summaryrefslogtreecommitdiff
path: root/runtime/permissions.rs
diff options
context:
space:
mode:
authorBartek Iwańczuk <biwanczuk@gmail.com>2022-09-27 22:36:33 +0200
committerGitHub <noreply@github.com>2022-09-27 22:36:33 +0200
commit212b7dd6da487c070229b6348ec7907b4fecbcf9 (patch)
tree3eb743f90e8b293182a830722eb4ff26bec72039 /runtime/permissions.rs
parenta344368603063bcb281e743f3810ca1e4e46e85d (diff)
feat: Add requesting API name to permission prompt (#15936)
Co-authored-by: Leo Kettmeir <crowlkats@toaxl.com>
Diffstat (limited to 'runtime/permissions.rs')
-rw-r--r--runtime/permissions.rs335
1 files changed, 228 insertions, 107 deletions
diff --git a/runtime/permissions.rs b/runtime/permissions.rs
index fbe9eb2f5..a50295910 100644
--- a/runtime/permissions.rs
+++ b/runtime/permissions.rs
@@ -83,16 +83,18 @@ impl PermissionState {
fn check(
self,
name: &str,
+ api_name: Option<&str>,
info: Option<&str>,
prompt: bool,
) -> (Result<(), AnyError>, bool) {
- self.check2(name, || info.map(|s| s.to_string()), prompt)
+ self.check2(name, api_name, || info.map(|s| s.to_string()), prompt)
}
#[inline]
fn check2(
self,
name: &str,
+ api_name: Option<&str>,
info: impl Fn() -> Option<String>,
prompt: bool,
) -> (Result<(), AnyError>, bool) {
@@ -107,7 +109,7 @@ impl PermissionState {
name,
info().map_or(String::new(), |info| { format!(" to {}", info) }),
);
- if permission_prompt(&msg, name) {
+ if permission_prompt(&msg, name, api_name) {
Self::log_perm_access(name, info);
(Ok(()), true)
} else {
@@ -153,6 +155,7 @@ impl UnitPermission {
if permission_prompt(
&format!("access to {}", self.description),
self.name,
+ Some("Deno.permissions.query()"),
) {
self.state = PermissionState::Granted;
} else {
@@ -170,7 +173,8 @@ impl UnitPermission {
}
pub fn check(&mut self) -> Result<(), AnyError> {
- let (result, prompted) = self.state.check(self.name, None, self.prompt);
+ let (result, prompted) =
+ self.state.check(self.name, None, None, self.prompt);
if prompted {
if result.is_ok() {
self.state = PermissionState::Granted;
@@ -339,6 +343,7 @@ impl UnaryPermission<ReadDescriptor> {
if permission_prompt(
&format!("read access to \"{}\"", display_path.display()),
self.name,
+ Some("Deno.permissions.query()"),
) {
self.granted_list.insert(ReadDescriptor(resolved_path));
PermissionState::Granted
@@ -356,7 +361,11 @@ impl UnaryPermission<ReadDescriptor> {
} else {
let state = self.query(None);
if state == PermissionState::Prompt {
- if permission_prompt("read access", self.name) {
+ if permission_prompt(
+ "read access",
+ self.name,
+ Some("Deno.permissions.query()"),
+ ) {
self.granted_list.clear();
self.global_state = PermissionState::Granted;
PermissionState::Granted
@@ -386,9 +395,14 @@ impl UnaryPermission<ReadDescriptor> {
}
#[inline]
- pub fn check(&mut self, path: &Path) -> Result<(), AnyError> {
+ pub fn check(
+ &mut self,
+ path: &Path,
+ api_name: Option<&str>,
+ ) -> Result<(), AnyError> {
let (result, prompted) = self.query(Some(path)).check2(
self.name,
+ api_name,
|| Some(format!("\"{}\"", path.to_path_buf().display())),
self.prompt,
);
@@ -410,10 +424,12 @@ impl UnaryPermission<ReadDescriptor> {
&mut self,
path: &Path,
display: &str,
+ api_name: &str,
) -> Result<(), AnyError> {
let resolved_path = resolve_from_cwd(path).unwrap();
let (result, prompted) = self.query(Some(&resolved_path)).check(
