allow-hrtime") || matches.get_flag("deny-hrtime") { + log::warn!("⚠️ Warning: `allow-hrtime` and `deny-hrtime` have been removed in Deno 2, as high resolution time is now always allowed."); } if matches.get_flag("allow-all") { @@ -5784,7 +5758,6 @@ mod tests { allow_sys: Some(vec![]), allow_write: Some(vec![]), allow_ffi: Some(vec![]), - allow_hrtime: true, ..Default::default() }, code_cache_enabled: true, @@ -5857,44 +5830,6 @@ mod tests { } #[test] - fn allow_hrtime() { - let r = flags_from_vec(svec!["deno", "run", "--allow-hrtime", "gist.ts"]); - assert_eq!( - r.unwrap(), - Flags { - subcommand: DenoSubcommand::Run(RunFlags::new_default( - "gist.ts".to_string(), - )), - permissions: PermissionFlags { - allow_hrtime: true, - ..Default::default() - }, - code_cache_enabled: true, - ..Flags::default() - } - ); - } - - #[test] - fn deny_hrtime() { - let r = flags_from_vec(svec!["deno", "run", "--deny-hrtime", "gist.ts"]); - assert_eq!( - r.unwrap(), - Flags { - subcommand: DenoSubcommand::Run(RunFlags::new_default( - "gist.ts".to_string(), - )), - permissions: PermissionFlags { - deny_hrtime: true, - ..Default::default() - }, - code_cache_enabled: true, - ..Flags::default() - } - ); - } - - #[test] fn double_hyphen() { // notice that flags passed after double dash will not // be parsed to Flags but instead forwarded to @@ -6717,7 +6652,6 @@ mod tests { allow_sys: Some(vec![]), allow_write: Some(vec![]), allow_ffi: Some(vec![]), - allow_hrtime: true, ..Default::default() }, ..Flags::default() @@ -6744,7 +6678,6 @@ mod tests { allow_sys: Some(vec![]), allow_write: Some(vec![]), allow_ffi: Some(vec![]), - allow_hrtime: true, ..Default::default() }, ..Flags::default() @@ -6776,7 +6709,6 @@ mod tests { allow_sys: Some(vec![]), allow_write: Some(vec![]), allow_ffi: Some(vec![]), - allow_hrtime: true, ..Default::default() }, ext: Some("ts".to_string()), @@ -6817,7 +6749,6 @@ mod tests { allow_sys: Some(vec![]), allow_write: Some(vec![]), allow_ffi: Some(vec![]), - allow_hrtime: true, ..Default::default() }, env_file: Some(".example.env".to_owned()), @@ -6852,7 +6783,6 @@ mod tests { allow_sys: Some(vec![]), allow_write: Some(vec![]), allow_ffi: Some(vec![]), - allow_hrtime: true, ..Default::default() }, ..Flags::default() @@ -6886,7 +6816,6 @@ mod tests { deny_write: None, allow_ffi: Some(vec![]), deny_ffi: None, - allow_hrtime: true, ..Default::default() }, ..Flags::default() @@ -6940,7 +6869,6 @@ mod tests { allow_sys: Some(vec![]), allow_write: Some(vec![]), allow_ffi: Some(vec![]), - allow_hrtime: true, ..Default::default() }, env_file: Some(".example.env".to_owned()), @@ -10312,7 +10240,6 @@ mod tests { allow_sys: Some(vec![]), allow_write: Some(vec![]), allow_ffi: Some(vec![]), - allow_hrtime: true, ..Default::default() }, ..Flags::default() diff --git a/cli/tsc/dts/lib.deno.ns.d.ts b/cli/tsc/dts/lib.deno.ns.d.ts index 0e1cd00ab..dd245b613 100644 --- a/cli/tsc/dts/lib.deno.ns.d.ts +++ b/cli/tsc/dts/lib.deno.ns.d.ts @@ -553,15 +553,6 @@ declare namespace Deno { */ sys?: "inherit" | boolean | string[]; - /** Specifies if the `hrtime` permission should be requested or revoked. - * If set to `"inherit"`, the current `hrtime` permission will be inherited. - * If set to `true`, the global `hrtime` permission will be requested. - * If set to `false`, the global `hrtime` permission will be revoked. - * - * @default {false} - */ - hrtime?: "inherit" | boolean; - /** Specifies if the `net` permission should be requested or revoked. * if set to `"inherit"`, the current `net` permission will be inherited. * if set to `true`, the global `net` permission will be requested. @@ -4741,8 +4732,7 @@ declare namespace Deno { | "net" | "env" | "sys" - | "ffi" - | "hrtime"; + | "ffi"; /** The current status of the permission: * @@ -4873,17 +4863,6 @@ declare namespace Deno { path?: string | URL; } - /** The permission descriptor for the `allow-hrtime` and `deny-hrtime` permissions, which - * controls if the runtime code has access to high resolution time. High - * resolution time is considered sensitive information, because it can be used - * by malicious code to gain information about the host that it might not - * otherwise have access to. - * - * @category Permissions */ - export interface HrtimePermissionDescriptor { - name: "hrtime"; - } - /** Permission descriptors which define a permission and can be queried, * requested, or revoked. * @@ -4899,8 +4878,7 @@ declare