diff options
| author | Ryan Dahl <ry@tinyclouds.org> | 2019-08-13 14:51:15 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-13 14:51:15 -0400 |
| commit | 1f8b1a587c397dd01e058820769580323a0f7330 (patch) | |
| tree | a600f22f4639d8ac319276b3d58580c3431f2d4f /cli/state.rs | |
| parent | 1947f572d735096c1ccd7de2c386b8289c287701 (diff) | |
Dynamic import should respect permissions (#2764)
Diffstat (limited to 'cli/state.rs')
| -rw-r--r-- | cli/state.rs | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/cli/state.rs b/cli/state.rs index eb912161d..0b0f3b1ae 100644 --- a/cli/state.rs +++ b/cli/state.rs @@ -4,6 +4,7 @@ use crate::compilers::JsCompiler; use crate::compilers::JsonCompiler; use crate::compilers::TsCompiler; use crate::deno_dir; +use crate::deno_error::permission_denied; use crate::file_fetcher::SourceFileFetcher; use crate::flags; use crate::global_timer::GlobalTimer; @@ -119,6 +120,7 @@ impl Loader for ThreadSafeState { specifier: &str, referrer: &str, is_main: bool, + is_dyn_import: bool, ) -> Result<ModuleSpecifier, ErrBox> { if !is_main { if let Some(import_map) = &self.import_map { @@ -128,8 +130,14 @@ impl Loader for ThreadSafeState { } } } + let module_specifier = + ModuleSpecifier::resolve_import(specifier, referrer)?; - ModuleSpecifier::resolve_import(specifier, referrer).map_err(ErrBox::from) + if is_dyn_import { + self.check_dyn_import(&module_specifier)?; + } + + Ok(module_specifier) } /// Given an absolute url, load its source code. @@ -294,7 +302,7 @@ impl ThreadSafeState { } #[inline] - pub fn check_net_url(&self, url: url::Url) -> Result<(), ErrBox> { + pub fn check_net_url(&self, url: &url::Url) -> Result<(), ErrBox> { self.permissions.check_net_url(url) } @@ -303,6 +311,30 @@ impl ThreadSafeState { self.permissions.check_run() } + pub fn check_dyn_import( + self: &Self, + module_specifier: &ModuleSpecifier, + ) -> Result<(), ErrBox> { + let u = module_specifier.as_url(); + match u.scheme() { + "http" | "https" => { + self.check_net_url(u)?; + Ok(()) + } + "file" => { + let filename = u + .to_file_path() + .unwrap() + .into_os_string() + .into_string() + .unwrap(); + self.check_read(&filename)?; + Ok(()) + } + _ => Err(permission_denied()), + } + } + #[cfg(test)] pub fn mock(argv: Vec<String>) -> ThreadSafeState { ThreadSafeState::new( |