self.name,
+ Some(api_name),
Some(&format!("<{}>", display)),
self.prompt,
);
@@ -428,9 +444,11 @@ impl UnaryPermission<ReadDescriptor> {
result
}
- pub fn check_all(&mut self) -> Result<(), AnyError> {
+ pub fn check_all(&mut self, api_name: Option<&str>) -> Result<(), AnyError> {
let (result, prompted) =
- self.query(None).check(self.name, Some("all"), self.prompt);
+ self
+ .query(None)
+ .check(self.name, api_name, Some("all"), self.prompt);
if prompted {
if result.is_ok() {
self.global_state = PermissionState::Granted;
@@ -494,6 +512,7 @@ impl UnaryPermission<WriteDescriptor> {
if permission_prompt(
&format!("write access to \"{}\"", display_path.display()),
self.name,
+ Some("Deno.permissions.query()"),
) {
self.granted_list.insert(WriteDescriptor(resolved_path));
PermissionState::Granted
@@ -511,7 +530,11 @@ impl UnaryPermission<WriteDescriptor> {
} else {
let state = self.query(None);
if state == PermissionState::Prompt {
- if permission_prompt("write access", self.name) {
+ if permission_prompt(
+ "write access",
+ self.name,
+ Some("Deno.permissions.query()"),
+ ) {
self.granted_list.clear();
self.global_state = PermissionState::Granted;
PermissionState::Granted
@@ -541,9 +564,14 @@ impl UnaryPermission<WriteDescriptor> {
}
#[inline]
- pub fn check(&mut self, path: &Path) -> Result<(), AnyError> {
+ pub fn check(
+ &mut self,
+ path: &Path,
+ api_name: Option<&str>,
+ ) -> Result<(), AnyError> {
let (result, prompted) = self.query(Some(path)).check2(
self.name,
+ api_name,
|| Some(format!("\"{}\"", path.to_path_buf().display())),
self.prompt,
);
@@ -559,9 +587,11 @@ impl UnaryPermission<WriteDescriptor> {
result
}
- pub fn check_all(&mut self) -> Result<(), AnyError> {
+ pub fn check_all(&mut self, api_name: Option<&str>) -> Result<(), AnyError> {
let (result, prompted) =
- self.query(None).check(self.name, Some("all"), self.prompt);
+ self
+ .query(None)
+ .check(self.name, api_name, Some("all"), self.prompt);
if prompted {
if result.is_ok() {
self.global_state = PermissionState::Granted;
@@ -633,6 +663,7 @@ impl UnaryPermission<NetDescriptor> {
if permission_prompt(
&format!("network access to \"{}\"", host),
self.name,
+ Some("Deno.permissions.query()"),
) {
self.granted_list.insert(host);
PermissionState::Granted
@@ -650,7 +681,11 @@ impl UnaryPermission<NetDescriptor> {
} else {
let state = self.query::<&str>(None);
if state == PermissionState::Prompt {
- if permission_prompt("network access", self.name) {
+ if permission_prompt(
+ "network access",
+ self.name,
+ Some("Deno.permissions.query()"),
+ ) {
self.granted_list.clear();
self.global_state = PermissionState::Granted;
PermissionState::Granted
@@ -689,10 +724,12 @@ impl UnaryPermission<NetDescriptor> {
pub fn check<T: AsRef<str>>(
&mut self,
host: &(T, Option<u16>),
+ api_name: Option<&str>,
) -> Result<(), AnyError> {
let new_host = NetDescriptor::new(&host);
let (result, prompted) = self.query(Some(host)).check(
self.name,
+ api_name,
Some(&format!("\"{}\"", new_host)),
self.prompt,
);
@@ -707,7 +744,11 @@ impl UnaryPermission<NetDescriptor> {
result
}
- pub fn check_url(&mut self, url: &url::Url) -> Result<(), AnyError> {
+ pub fn check_url(
+ &mut self,
+ url: &url::Url,
+ api_name: Option<&str>,
+ ) -> Result<(), AnyError> {
let hostname = url
.host_str()
.ok_or_else(|| uri_error("Missing host"))?