namespace Deno { | NetPermissionDescriptor | EnvPermissionDescriptor | SysPermissionDescriptor - | FfiPermissionDescriptor - | HrtimePermissionDescriptor; + | FfiPermissionDescriptor; /** The interface which defines what event types are supported by * {@linkcode PermissionStatus} instances. diff --git a/cli/tsc/dts/lib.deno.shared_globals.d.ts b/cli/tsc/dts/lib.deno.shared_globals.d.ts index 1521cf12d..6727e42f1 100644 --- a/cli/tsc/dts/lib.deno.shared_globals.d.ts +++ b/cli/tsc/dts/lib.deno.shared_globals.d.ts @@ -593,16 +593,12 @@ declare interface Performance extends EventTarget { endMark?: string, ): PerformanceMeasure; - /** Returns a current time from Deno's start in milliseconds. - * - * Use the permission flag `--allow-hrtime` to return a precise value. + /** Returns a current time from Deno's start in fractional milliseconds. * * ```ts * const t = performance.now(); * console.log(`${t} ms since start!`); * ``` - * - * @tags allow-hrtime */ now(): number; diff --git a/ext/web/timers.rs b/ext/web/timers.rs index 648be5715..a9ab7c97e 100644 --- a/ext/web/timers.rs +++ b/ext/web/timers.rs @@ -13,7 +13,7 @@ pub trait TimersPermission { impl TimersPermission for deno_permissions::PermissionsContainer { #[inline(always)] fn allow_hrtime(&mut self) -> bool { - deno_permissions::PermissionsContainer::allow_hrtime(self) + true } } diff --git a/runtime/js/10_permissions.js b/runtime/js/10_permissions.js index f2b3fba00..ff5abc01d 100644 --- a/runtime/js/10_permissions.js +++ b/runtime/js/10_permissions.js @@ -37,7 +37,7 @@ const illegalConstructorKey = Symbol("illegalConstructorKey"); * @property {boolean} partial */ -/** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "sys" | "run" | "ffi" | "hrtime">} */ +/** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "sys" | "run" | "ffi">} */ const permissionNames = [ "read", "write", @@ -46,7 +46,6 @@ const permissionNames = [ "sys", "run", "ffi", - "hrtime", ]; /** @@ -282,7 +281,7 @@ function serializePermissions(permissions) { } } for ( - const key of new SafeArrayIterator(["env", "hrtime", "net", "sys"]) + const key of new SafeArrayIterator(["env", "net", "sys"]) ) { if (ArrayIsArray(permissions[key])) { serializedPermissions[key] = ArrayPrototypeSlice(permissions[key]); diff --git a/runtime/ops/permissions.rs b/runtime/ops/permissions.rs index c15e7d013..9ac9205e9 100644 --- a/runtime/ops/permissions.rs +++ b/runtime/ops/permissions.rs @@ -73,7 +73,6 @@ pub fn op_query_permission( .query(args.kind.as_deref().map(parse_sys_kind).transpose()?), "run" => permissions.run.query(args.command.as_deref()), "ffi" => permissions.ffi.query(args.path.as_deref().map(Path::new)), - "hrtime" => permissions.hrtime.query(), n => { return Err(custom_error( "ReferenceError", @@ -108,7 +107,6 @@ pub fn op_revoke_permission( .revoke(args.kind.as_deref().map(parse_sys_kind).transpose()?), "run" => permissions.run.revoke(args.command.as_deref()), "ffi" => permissions.ffi.revoke(args.path.as_deref().map(Path::new)), - "hrtime" => permissions.hrtime.revoke(), n => { return Err(custom_error( "ReferenceError", @@ -143,7 +141,6 @@ pub fn op_request_permission( .request(args.kind.as_deref().map(parse_sys_kind).transpose()?), "run" => permissions.run.request(args.command.as_deref()), "ffi" => permissions.ffi.request(args.path.as_deref().map(Path::new)), - "hrtime" => permissions.hrtime.request(), n => { return Err(custom_error( "ReferenceError", diff --git a/runtime/permissions/lib.rs b/runtime/permissions/lib.rs index 55a94d909..7227bebf8 100644 --- a/runtime/permissions/lib.rs +++ b/runtime/permissions/lib.rs @@ -1416,7 +1416,6 @@ pub struct Permissions { pub run: UnaryPermission<RunDescriptor>, pub ffi: UnaryPermission<FfiDescriptor>, pub all: UnitPermission, - pub hrtime: UnitPermission, } #[derive(Clone, Debug, Eq, PartialEq, Default, Serialize, Deserialize)] @@ -1424,8 +1423,6 @@ pub struct PermissionsOptions { pub allow_all: bool, pub allow_env: Option<Vec<String>>, pub deny_env: Option<Vec<String>>, - pub allow_hrtime: bool, - pub deny_hrtime: bool, pub allow_net: Option<Vec<String>>, pub deny_net: Option<Vec<String>>, pub allow_ffi: Option<Vec<PathBuf>>, @@ -1460,19 +1457,6 @@ impl Permissions { }) } - pub const fn new_hrtime( - allow_state: bool, - deny_state: bool, - ) -> UnitPermission { - unit_permission_from_flag_bools( - allow_state, - deny_state, - "hrtime", - "high precision time", - false, // never