summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
authorBartek IwaƄczuk <biwanczuk@gmail.com>2022-09-27 22:36:33 +0200
committerGitHub <noreply@github.com>2022-09-27 22:36:33 +0200
commit212b7dd6da487c070229b6348ec7907b4fecbcf9 (patch)
tree3eb743f90e8b293182a830722eb4ff26bec72039 /ext
parenta344368603063bcb281e743f3810ca1e4e46e85d (diff)
feat: Add requesting API name to permission prompt (#15936)
Co-authored-by: Leo Kettmeir <crowlkats@toaxl.com>
Diffstat (limited to 'ext')
-rw-r--r--ext/fetch/lib.rs14
-rw-r--r--ext/flash/lib.rs3
-rw-r--r--ext/net/lib.rs6
-rw-r--r--ext/net/ops.rs50
-rw-r--r--ext/net/ops_tls.rs12
-rw-r--r--ext/websocket/01_websocket.js2
-rw-r--r--ext/websocket/02_websocketstream.js2
-rw-r--r--ext/websocket/lib.rs12
8 files changed, 70 insertions, 31 deletions
diff --git a/ext/fetch/lib.rs b/ext/fetch/lib.rs
index 3988acf9e..a7daaa63a 100644
--- a/ext/fetch/lib.rs
+++ b/ext/fetch/lib.rs
@@ -167,8 +167,12 @@ impl FetchHandler for DefaultFileFetchHandler {
}
pub trait FetchPermissions {
- fn check_net_url(&mut self, _url: &Url) -> Result<(), AnyError>;
- fn check_read(&mut self, _p: &Path) -> Result<(), AnyError>;
+ fn check_net_url(
+ &mut self,
+ _url: &Url,
+ api_name: &str,
+ ) -> Result<(), AnyError>;
+ fn check_read(&mut self, _p: &Path, api_name: &str) -> Result<(), AnyError>;
}
pub fn get_declaration() -> PathBuf {
@@ -215,7 +219,7 @@ where
type_error("NetworkError when attempting to fetch resource.")
})?;
let permissions = state.borrow_mut::<FP>();
- permissions.check_read(&path)?;
+ permissions.check_read(&path, "fetch()")?;
if method != Method::GET {
return Err(type_error(format!(
@@ -240,7 +244,7 @@ where
}
"http" | "https" => {
let permissions = state.borrow_mut::<FP>();
- permissions.check_net_url(&url)?;
+ permissions.check_net_url(&url, "fetch()")?;
let mut request = client.request(method.clone(), url);
@@ -535,7 +539,7 @@ where
if let Some(proxy) = args.proxy.clone() {
let permissions = state.borrow_mut::<FP>();
let url = Url::parse(&proxy.url)?;
- permissions.check_net_url(&url)?;
+ permissions.check_net_url(&url, "Deno.createHttpClient()")?;
}
let client_cert_chain_and_key = {
diff --git a/ext/flash/lib.rs b/ext/flash/lib.rs
index 957c011bf..93c95f84b 100644
--- a/ext/flash/lib.rs
+++ b/ext/flash/lib.rs
@@ -1135,7 +1135,7 @@ where
check_unstable(state, "Deno.serve");
state
.borrow_mut::<P>()
- .check_net(&(&opts.hostname, Some(opts.port)))?;
+ .check_net(&(&opts.hostname, Some(opts.port)), "Deno.serve()")?;
let addr = resolve_addr_sync(&opts.hostname, opts.port)?
.next()
@@ -1377,6 +1377,7 @@ pub trait FlashPermissions {
fn check_net<T: AsRef<str>>(
&mut self,
_host: &(T, Option<u16>),
+ _api_name: &str,
) -> Result<(), AnyError>;
}
diff --git a/ext/net/lib.rs b/ext/net/lib.rs
index 249170060..35d612598 100644
--- a/ext/net/lib.rs
+++ b/ext/net/lib.rs
@@ -21,9 +21,11 @@ pub trait NetPermissions {
fn check_net<T: AsRef<str>>(
&mut self,
_host: &(T, Option<u16>),
+ _api_name: &str,
) -> Result<(), AnyError>;
- fn check_read(&mut self, _p: &Path) -> Result<(), AnyError>;
- fn check_write(&mut self, _p: &Path) -> Result<(), AnyError>;
+ fn check_read(&mut self, _p: &Path, _api_name: &str) -> Result<(), AnyError>;
+ fn check_write(&mut self, _p: &Path, _api_name: &str)
+ -> Result<(), AnyError>;
}
/// `UnstableChecker` is a struct so it can be placed inside `GothamState`;
diff --git a/ext/net/ops.rs b/ext/net/ops.rs
index 36786cd86..41d04467e 100644
--- a/ext/net/ops.rs
+++ b/ext/net/ops.rs
@@ -252,8 +252,10 @@ where
} if transport == "udp" => {
{
let mut s = state.borrow_mut();
- s.borrow_mut::<NP>()
- .check_net(&(&args.hostname, Some(args.port)))?;
+ s.borrow_mut::<NP>().check_net(
+ &(&args.hostname, Some(args.port)),
+ "Deno.DatagramConn.send()",
+ )?;
}
let addr = resolve_addr(&args.hostname, args.port)
.await?