@@ -719,6 +760,7 @@ impl UnaryPermission<NetDescriptor> {
let host = &(&hostname, url.port_or_known_default());
let (result, prompted) = self.query(Some(host)).check(
self.name,
+ api_name,
Some(&format!("\"{}\"", display_host)),
self.prompt,
);
@@ -737,7 +779,7 @@ impl UnaryPermission<NetDescriptor> {
let (result, prompted) =
self
.query::<&str>(None)
- .check(self.name, Some("all"), self.prompt);
+ .check(self.name, None, Some("all"), self.prompt);
if prompted {
if result.is_ok() {
self.global_state = PermissionState::Granted;
@@ -788,7 +830,11 @@ impl UnaryPermission<EnvDescriptor> {
if let Some(env) = env {
let state = self.query(Some(env));
if state == PermissionState::Prompt {
- if permission_prompt(&format!("env access to \"{}\"", env), self.name) {
+ if permission_prompt(
+ &format!("env access to \"{}\"", env),
+ self.name,
+ Some("Deno.permissions.query()"),
+ ) {
self.granted_list.insert(EnvDescriptor::new(env));
PermissionState::Granted
} else {
@@ -805,7 +851,11 @@ impl UnaryPermission<EnvDescriptor> {
} else {
let state = self.query(None);
if state == PermissionState::Prompt {
- if permission_prompt("env access", self.name) {
+ if permission_prompt(
+ "env access",
+ self.name,
+ Some("Deno.permissions.query()"),
+ ) {
self.granted_list.clear();
self.global_state = PermissionState::Granted;
PermissionState::Granted
@@ -834,6 +884,7 @@ impl UnaryPermission<EnvDescriptor> {
pub fn check(&mut self, env: &str) -> Result<(), AnyError> {
let (result, prompted) = self.query(Some(env)).check(
self.name,
+ None,
Some(&format!("\"{}\"", env)),
self.prompt,
);
@@ -850,7 +901,9 @@ impl UnaryPermission<EnvDescriptor> {
pub fn check_all(&mut self) -> Result<(), AnyError> {
let (result, prompted) =
- self.query(None).check(self.name, Some("all"), self.prompt);
+ self
+ .query(None)
+ .check(self.name, None, Some("all"), self.prompt);
if prompted {
if result.is_ok() {
self.global_state = PermissionState::Granted;
@@ -904,7 +957,11 @@ impl UnaryPermission<RunDescriptor> {
if let Some(cmd) = cmd {
let state = self.query(Some(cmd));
if state == PermissionState::Prompt {
- if permission_prompt(&format!("run access to \"{}\"", cmd), self.name) {
+ if permission_prompt(
+ &format!("run access to \"{}\"", cmd),
+ self.name,
+ Some("Deno.permissions.query()"),
+ ) {
self
.granted_list
.insert(RunDescriptor::from_str(cmd).unwrap());
@@ -927,7 +984,11 @@ impl UnaryPermission<RunDescriptor> {
} else {
let state = self.query(None);
if state == PermissionState::Prompt {
- if permission_prompt("run access", self.name) {
+ if permission_prompt(
+ "run access",
+ self.name,
+ Some("Deno.permissions.query()"),
+ ) {
self.granted_list.clear();
self.global_state = PermissionState::Granted;
PermissionState::Granted
@@ -955,9 +1016,14 @@ impl UnaryPermission<RunDescriptor> {
self.query(cmd)
}
- pub fn check(&mut self, cmd: &str) -> Result<(), AnyError> {
+ pub fn check(
+ &mut self,
+ cmd: &str,
+ api_name: Option<&str>,
+ ) -> Result<(), AnyError> {
let (result, prompted) = self.query(Some(cmd)).check(
self.name,
+ api_name,
Some(&format!("\"{}\"", cmd)),
self.prompt,
);
@@ -976,9 +1042,11 @@ impl UnaryPermission<RunDescriptor> {
result
}
- pub fn check_all(&mut self) -> Result<(), AnyError> {