prompt for hrtime - ) - } - pub const fn new_all(allow_state: bool) -> UnitPermission { unit_permission_from_flag_bools( allow_state, @@ -1521,7 +1505,6 @@ impl Permissions { opts.prompt, )?, all: Permissions::new_all(opts.allow_all), - hrtime: Permissions::new_hrtime(opts.allow_hrtime, opts.deny_hrtime), }) } @@ -1536,7 +1519,6 @@ impl Permissions { run: UnaryPermission::allow_all(), ffi: UnaryPermission::allow_all(), all: Permissions::new_all(true), - hrtime: Permissions::new_hrtime(true, false), } } @@ -1560,7 +1542,6 @@ impl Permissions { run: Permissions::new_unary(&None, &None, prompt).unwrap(), ffi: Permissions::new_unary(&None, &None, prompt).unwrap(), all: Permissions::new_all(false), - hrtime: Permissions::new_hrtime(false, false), } } @@ -1598,11 +1579,6 @@ impl PermissionsContainer { Self(Arc::new(Mutex::new(perms))) } - #[inline(always)] - pub fn allow_hrtime(&mut self) -> bool { - self.0.lock().hrtime.check().is_ok() - } - pub fn allow_all() -> Self { Self::new(Permissions::allow_all()) } @@ -2115,7 +2091,6 @@ impl<'de> Deserialize<'de> for ChildUnaryPermissionArg { #[derive(Debug, Eq, PartialEq)] pub struct ChildPermissionsArg { env: ChildUnaryPermissionArg, - hrtime: ChildUnitPermissionArg, net: ChildUnaryPermissionArg, ffi: ChildUnaryPermissionArg, read: ChildUnaryPermissionArg, @@ -2128,7 +2103,6 @@ impl ChildPermissionsArg { pub fn inherit() -> Self { ChildPermissionsArg { env: ChildUnaryPermissionArg::Inherit, - hrtime: ChildUnitPermissionArg::Inherit, net: ChildUnaryPermissionArg::Inherit, ffi: ChildUnaryPermissionArg::Inherit, read: ChildUnaryPermissionArg::Inherit, @@ -2141,7 +2115,6 @@ impl ChildPermissionsArg { pub fn none() -> Self { ChildPermissionsArg { env: ChildUnaryPermissionArg::NotGranted, - hrtime: ChildUnitPermissionArg::NotGranted, net: ChildUnaryPermissionArg::NotGranted, ffi: ChildUnaryPermissionArg::NotGranted, read: ChildUnaryPermissionArg::NotGranted, @@ -2198,11 +2171,6 @@ impl<'de> Deserialize<'de> for ChildPermissionsArg { child_permissions_arg.env = arg.map_err(|e| { de::Error::custom(format!("(deno.permissions.env) {e}")) })?; - } else if key == "hrtime" { - let arg = serde_json::from_value::<ChildUnitPermissionArg>(value); - child_permissions_arg.hrtime = arg.map_err(|e| { - de::Error::custom(format!("(deno.permissions.hrtime) {e}")) - })?; } else if key == "net" { let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value); child_permissions_arg.net = arg.map_err(|e| { @@ -2258,13 +2226,6 @@ pub fn create_child_permissions( } } - fn is_granted_unit(arg: &ChildUnitPermissionArg) -> bool { - match arg { - ChildUnitPermissionArg::Inherit | ChildUnitPermissionArg::Granted => true, - ChildUnitPermissionArg::NotGranted => false, - } - } - let mut worker_perms = Permissions::none_without_prompt(); worker_perms.all = main_perms @@ -2282,9 +2243,7 @@ pub fn create_child_permissions( &child_permissions_arg.run, &child_permissions_arg.ffi, ]; - let unit_perms = [&child_permissions_arg.hrtime]; - let allow_all = unary_perms.into_iter().all(is_granted_unary) - && unit_perms.into_iter().all(is_granted_unit); + let allow_all = unary_perms.into_iter().all(is_granted_unary); if !allow_all { worker_perms.all.revoke(); } @@ -2313,9 +2272,6 @@ pub fn create_child_permissions( worker_perms.ffi = main_perms .ffi .create_child_permissions(child_permissions_arg.ffi)?; - worker_perms.hrtime = main_perms - .hrtime - .create_child_permissions(child_permissions_arg.hrtime)?; Ok(worker_perms) } @@ -2747,7 +2703,6 @@ mod tests { .unwrap(), run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(), all: Permissions::new_all(false), - hrtime: Permissions::new_hrtime(false, false), }; let perms3 = Permissions { read: Permissions::new_unary( @@ -2775,7 +2730,6 @@ mod tests { .unwrap(), run: Permissions::new_unary(&None, &Some(svec!["deno"]), false).unwrap(), all: Permissions::new_all(false), - hrtime: Permissions::new_hrtime(false, true), }; let perms4 = Permissions { read: Permissions::new_unary( @@ -2813,7 +2767,6 @@ mod tests { run: Permissions::new_unary(&Some(vec![]), &Some(svec!["deno"]), false) .unwrap(), all: Permissions::new_all(false), - hrtime: Permissions::new_hrtime(true, true), }; #[rustfmt::skip] { @@ -2889,10 +2842,6 @@ mod tests { assert_eq!(perms4.run.query(None), PermissionState::GrantedPartial); assert_eq!(perms4.run.query(Some("deno")), PermissionState::Denied); assert_eq!