diff options
| author | Matt Mastracci <matthew@mastracci.com> | 2024-04-19 18:12:03 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-19 18:12:03 -0600 |
| commit | 472a37064071c66cd1311cdea2e78de8d2bc0641 (patch) | |
| tree | 94459f249eee0429480e2cea6ac37319e27de41d /cli | |
| parent | 365e1f48f7059f94d4eeb8f5ba8b3949b686b355 (diff) | |
feat(runtime): Allow embedders to perform additional access checks on file open (#23208)
Embedders may have special requirements around file opening, so we add a
new `check_open` permission check that is called as part of the file
open process.
Diffstat (limited to 'cli')
| -rw-r--r-- | cli/node.rs | 2 | ||||
| -rw-r--r-- | cli/resolver.rs | 2 | ||||
| -rw-r--r-- | cli/standalone/file_system.rs | 12 | ||||
| -rw-r--r-- | cli/util/gitignore.rs | 2 |
4 files changed, 11 insertions, 7 deletions
diff --git a/cli/node.rs b/cli/node.rs index 5f0ecc653..aa62e65b2 100644 --- a/cli/node.rs +++ b/cli/node.rs @@ -112,7 +112,7 @@ impl CjsCodeAnalyzer for CliCjsCodeAnalyzer { Some(source) => source, None => self .fs - .read_text_file_sync(&specifier.to_file_path().unwrap())?, + .read_text_file_sync(&specifier.to_file_path().unwrap(), None)?, }; let analysis = self.inner_cjs_analysis(specifier, &source)?; match analysis { diff --git a/cli/resolver.rs b/cli/resolver.rs index ea12a6687..dfee9a704 100644 --- a/cli/resolver.rs +++ b/cli/resolver.rs @@ -305,7 +305,7 @@ impl NpmModuleLoader { let file_path = specifier.to_file_path().unwrap(); let code = self .fs - .read_text_file_sync(&file_path) + .read_text_file_sync(&file_path, None) .map_err(AnyError::from) .with_context(|| { if file_path.is_dir() { diff --git a/cli/standalone/file_system.rs b/cli/standalone/file_system.rs index f1ea570b5..843c7db55 100644 --- a/cli/standalone/file_system.rs +++ b/cli/standalone/file_system.rs @@ -5,6 +5,7 @@ use std::path::PathBuf; use std::rc::Rc; use std::sync::Arc; +use deno_runtime::deno_fs::AccessCheckCb; use deno_runtime::deno_fs::FileSystem; use deno_runtime::deno_fs::FsDirEntry; use deno_runtime::deno_fs::FsFileType; @@ -47,6 +48,7 @@ impl DenoCompileFileSystem { create_new: false, mode: None, }, + None, &old_file_bytes, ) } @@ -75,22 +77,24 @@ impl FileSystem for DenoCompileFileSystem { &self, path: &Path, options: OpenOptions, + access_check: Option<AccessCheckCb>, ) -> FsResult<Rc<dyn File>> { if self.0.is_path_within(path) { Ok(self.0.open_file(path)?) } else { - RealFs.open_sync(path, options) + RealFs.open_sync(path, options, access_check) } } - async fn open_async( - &self, + async fn open_async<'a>( + &'a self, path: PathBuf, options: OpenOptions, + access_check: Option<AccessCheckCb<'a>>, ) -> FsResult<Rc<dyn File>> { if self.0.is_path_within(&path) { Ok(self.0.open_file(&path)?) } else { - RealFs.open_async(path, options).await + RealFs.open_async(path, options, access_check).await } } diff --git a/cli/util/gitignore.rs b/cli/util/gitignore.rs index 5601b5db9..12a450d64 100644 --- a/cli/util/gitignore.rs +++ b/cli/util/gitignore.rs @@ -105,7 +105,7 @@ impl GitIgnoreTree { }); let current = self .fs - .read_text_file_sync(&dir_path.join(".gitignore")) + .read_text_file_sync(&dir_path.join(".gitignore"), None) .ok() .and_then(|text| { let mut builder = ignore::gitignore::GitignoreBuilder::new(dir_path); |