+ pub fn check_all(&mut self, api_name: Option<&str>) -> Result<(), AnyError> {
let (result, prompted) =
- self.query(None).check(self.name, Some("all"), self.prompt);
+ self
+ .query(None)
+ .check(self.name, api_name, Some("all"), self.prompt);
if prompted {
if result.is_ok() {
self.global_state = PermissionState::Granted;
@@ -1033,6 +1101,7 @@ impl UnaryPermission<FfiDescriptor> {
if permission_prompt(
&format!("ffi access to \"{}\"", display_path.display()),
self.name,
+ Some("Deno.permissions.query()"),
) {
self.granted_list.insert(FfiDescriptor(resolved_path));
PermissionState::Granted
@@ -1050,7 +1119,11 @@ impl UnaryPermission<FfiDescriptor> {
} else {
let state = self.query(None);
if state == PermissionState::Prompt {
- if permission_prompt("ffi access", self.name) {
+ if permission_prompt(
+ "ffi access",
+ self.name,
+ Some("Deno.permissions.query()"),
+ ) {
self.granted_list.clear();
self.global_state = PermissionState::Granted;
PermissionState::Granted
@@ -1082,6 +1155,7 @@ impl UnaryPermission<FfiDescriptor> {
let (resolved_path, display_path) = resolved_and_display_path(path);
let (result, prompted) = self.query(Some(&resolved_path)).check(
self.name,
+ None,
Some(&format!("\"{}\"", display_path.display())),
self.prompt,
);
@@ -1098,7 +1172,7 @@ impl UnaryPermission<FfiDescriptor> {
result
} else {
let (result, prompted) =
- self.query(None).check(self.name, None, self.prompt);
+ self.query(None).check(self.name, None, None, self.prompt);
if prompted {
if result.is_ok() {
@@ -1114,7 +1188,9 @@ impl UnaryPermission<FfiDescriptor> {
pub fn check_all(&mut self) -> Result<(), AnyError> {
let (result, prompted) =
- self.query(None).check(self.name, Some("all"), self.prompt);
+ self
+ .query(None)
+ .check(self.name, None, Some("all"), self.prompt);
if prompted {
if result.is_ok() {
self.global_state = PermissionState::Granted;
@@ -1323,7 +1399,7 @@ impl Permissions {
) -> Result<(), AnyError> {
match specifier.scheme() {
"file" => match specifier.to_file_path() {
- Ok(path) => self.read.check(&path),
+ Ok(path) => self.read.check(&path, None),
Err(_) => Err(uri_error(format!(
"Invalid file path.\n Specifier: {}",
specifier
@@ -1331,7 +1407,7 @@ impl Permissions {
},
"data" => Ok(()),
"blob" => Ok(()),
- _ => self.net.check_url(specifier),
+ _ => self.net.check_url(specifier, None),
}
}
}
@@ -1340,14 +1416,15 @@ impl deno_flash::FlashPermissions for Permissions {
fn check_net<T: AsRef<str>>(
&mut self,
host: &(T, Option<u16>),
+ api_name: &str,
) -> Result<(), AnyError> {
- self.net.check(host)
+ self.net.check(host, Some(api_name))
}
}
impl deno_node::NodePermissions for Permissions {
fn check_read(&mut self, path: &Path) -> Result<(), AnyError> {
- self.read.check(path)
+ self.read.check(path, None)
}
}
@@ -1355,26 +1432,43 @@ impl deno_net::NetPermissions for Permissions {
fn check_net<T: AsRef<str>>(
&mut self,
host: &(T, Option<u16>),
+ api_name: &str,
) -> Result<(), AnyError> {
- self.net.check(host)
+ self.net.check(host, Some(api_name))
}
- fn check_read(&mut self, path: &Path) -> Result<(), AnyError> {
- self.read.check(path)
+ fn check_read(
+ &mut self,
+ path: &Path,
+ api_name: &str,
+ ) -> Result<(), AnyError> {
+ self.read.check(path, Some(api_name))
}