(perms4.run.query(Some("node")), PermissionState::Granted); - assert_eq!(perms1.hrtime.query(), PermissionState::Granted); - assert_eq!(perms2.hrtime.query(), PermissionState::Prompt); - assert_eq!(perms3.hrtime.query(), PermissionState::Denied); - assert_eq!(perms4.hrtime.query(), PermissionState::Denied); }; } @@ -2937,10 +2886,6 @@ mod tests { assert_eq!(perms.run.query(None), PermissionState::Prompt); prompt_value.set(false); assert_eq!(perms.run.request(Some("deno")), PermissionState::Granted); - prompt_value.set(false); - assert_eq!(perms.hrtime.request(), PermissionState::Denied); - prompt_value.set(true); - assert_eq!(perms.hrtime.request(), PermissionState::Denied); }; } @@ -2977,7 +2922,6 @@ mod tests { .unwrap(), run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(), all: Permissions::new_all(false), - hrtime: Permissions::new_hrtime(false, true), }; #[rustfmt::skip] { @@ -2996,7 +2940,6 @@ mod tests { assert_eq!(perms.env.revoke(Some("HOME")), PermissionState::Prompt); assert_eq!(perms.env.revoke(Some("hostname")), PermissionState::Prompt); assert_eq!(perms.run.revoke(Some("deno")), PermissionState::Prompt); - assert_eq!(perms.hrtime.revoke(), PermissionState::Denied); }; } @@ -3080,8 +3023,6 @@ mod tests { prompt_value.set(false); assert!(perms.env.check("hostname", None).is_ok()); assert!(perms.env.check("osRelease", None).is_err()); - - assert!(perms.hrtime.check().is_err()); } #[test] @@ -3183,11 +3124,6 @@ mod tests { assert!(perms.sys.check("osRelease", None).is_ok()); prompt_value.set(false); assert!(perms.sys.check("osRelease", None).is_ok()); - - prompt_value.set(false); - assert!(perms.hrtime.check().is_err()); - prompt_value.set(true); - assert!(perms.hrtime.check().is_err()); } #[test] @@ -3278,7 +3214,6 @@ mod tests { ChildPermissionsArg::inherit(), ChildPermissionsArg { env: ChildUnaryPermissionArg::Inherit, - hrtime: ChildUnitPermissionArg::Inherit, net: ChildUnaryPermissionArg::Inherit, ffi: ChildUnaryPermissionArg::Inherit, read: ChildUnaryPermissionArg::Inherit, @@ -3291,7 +3226,6 @@ mod tests { ChildPermissionsArg::none(), ChildPermissionsArg { env: ChildUnaryPermissionArg::NotGranted, - hrtime: ChildUnitPermissionArg::NotGranted, net: ChildUnaryPermissionArg::NotGranted, ffi: ChildUnaryPermissionArg::NotGranted, read: ChildUnaryPermissionArg::NotGranted, @@ -3324,26 +3258,6 @@ mod tests { ); assert_eq!( serde_json::from_value::<ChildPermissionsArg>(json!({ - "hrtime": true, - })) - .unwrap(), - ChildPermissionsArg { - hrtime: ChildUnitPermissionArg::Granted, - ..ChildPermissionsArg::none() - } - ); - assert_eq!( - serde_json::from_value::<ChildPermissionsArg>(json!({ - "hrtime": false, - })) - .unwrap(), - ChildPermissionsArg { - hrtime: ChildUnitPermissionArg::NotGranted, - ..ChildPermissionsArg::none() - } - ); - assert_eq!( - serde_json::from_value::<ChildPermissionsArg>(json!({ "env": true, "net": true, "ffi": true, @@ -3361,7 +3275,6 @@ mod tests { run: ChildUnaryPermissionArg::Granted, sys: ChildUnaryPermissionArg::Granted, write: ChildUnaryPermissionArg::Granted, - ..ChildPermissionsArg::none() } ); assert_eq!( @@ -3383,7 +3296,6 @@ mod tests { run: ChildUnaryPermissionArg::NotGranted, sys: ChildUnaryPermissionArg::NotGranted, write: ChildUnaryPermissionArg::NotGranted, - ..ChildPermissionsArg::none() } ); assert_eq!( @@ -3421,7 +3333,6 @@ mod tests { "foo", "file:///bar/baz" ]), - ..ChildPermissionsArg::none() } ); } @@ -3431,7 +3342,6 @@ mod tests { set_prompter(Box::new(TestPrompter)); let mut main_perms = Permissions { env: Permissions::new_unary(&Some(vec![]), &None, false).unwrap(), - hrtime: Permissions::new_hrtime(true, false), net: Permissions::new_unary(&Some(svec!["foo", "bar"]), &None, false) .unwrap(), ..Permissions::none_without_prompt() @@ -3441,7 +3351,6 @@ mod tests { &mut main_perms.clone(), ChildPermissionsArg { env: ChildUnaryPermissionArg::Inherit, - hrtime: ChildUnitPermissionArg::NotGranted, net: ChildUnaryPermissionArg::GrantedList(svec!["foo"]), ffi: ChildUnaryPermissionArg::NotGranted, ..ChildPermissionsArg::none() diff --git a/tests/integration/run_tests.rs b/tests/integration/run_tests.rs index 79dc397e0..841ef2d18 100644 --- a/tests/integration/run_tests.rs +++ b/tests/integration/run_tests.rs @@ -153,11 +153,6 @@ itest!(_023_no_ext { output: "run/023_no_ext.out", }); -itest!(_025_hrtime { - args: "run --quiet --allow-hrtime --reload run/025_hrtime.ts", - output: "run/025_hrtime.ts.out", -}); - itest!