diff options
| author | Kitson Kelly <me@kitsonkelly.com> | 2020-10-27 06:56:00 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-27 06:56:00 +1100 |
| commit | b03f4a4a1c252d808b72fc462ea783362f810c75 (patch) | |
| tree | 2199c73cb12c9650ae829ee73d377d1a35ec4071 /cli/permissions.rs | |
| parent | acc201625fd613c6e1e66d1714069726ec2a4b73 (diff) | |
fix(cli): restore permission check on workers (#8123)
Fixes #8120
Diffstat (limited to 'cli/permissions.rs')
| -rw-r--r-- | cli/permissions.rs | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/cli/permissions.rs b/cli/permissions.rs index 2eebdba9a..477f58c8f 100644 --- a/cli/permissions.rs +++ b/cli/permissions.rs @@ -7,6 +7,7 @@ use deno_core::error::custom_error; use deno_core::error::uri_error; use deno_core::error::AnyError; use deno_core::url; +use deno_core::ModuleSpecifier; use serde::Deserialize; use std::collections::HashSet; use std::env::current_dir; @@ -548,6 +549,21 @@ impl Permissions { .check(&format!("network access to \"{}\"", url), "--allow-net") } + /// A helper function that determines if the module specifier is a local or + /// remote, and performs a read or net check for the specifier. + pub fn check_specifier( + &self, + specifier: &ModuleSpecifier, + ) -> Result<(), AnyError> { + let url = specifier.as_url(); + if url.scheme() == "file" { + let path = url.to_file_path().unwrap(); + self.check_read(&path) + } else { + self.check_net_url(url) + } + } + pub fn check_env(&self) -> Result<(), AnyError> { self .env @@ -831,6 +847,57 @@ mod tests { } #[test] + fn check_specifiers() { + let read_allowlist = if cfg!(target_os = "windows") { + vec![PathBuf::from("C:\\a")] + } else { + vec![PathBuf::from("/a")] + }; + let perms = Permissions::from_flags(&Flags { + read_allowlist, + net_allowlist: svec!["localhost"], + ..Default::default() + }); + + let mut fixtures = vec![ + ( + ModuleSpecifier::resolve_url_or_path("http://localhost:4545/mod.ts") + .unwrap(), + true, + ), + ( + ModuleSpecifier::resolve_url_or_path("http://deno.land/x/mod.ts") + .unwrap(), + false, + ), + ]; + + if cfg!(target_os = "windows") { + fixtures.push(( + ModuleSpecifier::resolve_url_or_path("file:///C:/a/mod.ts").unwrap(), + true, + )); + fixtures.push(( + ModuleSpecifier::resolve_url_or_path("file:///C:/b/mod.ts").unwrap(), + false, + )); + } else { + fixtures.push(( + ModuleSpecifier::resolve_url_or_path("file:///a/mod.ts").unwrap(), + true, + )); + fixtures.push(( + ModuleSpecifier::resolve_url_or_path("file:///b/mod.ts").unwrap(), + false, + )); + } + + for (specifier, expected) in fixtures { + assert_eq!(perms.check_specifier(&specifier).is_ok(), expected); + } + } + + #[test] fn test_deserialize_perms() { let json_perms = r#" { |