diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2020-05-11 13:13:27 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-11 13:13:27 +0200 |
| commit | 32aeec9630dc91162f0408b95dd86e1c26e4c1d3 (patch) | |
| tree | f93d8e6b665df0c3054dba56973712412916493e /cli/lib.rs | |
| parent | 0d148c6e80583dfe029d5362f61b92334a22341a (diff) | |
refactor: check permissions in SourceFileFetcher (#5011)
This PR hot-fixes permission escapes in dynamic imports, workers
and runtime compiler APIs.
"permissions" parameter was added to public APIs of SourceFileFetcher
and appropriate permission checks are performed during loading of
local and remote files.
Diffstat (limited to 'cli/lib.rs')
| -rw-r--r-- | cli/lib.rs | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/cli/lib.rs b/cli/lib.rs index 97b497e95..0b88d7346 100644 --- a/cli/lib.rs +++ b/cli/lib.rs @@ -73,6 +73,7 @@ use crate::global_state::GlobalState; use crate::msg::MediaType; use crate::op_error::OpError; use crate::ops::io::get_stdio; +use crate::permissions::Permissions; use crate::state::DebugType; use crate::state::State; use crate::tsc::TargetLib; @@ -187,7 +188,7 @@ async fn print_file_info( let out = global_state .file_fetcher - .fetch_source_file(&module_specifier, None) + .fetch_source_file(&module_specifier, None, Permissions::allow_all()) .await?; println!( @@ -205,7 +206,12 @@ async fn print_file_info( let module_specifier_ = module_specifier.clone(); global_state .clone() - .fetch_compiled_module(module_specifier_, None, TargetLib::Main) + .fetch_compiled_module( + module_specifier_, + None, + TargetLib::Main, + Permissions::allow_all(), + ) .await?; if out.media_type == msg::MediaType::TypeScript @@ -407,7 +413,9 @@ async fn doc_command( let fetcher = self.clone(); async move { - let source_file = fetcher.fetch_source_file(&specifier, None).await?; + let source_file = fetcher + .fetch_source_file(&specifier, None, Permissions::allow_all()) + .await?; String::from_utf8(source_file.source_code) .map_err(|_| OpError::other("failed to parse".to_string())) } |