(_025_reload_js_type_error { args: "run --quiet --reload run/025_reload_js_type_error.js", output: "run/025_reload_js_type_error.js.out", @@ -735,12 +730,12 @@ fn permission_request_long() { } itest!(deny_all_permission_args { - args: "run --deny-env --deny-read --deny-write --deny-ffi --deny-run --deny-sys --deny-net --deny-hrtime run/deny_all_permission_args.js", + args: "run --deny-env --deny-read --deny-write --deny-ffi --deny-run --deny-sys --deny-net run/deny_all_permission_args.js", output: "run/deny_all_permission_args.out", }); itest!(deny_some_permission_args { - args: "run --allow-env --deny-env=FOO --allow-read --deny-read=/foo --allow-write --deny-write=/foo --allow-ffi --deny-ffi=/foo --allow-run --deny-run=foo --allow-sys --deny-sys=hostname --allow-net --deny-net=127.0.0.1 --allow-hrtime --deny-hrtime run/deny_some_permission_args.js", + args: "run --allow-env --deny-env=FOO --allow-read --deny-read=/foo --allow-write --deny-write=/foo --allow-ffi --deny-ffi=/foo --allow-run --deny-run=foo --allow-sys --deny-sys=hostname --allow-net --deny-net=127.0.0.1 run/deny_some_permission_args.js", output: "run/deny_some_permission_args.out", }); diff --git a/tests/specs/bench/allow_all/allow_all.out b/tests/specs/bench/allow_all/allow_all.out index 4cc0f4204..b7d245de6 100644 --- a/tests/specs/bench/allow_all/allow_all.out +++ b/tests/specs/bench/allow_all/allow_all.out @@ -5,8 +5,8 @@ Runtime | Deno [WILDLINE] ([WILDLINE]) [WILDLINE]/allow_all.ts -benchmark time/iter (avg) iter/s (min … max) p75 p99 p995 --------------- ----------------------------- --------------------- -------------------------- +benchmark time/iter (avg) iter/s (min … max) p75 p99 p995 +------------- ----------------------------- --------------------- -------------------------- read false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] read true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] write false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] @@ -19,6 +19,4 @@ run false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE run true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] ffi false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] ffi true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] -hrtime false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] -hrtime true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] diff --git a/tests/specs/bench/allow_all/allow_all.ts b/tests/specs/bench/allow_all/allow_all.ts index 9747fb414..04dca8926 100644 --- a/tests/specs/bench/allow_all/allow_all.ts +++ b/tests/specs/bench/allow_all/allow_all.ts @@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [ "env", "run", "ffi", - "hrtime", ]; for (const name of permissions) { diff --git a/tests/specs/bench/allow_none/allow_none.out b/tests/specs/bench/allow_none/allow_none.out index 82bc7cc03..d92fb1469 100644 --- a/tests/specs/bench/allow_none/allow_none.out +++ b/tests/specs/bench/allow_none/allow_none.out @@ -18,6 +18,4 @@ run error: PermissionDenied: Can't escalate parent thread permissions [WILDCARD] ffi error: PermissionDenied: Can't escalate parent thread permissions [WILDCARD] -hrtime error: PermissionDenied: Can't escalate parent thread permissions -[WILDCARD] error: Bench failed diff --git a/tests/specs/bench/allow_none/allow_none.ts b/tests/specs/bench/allow_none/allow_none.ts index 77f86f256..59007ecb0 100644 --- a/tests/specs/bench/allow_none/allow_none.ts +++ b/tests/specs/bench/allow_none/allow_none.ts @@ -5,7 +5,6 @@ const permissions: Deno.PermissionName[] = [ "env", "run", "ffi", - "hrtime", ]; for (const name of permissions) { diff --git a/tests/specs/bench/ignore_permissions/ignore_permissions.ts b/tests/specs/bench/ignore_permissions/ignore_permissions.ts index 0dcd9299f..62f939015 100644 --- a/tests/specs/bench/ignore_permissions/ignore_permissions.ts +++ b/tests/specs/bench/ignore_permissions/ignore_permissions.ts @@ -7,7 +7,6 @@ Deno.bench({ env: true, run: true, ffi: true, - hrtime: true, }, ignore: true, fn() { diff --git a/tests/testdata/bench/allow_all.out b/tests/testdata/bench/allow_all.out index fc395493c..0aba21914 100644 --- a/tests/testdata/bench/allow_all.out +++ b/tests/testdata/bench/allow_all.out @@ -18,5 +18,3 @@ run false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD run true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD] ffi false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD] ffi