- fn check_write(&mut self, path: &Path) -> Result<(), AnyError> {
- self.write.check(path)
+ fn check_write(
+ &mut self,
+ path: &Path,
+ api_name: &str,
+ ) -> Result<(), AnyError> {
+ self.write.check(path, Some(api_name))
}
}
impl deno_fetch::FetchPermissions for Permissions {
- fn check_net_url(&mut self, url: &url::Url) -> Result<(), AnyError> {
- self.net.check_url(url)
+ fn check_net_url(
+ &mut self,
+ url: &url::Url,
+ api_name: &str,
+ ) -> Result<(), AnyError> {
+ self.net.check_url(url, Some(api_name))
}
- fn check_read(&mut self, path: &Path) -> Result<(), AnyError> {
- self.read.check(path)
+ fn check_read(
+ &mut self,
+ path: &Path,
+ api_name: &str,
+ ) -> Result<(), AnyError> {
+ self.read.check(path, Some(api_name))
}
}
@@ -1389,8 +1483,12 @@ impl deno_web::TimersPermission for Permissions {
}
impl deno_websocket::WebSocketPermissions for Permissions {
- fn check_net_url(&mut self, url: &url::Url) -> Result<(), AnyError> {
- self.net.check_url(url)
+ fn check_net_url(
+ &mut self,
+ url: &url::Url,
+ api_name: &str,
+ ) -> Result<(), AnyError> {
+ self.net.check_url(url, Some(api_name))
}
}
@@ -1808,7 +1906,7 @@ pub fn create_child_permissions(
.net
.granted_list
.iter()
- .all(|desc| main_perms.net.check(&(&desc.0, desc.1)).is_ok())
+ .all(|desc| main_perms.net.check(&(&desc.0, desc.1), None).is_ok())
{
return Err(escalation_error());
}
@@ -1856,7 +1954,7 @@ pub fn create_child_permissions(
worker_perms.read = main_perms.read.clone();
}
ChildUnaryPermissionArg::Granted => {
- if main_perms.read.check_all().is_err() {
+ if main_perms.read.check_all(None).is_err() {
return Err(escalation_error());
}
worker_perms.read.global_state = PermissionState::Granted;
@@ -1872,7 +1970,7 @@ pub fn create_child_permissions(
.read
.granted_list
.iter()
- .all(|desc| main_perms.read.check(&desc.0).is_ok())
+ .all(|desc| main_perms.read.check(&desc.0, None).is_ok())
{
return Err(escalation_error());
}
@@ -1888,7 +1986,7 @@ pub fn create_child_permissions(
worker_perms.run = main_perms.run.clone();
}
ChildUnaryPermissionArg::Granted => {
- if main_perms.run.check_all().is_err() {
+ if main_perms.run.check_all(None).is_err() {
return Err(escalation_error());
}
worker_perms.run.global_state = PermissionState::Granted;
@@ -1901,7 +1999,7 @@ pub fn create_child_permissions(
.run
.granted_list
.iter()
- .all(|desc| main_perms.run.check(&desc.to_string()).is_ok())
+ .all(|desc| main_perms.run.check(&desc.to_string(), None).is_ok())
{
return Err(escalation_error());
}
@@ -1917,7 +2015,7 @@ pub fn create_child_permissions(
worker_perms.write = main_perms.write.clone();
}
ChildUnaryPermissionArg::Granted => {
- if main_perms.write.check_all().is_err() {
+ if main_perms.write.check_all(None).is_err() {
return Err(escalation_error());
}
worker_perms.write.global_state = PermissionState::Granted;
@@ -1933,7 +2031,7 @@ pub fn create_child_permissions(
.write
.granted_list
.iter()
- .all(|desc| main_perms.write.check(&desc.0).is_ok())
+ .all(|desc| main_perms.write.check(&desc.0, None).is_ok())
{
return Err(escalation_error());
}
@@ -1950,7 +2048,11 @@ pub fn create_child_permissions(
/// Shows the permission prompt and returns the answer according to the user input.
/// This loops until the user gives the proper input.