@@ -278,7 +280,8 @@ where
let address_path = Path::new(&args.path);
{
let mut s = state.borrow_mut();
- s.borrow_mut::<NP>().check_write(address_path)?;
+ s.borrow_mut::<NP>()
+ .check_write(address_path, "Deno.DatagramConn.send()")?;
}
let resource = state
.borrow()
@@ -319,7 +322,7 @@ where
let mut state_ = state.borrow_mut();
state_
.borrow_mut::<NP>()
- .check_net(&(&args.hostname, Some(args.port)))?;
+ .check_net(&(&args.hostname, Some(args.port)), "Deno.connect()")?;
}
let addr = resolve_addr(&args.hostname, args.port)
.await?
@@ -354,8 +357,12 @@ where
super::check_unstable2(&state, "Deno.connect");
{
let mut state_ = state.borrow_mut();
- state_.borrow_mut::<NP>().check_read(address_path)?;
- state_.borrow_mut::<NP>().check_write(address_path)?;
+ state_
+ .borrow_mut::<NP>()
+ .check_read(address_path, "Deno.connect()")?;
+ state_
+ .borrow_mut::<NP>()
+ .check_write(address_path, "Deno.connect()")?;
}
let path = args.path;
let unix_stream = net_unix::UnixStream::connect(Path::new(&path)).await?;
@@ -494,9 +501,10 @@ where
if transport == "udp" {
super::check_unstable(state, "Deno.listenDatagram");
}
- state
- .borrow_mut::<NP>()
- .check_net(&(&args.hostname, Some(args.port)))?;
+ state.borrow_mut::<NP>().check_net(
+ &(&args.hostname, Some(args.port)),
+ "Deno.listenDatagram()",
+ )?;
}
let addr = resolve_addr_sync(&args.hostname, args.port)?
.next()
@@ -540,9 +548,14 @@ where
if transport == "unixpacket" {
super::check_unstable(state, "Deno.listenDatagram");
}
+ let api_name = if transport == "unix" {
+ "Deno.listen()"
+ } else {
+ "Deno.listenDatagram()"
+ };
let permissions = state.borrow_mut::<NP>();
- permissions.check_read(address_path)?;
- permissions.check_write(address_path)?;
+ permissions.check_read(address_path, api_name)?;
+ permissions.check_write(address_path, api_name)?;
}
let (rid, local_addr) = if transport == "unix" {
net_unix::listen_unix(state, address_path)?
@@ -678,7 +691,7 @@ where
let socker_addr = &ns.socket_addr;
let ip = socker_addr.ip().to_string();
let port = socker_addr.port();
- perm.check_net(&(ip, Some(port)))?;
+ perm.check_net(&(ip, Some(port)), "Deno.resolveDns()")?;
}
}
@@ -1010,15 +1023,24 @@ mod tests {
fn check_net<T: AsRef<str>>(
&mut self,
_host: &(T, Option<u16>),
+ _api_name: &str,
) -> Result<(), AnyError> {
Ok(())
}
- fn check_read(&mut self, _p: &Path) -> Result<(), AnyError> {
+ fn check_read(
+ &mut self,
+ _p: &Path,
+ _api_name: &str,
+ ) -> Result<(), AnyError> {
Ok(())
}
- fn check_write(&mut self, _p: &Path) -> Result<(), AnyError> {
+ fn check_write(
+ &mut self,
+ _p: &Path,
+ _api_name: &str,
+ ) -> Result<(), AnyError> {
Ok(())
}
}
diff --git a/ext/net/ops_tls.rs b/ext/net/ops_tls.rs
index 1c91674df..230f4359e 100644
--- a/ext/net/ops_tls.rs
+++ b/ext/net/ops_tls.rs
@@ -799,7 +799,7 @@ where
{
let mut s = state.borrow_mut();
let permissions = s.borrow_mut::<NP>();
- permissions.check_net(&(hostname, Some(0)))?;
+ permissions.check_net(&(hostname, Some(0)), "Deno.startTls()")?;
}
let ca_certs = args
@@ -904,9 +904,9 @@ where
{
let mut s = state.borrow_mut();
let permissions = s.borrow_mut::<NP>();
- permissions.check_net(&(hostname, Some(port)))?;