true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD] -hrtime false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD] -hrtime true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD] diff --git a/tests/testdata/bench/allow_none.out b/tests/testdata/bench/allow_none.out index 0acf74691..9499e234a 100644 --- a/tests/testdata/bench/allow_none.out +++ b/tests/testdata/bench/allow_none.out @@ -18,6 +18,4 @@ run error: PermissionDenied: Can't escalate parent thread permissions [WILDCARD] ffi error: PermissionDenied: Can't escalate parent thread permissions [WILDCARD] -hrtime error: PermissionDenied: Can't escalate parent thread permissions -[WILDCARD] error: Bench failed diff --git a/tests/testdata/run/025_hrtime.ts b/tests/testdata/run/025_hrtime.ts deleted file mode 100644 index 7e69b0ddf..000000000 --- a/tests/testdata/run/025_hrtime.ts +++ /dev/null @@ -1,5 +0,0 @@ -globalThis.onload = async () => { - console.log(performance.now() % 2 !== 0); - await Deno.permissions.revoke({ name: "hrtime" }); - console.log(performance.now() % 2 === 0); -}; diff --git a/tests/testdata/run/025_hrtime.ts.out b/tests/testdata/run/025_hrtime.ts.out deleted file mode 100644 index bb101b641..000000000 --- a/tests/testdata/run/025_hrtime.ts.out +++ /dev/null @@ -1,2 +0,0 @@ -true -true diff --git a/tests/testdata/run/deny_all_permission_args.js b/tests/testdata/run/deny_all_permission_args.js index b0ca864fb..c63d2c362 100644 --- a/tests/testdata/run/deny_all_permission_args.js +++ b/tests/testdata/run/deny_all_permission_args.js @@ -5,4 +5,3 @@ console.log(Deno.permissions.querySync({ name: "ffi" })); console.log(Deno.permissions.querySync({ name: "run" })); console.log(Deno.permissions.querySync({ name: "sys" })); console.log(Deno.permissions.querySync({ name: "net" })); -console.log(Deno.permissions.querySync({ name: "hrtime" })); diff --git a/tests/testdata/run/deny_all_permission_args.out b/tests/testdata/run/deny_all_permission_args.out index 2a5228d62..de6f687f4 100644 --- a/tests/testdata/run/deny_all_permission_args.out +++ b/tests/testdata/run/deny_all_permission_args.out @@ -5,4 +5,3 @@ PermissionStatus { state: "denied", onchange: null } PermissionStatus { state: "denied", onchange: null } PermissionStatus { state: "denied", onchange: null } PermissionStatus { state: "denied", onchange: null } -PermissionStatus { state: "denied", onchange: null } diff --git a/tests/testdata/run/deny_some_permission_args.js b/tests/testdata/run/deny_some_permission_args.js index 320376b6f..357dda238 100644 --- a/tests/testdata/run/deny_some_permission_args.js +++ b/tests/testdata/run/deny_some_permission_args.js @@ -19,4 +19,3 @@ console.log(Deno.permissions.querySync({ name: "sys", kind: "loadavg" })); console.log(Deno.permissions.querySync({ name: "net" })); console.log(Deno.permissions.querySync({ name: "net", host: "127.0.0.1" })); console.log(Deno.permissions.querySync({ name: "net", host: "192.168.0.1" })); -console.log(Deno.permissions.querySync({ name: "hrtime" })); diff --git a/tests/testdata/run/deny_some_permission_args.out b/tests/testdata/run/deny_some_permission_args.out index 80c37159b..abb5274ee 100644 --- a/tests/testdata/run/deny_some_permission_args.out +++ b/tests/testdata/run/deny_some_permission_args.out @@ -19,4 +19,3 @@ PermissionStatus { state: "granted", onchange: null } PermissionStatus { state: "granted", onchange: null, partial: true } PermissionStatus { state: "denied", onchange: null } PermissionStatus { state: "granted", onchange: null } -PermissionStatus { state: "denied", onchange: null } diff --git a/tests/testdata/test/allow_all.out b/tests/testdata/test/allow_all.out index 8b783b823..b3bf5275f 100644 --- a/tests/testdata/test/allow_all.out +++ b/tests/testdata/test/allow_all.out @@ -1,5 +1,5 @@ [WILDCARD] -running 14 tests from [WILDCARD] +running 12 tests from [WILDCARD] read false ... ok [WILDCARD] read true ... ok [WILDCARD] write false ... ok [WILDCARD] @@ -12,7 +12,5 @@ run false ... ok [WILDCARD] run true ... ok [WILDCARD] ffi false ... ok [WILDCARD] ffi true ... ok [WILDCARD] -hrtime false ... ok [WILDCARD] -hrtime true ... ok [WILDCARD] -ok | 14 passed | 0 failed [WILDCARD] +ok | 12 passed | 0 failed [WILDCARD] diff --git a/tests/testdata/test/allow_all.ts b/tests/testdata/test/allow_all.ts index 01341d9e5..7faa58c61 100644 --- a/tests/testdata/test/allow_all.ts +++ b/tests/testdata/test/allow_all.ts @@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [ "env", "run", "ffi", - "hrtime", ]; for (const name of permissions) { diff --git a/tests/testdata/test/allow_none.out b/tests/testdata/test/allow_none.out index aaa467344..aaea9aea3 100644 --- a/tests/testdata/test/allow_none.out +++ b/tests/testdata/test/allow_none.out @@ -1,12 +1,11 @@ [WILDCARD] -running 7 tests from [WILDCARD] +running 6 tests from [WILDCARD] read ... FAILED [WILDCARD] write ... FAILED [WILDCARD] net ... FAILED [WILDCARD] env ... FAILED [WILDCARD] run ... FAILED [WILDCARD] ffi ... FAILED [WILDCARD] -hrtime ... FAILED [WILDCARD] ERRORS @@ -34,10 +33,6 @@ ffi => ./test/allow_none.ts:[WILDCARD] error: PermissionDenied: Can't escalate parent thread permissions [WILDCARD] -hrtime => ./test/allow_none.ts:[WILDCARD] -error: PermissionDenied: Can't escalate parent thread permissions -[WILDCARD] - FAILURES read => ./test/allow_none.ts:[WILDCARD] @@ -46,6 +41,5 @@ net => ./test/allow_none.ts:[WILDCARD] env => ./test/allow_none.ts:[WILDCARD] run => ./test/allow_none.ts:[WILDCARD] ffi => ./test/allow_none.ts:[WILDCARD] -hrtime => ./test/allow_none.ts:[WILDCARD] -FAILED | 0 passed | 7 failed [WILDCARD] +FAILED | 0 passed | 6 failed [WILDCARD] diff --git a/tests/testdata/test/allow_none.ts b/tests/testdata/test/allow_none.ts index 17a6f4014..e59a30c4d 100644 --- a/tests/testdata/test/allow_none.ts +++ b/tests/testdata/test/allow_none.ts @@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [ "env", "run", "ffi", - "hrtime", ]; for (const name of permissions) { diff --git a/tests/testdata/test/ignore_permissions.ts b/tests/testdata/test/ignore_permissions.ts index ff3084441..e9ade6dfe 100644 --- a/tests/testdata/test/ignore_permissions.ts +++ b/tests/testdata/test/ignore_permissions.ts @@ -7,7 +7,6 @@ Deno.test({ env: true, run: true, ffi: true, - hrtime: true, }, ignore: true, fn() { diff --git a/tests/testdata/workers/no_permissions_worker.js b/tests/testdata/workers/no_permissions_worker.js index f49f690ab..505f3b925 100644 --- a/tests/testdata/workers/no_permissions_worker.js +++ b/tests/testdata/workers/no_permissions_worker.js @@ -1,13 +1,11 @@ self.onmessage = async () => { - const hrtime = await Deno.permissions.query({ name: "hrtime" }); const net = await Deno.permissions.query({ name: "net" }); const ffi = await Deno.permissions.query({ name: "ffi" }); const read = await Deno.permissions.query({ name: "read" }); const run = await Deno.permissions.query({ name: "run" }); const write = await Deno.permissions.query({ name: "write" }); self.postMessage( - hrtime.state === "prompt" && - net.state === "prompt" && + net.state === "prompt" && ffi.state === "prompt" && read.state === "prompt" && run.state === "prompt" && diff --git a/tests/testdata/workers/permission_echo.js b/tests/testdata/workers/permission_echo.js index f492a25f2..501eaf2ca 100644 --- a/tests/testdata/workers/permission_echo.js +++ b/tests/testdata/workers/permission_echo.js @@ -1,7 +1,6 @@ self.onmessage = async () => { const env = await Deno.permissions.query({ name: "env" }); const ffi = await Deno.permissions.query({ name: "ffi" }); - const hrtime = await Deno.permissions.query({ name: "hrtime" }); const net = await Deno.permissions.query({ name: "net" }); const read = await Deno.permissions.query({ name: "read" }); const run = await Deno.permissions.query({ name: "run" }); @@ -9,7 +8,6 @@ self.onmessage = async () => { self.postMessage({ env: env.state, ffi: ffi.state, - hrtime: hrtime.state, net: net.state, read: read.state, run: run.state, diff --git a/tests/testdata/workers/read_check_granular_worker.js b/tests/testdata/workers/read_check_granular_worker.js index d40fac876..7f2d0f717 100644 --- a/tests/testdata/workers/read_check_granular_worker.js +++ b/tests/testdata/workers/read_check_granular_worker.js @@ -3,7 +3,6 @@ postMessage({ envGlobal: (await Deno.permissions.query({ name: "env" })).state, envFoo: (await Deno.permissions.query({ name: "env", variable: "foo" })).state, envAbsent: (await Deno.permissions.query({ name: "env", variable: "absent" })).state, - hrtime: (await Deno.permissions.query({ name: "hrtime" })).state, netGlobal: (await Deno.permissions.query({ name: "net" })).state, netFoo: (await Deno.permissions.query({ name: "net", host: "foo" })).state, netFoo8000: (await Deno.permissions.query({ name: "net", host: "foo:8000" })).state, diff --git a/tests/unit/files_test.ts b/tests/unit/files_test.ts