#[cfg(not(test))]
-fn permission_prompt(message: &str, name: &str) -> bool {
+fn permission_prompt(
+ message: &str,
+ name: &str,
+ api_name: Option<&str>,
+) -> bool {
if !atty::is(atty::Stream::Stdin) || !atty::is(atty::Stream::Stderr) {
return false;
};
@@ -2084,6 +2186,9 @@ fn permission_prompt(message: &str, name: &str) -> bool {
eprint!("{}", colors::bold("Deno requests "));
eprint!("{}", colors::bold(message));
eprintln!("{}", colors::bold("."));
+ if let Some(api_name) = api_name {
+ eprintln!(" ├ Requested by `{}` API", api_name);
+ }
let msg = format!(
" ├ Run again with --allow-{} to bypass this prompt.",
name
@@ -2104,13 +2209,13 @@ fn permission_prompt(message: &str, name: &str) -> bool {
};
match ch.to_ascii_lowercase() {
'y' => {
- clear_n_lines(3);
+ clear_n_lines(if api_name.is_some() { 4 } else { 3 });
let msg = format!("Granted {}.", message);
eprintln!("✅ {}", colors::bold(&msg));
return true;
}
'n' => {
- clear_n_lines(3);
+ clear_n_lines(if api_name.is_some() { 4 } else { 3 });
let msg = format!("Denied {}.", message);
eprintln!("❌ {}", colors::bold(&msg));
return false;
@@ -2128,7 +2233,11 @@ fn permission_prompt(message: &str, name: &str) -> bool {
// When testing, permission prompt returns the value of STUB_PROMPT_VALUE
// which we set from the test functions.
#[cfg(test)]
-fn permission_prompt(_message: &str, _flag: &str) -> bool {
+fn permission_prompt(
+ _message: &str,
+ _flag: &str,
+ _api_name: Option<&str>,
+) -> bool {
STUB_PROMPT_VALUE.load(Ordering::SeqCst)
}
@@ -2177,55 +2286,67 @@ mod tests {
.unwrap();
// Inside of /a/specific and /a/specific/dir/name
- assert!(perms.read.check(Path::new("/a/specific/dir/name")).is_ok());
- assert!(perms.write.check(Path::new("/a/specific/dir/name")).is_ok());
+ assert!(perms
+ .read
+ .check(Path::new("/a/specific/dir/name"), None)
+ .is_ok());
+ assert!(perms
+ .write
+ .check(Path::new("/a/specific/dir/name"), None)
+ .is_ok());
// Inside of /a/specific but outside of /a/specific/dir/name
- assert!(perms.read.check(Path::new("/a/specific/dir")).is_ok());
- assert!(perms.write.check(Path::new("/a/specific/dir")).is_ok());
+ assert!(perms.read.check(Path::new("/a/specific/dir"), None).is_ok());
+ assert!(perms
+ .write
+ .check(Path::new("/a/specific/dir"), None)
+ .is_ok());
// Inside of /a/specific and /a/specific/dir/name
assert!(perms
.read
- .check(Path::new("/a/specific/dir/name/inner"))
+ .check(Path::new("/a/specific/dir/name/inner"), None)
.is_ok());
assert!(perms
.write
- .check(Path::new("/a/specific/dir/name/inner"))
+ .check(Path::new("/a/specific/dir/name/inner"), None)
.is_ok());
// Inside of /a/specific but outside of /a/specific/dir/name
- assert!(perms.read.check(Path::new("/a/specific/other/dir")).is_ok());
+ assert!(perms
+ .read
+ .check(Path::new("/a/specific/other/dir"), None)
+ .is_ok());
assert!(perms
.write
- .check(Path::new("/a/specific/other/dir"))
+ .check(Path::new("/a/specific/other/dir"), None)
.is_ok());
// Exact match with /b/c
- assert!(perms.read.check(Path::new("/b/c")).is_ok());
- assert!(perms.write.check(Path::new("/b/c")).is_ok());
+ assert!(perms.read.check(Path::new("/b/c"), None).is_ok());
+ assert!(perms.write.check(Path::new("/b/c"), None).is_ok());
// Sub path within /b/c
- assert!(perms.read.check(Path::new("/b/c/sub/path")).is_ok());
- assert!(perms.write.check(Path::new("/b/c/sub/path")).is_ok());
+ assert!(perms.read.check(Path::new("/b/c/sub/path"), None).is_ok());
+ assert!(perms.write.check(Path::new("/b/c/sub/path"), None).is_ok());
// Sub path within /b/c, needs normalizing
assert!(perms
.read
- .check(Path::new("/b/c/sub/path/../path/."))