+ permissions.check_net(&(hostname, Some(port)), "Deno.connectTls()")?;
if let Some(path) = cert_file {
- permissions.check_read(Path::new(path))?;
+ permissions.check_read(Path::new(path), "Deno.connectTls()")?;
}
}
@@ -1051,12 +1051,12 @@ where
{
let permissions = state.borrow_mut::<NP>();
- permissions.check_net(&(hostname, Some(port)))?;
+ permissions.check_net(&(hostname, Some(port)), "Deno.listenTls()")?;
if let Some(path) = cert_file {
- permissions.check_read(Path::new(path))?;
+ permissions.check_read(Path::new(path), "Deno.listenTls()")?;
}
if let Some(path) = key_file {
- permissions.check_read(Path::new(path))?;
+ permissions.check_read(Path::new(path), "Deno.listenTls()")?;
}
}
diff --git a/ext/websocket/01_websocket.js b/ext/websocket/01_websocket.js
index bdb29526e..f7bd820c0 100644
--- a/ext/websocket/01_websocket.js
+++ b/ext/websocket/01_websocket.js
@@ -191,6 +191,7 @@
this[_url] = wsURL.href;
ops.op_ws_check_permission_and_cancel_handle(
+ "WebSocket.abort()",
this[_url],
false,
);
@@ -227,6 +228,7 @@
PromisePrototypeThen(
core.opAsync(
"op_ws_create",
+ "new WebSocket()",
wsURL.href,
ArrayPrototypeJoin(protocols, ", "),
),
diff --git a/ext/websocket/02_websocketstream.js b/ext/websocket/02_websocketstream.js
index cf83fe4c7..598816d05 100644
--- a/ext/websocket/02_websocketstream.js
+++ b/ext/websocket/02_websocketstream.js
@@ -133,6 +133,7 @@
}
const cancelRid = ops.op_ws_check_permission_and_cancel_handle(
+ "WebSocketStream.abort()",
this[_url],
true,
);
@@ -150,6 +151,7 @@
PromisePrototypeThen(
core.opAsync(
"op_ws_create",
+ "new WebSocketStream()",
this[_url],
options.protocols
? ArrayPrototypeJoin(options.protocols, ", ")
diff --git a/ext/websocket/lib.rs b/ext/websocket/lib.rs
index fad217585..e8ada74a2 100644
--- a/ext/websocket/lib.rs
+++ b/ext/websocket/lib.rs
@@ -61,7 +61,11 @@ pub struct WsRootStore(pub Option<RootCertStore>);
pub struct WsUserAgent(pub String);
pub trait WebSocketPermissions {
- fn check_net_url(&mut self, _url: &url::Url) -> Result<(), AnyError>;
+ fn check_net_url(
+ &mut self,
+ _url: &url::Url,
+ _api_name: &str,
+ ) -> Result<(), AnyError>;
}
/// `UnsafelyIgnoreCertificateErrors` is a wrapper struct so it can be placed inside `GothamState`;
@@ -211,6 +215,7 @@ impl Resource for WsCancelResource {
#[op]
pub fn op_ws_check_permission_and_cancel_handle<WP>(
state: &mut OpState,
+ api_name: String,
url: String,
cancel_handle: bool,
) -> Result<Option<ResourceId>, AnyError>
@@ -219,7 +224,7 @@ where
{
state
.borrow_mut::<WP>()
- .check_net_url(&url::Url::parse(&url)?)?;
+ .check_net_url(&url::Url::parse(&url)?, &api_name)?;
if cancel_handle {
let rid = state
@@ -242,6 +247,7 @@ pub struct CreateResponse {
#[op]
pub async fn op_ws_create<WP>(
state: Rc<RefCell<OpState>>,
+ api_name: String,
url: String,
protocols: String,
cancel_handle: Option<ResourceId>,
@@ -253,7 +259,7 @@ where
{
let mut s = state.borrow_mut();
s.borrow_mut::<WP>()
- .check_net_url(&url::Url::parse(&url)?)
+ .check_net_url(&url::Url::parse(&url)?, &api_name)
.expect(
"Permission check should have been done in op_ws_check_permission",
);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-27 03:30:20 +0000