fix(regression): do not expose resolved path in Deno.Command permission denied error (#25434)

Regression from https://github.com/denoland/deno/pull/25370
author: David Sherret <dsherret@users.noreply.github.com> 2024-09-05 00:57:49 +0200
committer: GitHub <noreply@github.com> 2024-09-04 22:57:49 +0000
commit: dd208a6df02e99dbd7e1cb7b197fde8ccfeb0f88 (patch)
tree: 18844cfdf09df71d7b67ffc635ae55c1daf52dc4 /runtime/ops
parent: 195b17ae1298f80209e3c2c5ef4d133e6975ff58 (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/runtime/ops/process.rs b/runtime/ops/process.rs
index eb53151ce..c2fa212d3 100644
--- a/runtime/ops/process.rs
+++ b/runtime/ops/process.rs
@@ -17,6 +17,7 @@ use deno_io::ChildStderrResource;
 use deno_io::ChildStdinResource;
 use deno_io::ChildStdoutResource;
 use deno_permissions::PermissionsContainer;
+use deno_permissions::RunPathQuery;
 use serde::Deserialize;
 use serde::Serialize;
 use std::borrow::Cow;
@@ -516,7 +517,15 @@ fn compute_run_cmd_and_check_permissions(
     .with_context(|| format!("Failed to spawn '{}'", arg_cmd))?;
   let cmd = resolve_cmd(arg_cmd, &run_env)
     .with_context(|| format!("Failed to spawn '{}'", arg_cmd))?;
-  check_run_permission(state, &cmd, &run_env, api_name)?;
+  check_run_permission(
+    state,
+    RunPathQuery {
+      requested: arg_cmd,
+      resolved: &cmd,
+    },
+    &run_env,
+    api_name,
+  )?;
   Ok((cmd, run_env))
 }
 
@@ -588,7 +597,7 @@ fn resolve_path(path: &str, cwd: &Path) -> PathBuf {
 
 fn check_run_permission(
   state: &mut OpState,
-  cmd: &Path,
+  cmd: RunPathQuery,
   run_env: &RunEnv,
   api_name: &str,
 ) -> Result<(), AnyError> {
author	David Sherret <dsherret@users.noreply.github.com>	2024-09-05 00:57:49 +0200
committer	GitHub <noreply@github.com>	2024-09-04 22:57:49 +0000
commit	dd208a6df02e99dbd7e1cb7b197fde8ccfeb0f88 (patch)
tree	18844cfdf09df71d7b67ffc635ae55c1daf52dc4 /runtime/ops
parent	195b17ae1298f80209e3c2c5ef4d133e6975ff58 (diff)