+ .check(Path::new("/b/c/sub/path/../path/."), None)
.is_ok());
assert!(perms
.write
- .check(Path::new("/b/c/sub/path/../path/."))
+ .check(Path::new("/b/c/sub/path/../path/."), None)
.is_ok());
// Inside of /b but outside of /b/c
- assert!(perms.read.check(Path::new("/b/e")).is_err());
- assert!(perms.write.check(Path::new("/b/e")).is_err());
+ assert!(perms.read.check(Path::new("/b/e"), None).is_err());
+ assert!(perms.write.check(Path::new("/b/e"), None).is_err());
// Inside of /a but outside of /a/specific
- assert!(perms.read.check(Path::new("/a/b")).is_err());
- assert!(perms.write.check(Path::new("/a/b")).is_err());
+ assert!(perms.read.check(Path::new("/a/b"), None).is_err());
+ assert!(perms.write.check(Path::new("/a/b"), None).is_err());
}
#[test]
@@ -2267,7 +2388,7 @@ mod tests {
];
for (host, port, is_ok) in domain_tests {
- assert_eq!(is_ok, perms.net.check(&(host, Some(port))).is_ok());
+ assert_eq!(is_ok, perms.net.check(&(host, Some(port)), None).is_ok());
}
}
@@ -2302,7 +2423,7 @@ mod tests {
];
for (host, port) in domain_tests {
- assert!(perms.net.check(&(host, Some(port))).is_ok());
+ assert!(perms.net.check(&(host, Some(port)), None).is_ok());
}
}
@@ -2337,7 +2458,7 @@ mod tests {
];
for (host, port) in domain_tests {
- assert!(perms.net.check(&(host, Some(port))).is_err());
+ assert!(perms.net.check(&(host, Some(port)), None).is_err());
}
}
@@ -2397,7 +2518,7 @@ mod tests {
for (url_str, is_ok) in url_tests {
let u = url::Url::parse(url_str).unwrap();
- assert_eq!(is_ok, perms.net.check_url(&u).is_ok());
+ assert_eq!(is_ok, perms.net.check_url(&u, None).is_ok());
}
}
@@ -2654,31 +2775,31 @@ mod tests {
let prompt_value = PERMISSION_PROMPT_STUB_VALUE_SETTER.lock();
prompt_value.set(true);
- assert!(perms.read.check(Path::new("/foo")).is_ok());
+ assert!(perms.read.check(Path::new("/foo"), None).is_ok());
prompt_value.set(false);
- assert!(perms.read.check(Path::new("/foo")).is_ok());
- assert!(perms.read.check(Path::new("/bar")).is_err());
+ assert!(perms.read.check(Path::new("/foo"), None).is_ok());
+ assert!(perms.read.check(Path::new("/bar"), None).is_err());
prompt_value.set(true);
- assert!(perms.write.check(Path::new("/foo")).is_ok());
+ assert!(perms.write.check(Path::new("/foo"), None).is_ok());
prompt_value.set(false);
- assert!(perms.write.check(Path::new("/foo")).is_ok());
- assert!(perms.write.check(Path::new("/bar")).is_err());
+ assert!(perms.write.check(Path::new("/foo"), None).is_ok());
+ assert!(perms.write.check(Path::new("/bar"), None).is_err());
prompt_value.set(true);
- assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_ok());
+ assert!(perms.net.check(&("127.0.0.1", Some(8000)), None).is_ok());
prompt_value.set(false);
- assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_ok());
- assert!(perms.net.check(&("127.0.0.1", Some(8001))).is_err());
- assert!(perms.net.check(&("127.0.0.1", None)).is_err());
- assert!(perms.net.check(&("deno.land", Some(8000))).is_err());
- assert!(perms.net.check(&("deno.land", None)).is_err());
+ assert!(perms.net.check(&("127.0.0.1", Some(8000)), None).is_ok());
+ assert!(perms.net.check(&("127.0.0.1", Some(8001)), None).is_err());
+ assert!(perms.net.check(&("127.0.0.1", None), None).is_err());
+ assert!(perms.net.check(&("deno.land", Some(8000)), None).is_err());
+ assert!(perms.net.check(&("deno.land", None), None).is_err());