index fb45e3ad6..c9c3c0110 100644 --- a/tests/unit/files_test.ts +++ b/tests/unit/files_test.ts @@ -782,14 +782,14 @@ Deno.test({ permissions: { read: true } }, function fsFileIsTerminal() { }); Deno.test( - { permissions: { read: true, run: true, hrtime: true } }, + { permissions: { read: true, run: true } }, async function fsFileLockFileSync() { await runFlockTests({ sync: true }); }, ); Deno.test( - { permissions: { read: true, run: true, hrtime: true } }, + { permissions: { read: true, run: true } }, async function fsFileLockFileAsync() { await runFlockTests({ sync: false }); }, diff --git a/tests/unit/performance_test.ts b/tests/unit/performance_test.ts index 0c9ed21df..93af641ad 100644 --- a/tests/unit/performance_test.ts +++ b/tests/unit/performance_test.ts @@ -7,7 +7,7 @@ import { assertThrows, } from "./test_util.ts"; -Deno.test({ permissions: { hrtime: false } }, async function performanceNow() { +Deno.test({ permissions: {} }, async function performanceNow() { const { promise, resolve } = Promise.withResolvers<void>(); const start = performance.now(); let totalTime = 0; diff --git a/tests/unit/permissions_test.ts b/tests/unit/permissions_test.ts index 4dab0696a..e18b0c8f2 100644 --- a/tests/unit/permissions_test.ts +++ b/tests/unit/permissions_test.ts @@ -70,7 +70,7 @@ Deno.test(function permissionSysInvalidKindSync() { }); Deno.test(async function permissionQueryReturnsEventTarget() { - const status = await Deno.permissions.query({ name: "hrtime" }); + const status = await Deno.permissions.query({ name: "read", path: "." }); assert(["granted", "denied", "prompt"].includes(status.state)); let called = false; status.addEventListener("change", () => { @@ -78,11 +78,13 @@ Deno.test(async function permissionQueryReturnsEventTarget() { }); status.dispatchEvent(new Event("change")); assert(called); - assert(status === (await Deno.permissions.query({ name: "hrtime" }))); + assert( + status === (await Deno.permissions.query({ name: "read", path: "." })), + ); }); Deno.test(function permissionQueryReturnsEventTargetSync() { - const status = Deno.permissions.querySync({ name: "hrtime" }); + const status = Deno.permissions.querySync({ name: "read", path: "." }); assert(["granted", "denied", "prompt"].includes(status.state)); let called = false; status.addEventListener("change", () => { @@ -90,7 +92,7 @@ Deno.test(function permissionQueryReturnsEventTargetSync() { }); status.dispatchEvent(new Event("change")); assert(called); - assert(status === Deno.permissions.querySync({ name: "hrtime" })); + assert(status === Deno.permissions.querySync({ name: "read", path: "." })); }); Deno.test(async function permissionQueryForReadReturnsSameStatus() { diff --git a/tests/unit/worker_test.ts b/tests/unit/worker_test.ts index e5966348f..700f57b6b 100644 --- a/tests/unit/worker_test.ts +++ b/tests/unit/worker_test.ts @@ -451,7 +451,6 @@ Deno.test("Worker limit children permissions granularly", async function () { deno: { permissions: { env: ["foo"], - hrtime: true, net: ["foo", "bar:8000"], ffi: [new URL("foo", workerUrl), "bar"], read: [new URL("foo", workerUrl), "bar"], @@ -468,7 +467,6 @@ Deno.test("Worker limit children permissions granularly", async function () { envGlobal: "prompt", envFoo: "granted", envAbsent: "prompt", - hrtime: "granted", netGlobal: "prompt", netFoo: "granted", netFoo8000: "granted", @@ -508,7 +506,6 @@ Deno.test("Nested worker limit children permissions", async function () { envGlobal: "prompt", envFoo: "prompt", envAbsent: "prompt", - hrtime: "prompt", netGlobal: "prompt", netFoo: "prompt", netFoo8000: "prompt", @@ -586,7 +583,6 @@ Deno.test("Worker permissions are not inherited with empty permission object", a worker.postMessage(null); assertEquals(await promise, { env: "prompt", - hrtime: "prompt", net: "prompt", ffi: "prompt", read: "prompt", @@ -611,7 +607,6 @@ Deno.test("Worker permissions are not inherited with single specified permission worker.postMessage(null); assertEquals(await promise, { env: "prompt", - hrtime: "prompt", net: "granted", ffi: "prompt", read: "prompt", diff --git a/tools/lint.js b/tools/lint.js index b644cb8c2..6784ec630 100755 --- a/tools/lint.js +++ b/tools/lint.js @@ -221,7 +221,7 @@ async function ensureNoNewITests() { "pm_tests.rs": 0, "publish_tests.rs": 0, "repl_tests.rs": 0, - "run_tests.rs": 352, + "run_tests.rs": 351, "shared_library_tests.rs": 0, "task_tests.rs": 30, "test_tests.rs": 75, |