prompt_value.set(true);
- assert!(perms.run.check("cat").is_ok());
+ assert!(perms.run.check("cat", None).is_ok());
prompt_value.set(false);
- assert!(perms.run.check("cat").is_ok());
- assert!(perms.run.check("ls").is_err());
+ assert!(perms.run.check("cat", None).is_ok());
+ assert!(perms.run.check("ls", None).is_err());
prompt_value.set(true);
assert!(perms.env.check("HOME").is_ok());
@@ -2704,38 +2825,38 @@ mod tests {
let prompt_value = PERMISSION_PROMPT_STUB_VALUE_SETTER.lock();
prompt_value.set(false);
- assert!(perms.read.check(Path::new("/foo")).is_err());
+ assert!(perms.read.check(Path::new("/foo"), None).is_err());
prompt_value.set(true);
- assert!(perms.read.check(Path::new("/foo")).is_err());
- assert!(perms.read.check(Path::new("/bar")).is_ok());
+ assert!(perms.read.check(Path::new("/foo"), None).is_err());
+ assert!(perms.read.check(Path::new("/bar"), None).is_ok());
prompt_value.set(false);
- assert!(perms.read.check(Path::new("/bar")).is_ok());
+ assert!(perms.read.check(Path::new("/bar"), None).is_ok());
prompt_value.set(false);
- assert!(perms.write.check(Path::new("/foo")).is_err());
+ assert!(perms.write.check(Path::new("/foo"), None).is_err());
prompt_value.set(true);
- assert!(perms.write.check(Path::new("/foo")).is_err());
- assert!(perms.write.check(Path::new("/bar")).is_ok());
+ assert!(perms.write.check(Path::new("/foo"), None).is_err());
+ assert!(perms.write.check(Path::new("/bar"), None).is_ok());
prompt_value.set(false);
- assert!(perms.write.check(Path::new("/bar")).is_ok());
+ assert!(perms.write.check(Path::new("/bar"), None).is_ok());
prompt_value.set(false);
- assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_err());
+ assert!(perms.net.check(&("127.0.0.1", Some(8000)), None).is_err());
prompt_value.set(true);
- assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_err());
- assert!(perms.net.check(&("127.0.0.1", Some(8001))).is_ok());
- assert!(perms.net.check(&("deno.land", Some(8000))).is_ok());
+ assert!(perms.net.check(&("127.0.0.1", Some(8000)), None).is_err());
+ assert!(perms.net.check(&("127.0.0.1", Some(8001)), None).is_ok());
+ assert!(perms.net.check(&("deno.land", Some(8000)), None).is_ok());
prompt_value.set(false);
- assert!(perms.net.check(&("127.0.0.1", Some(8001))).is_ok());
- assert!(perms.net.check(&("deno.land", Some(8000))).is_ok());
+ assert!(perms.net.check(&("127.0.0.1", Some(8001)), None).is_ok());
+ assert!(perms.net.check(&("deno.land", Some(8000)), None).is_ok());
prompt_value.set(false);
- assert!(perms.run.check("cat").is_err());
+ assert!(perms.run.check("cat", None).is_err());
prompt_value.set(true);
- assert!(perms.run.check("cat").is_err());
- assert!(perms.run.check("ls").is_ok());
+ assert!(perms.run.check("cat", None).is_err());
+ assert!(perms.run.check("ls", None).is_ok());
prompt_value.set(false);
- assert!(perms.run.check("ls").is_ok());
+ assert!(perms.run.check("ls", None).is_ok());
prompt_value.set(false);
assert!(perms.env.check("HOME").is_err());
@@ -2995,7 +3116,7 @@ mod tests {
})
.unwrap();
prompt_value.set(false);
- assert!(main_perms.write.check(&PathBuf::from("foo")).is_err());
+ assert!(main_perms.write.check(&PathBuf::from("foo"), None).is_err());
let worker_perms = create_child_permissions(
&mut main_perms.clone(),
ChildPermissionsArg::none(),
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-26 22:01:03 +0000