diff options
| author | andy finch <andyfinch7@gmail.com> | 2019-03-18 16:46:23 -0400 |
|---|---|---|
| committer | Ryan Dahl <ry@tinyclouds.org> | 2019-03-18 16:46:23 -0400 |
| commit | 08a674bf917185fe9d00907120d3f03599a810a0 (patch) | |
| tree | e68b3ab5baed9b491cf40e289f182e0b79f29c2b /src | |
| parent | 59ac2063e0563586a901b664f6ea05e9b6ef11b5 (diff) | |
More permissions prompt options (#1926)
Diffstat (limited to 'src')
| -rw-r--r-- | src/compiler.rs | 11 | ||||
| -rw-r--r-- | src/ops.rs | 45 | ||||
| -rw-r--r-- | src/permissions.rs | 337 |
3 files changed, 271 insertions, 122 deletions
diff --git a/src/compiler.rs b/src/compiler.rs index 12554dcec..dab166f47 100644 --- a/src/compiler.rs +++ b/src/compiler.rs @@ -3,7 +3,7 @@ use crate::isolate::Buf; use crate::isolate::IsolateState; use crate::isolate_init; use crate::msg; -use crate::permissions::DenoPermissions; +use crate::permissions::{DenoPermissions, PermissionAccessor}; use crate::resources; use crate::resources::Resource; use crate::resources::ResourceId; @@ -12,7 +12,6 @@ use crate::workers; use futures::Future; use serde_json; use std::str; -use std::sync::atomic::AtomicBool; use std::sync::Arc; use std::sync::Mutex; @@ -53,11 +52,9 @@ fn lazy_start(parent_state: &Arc<IsolateState>) -> Resource { let mut cell = C_RID.lock().unwrap(); let isolate_init = isolate_init::compiler_isolate_init(); let permissions = DenoPermissions { - allow_read: AtomicBool::new(true), - allow_write: AtomicBool::new(true), - allow_env: AtomicBool::new(false), - allow_net: AtomicBool::new(true), - allow_run: AtomicBool::new(false), + allow_read: PermissionAccessor::from(true), + allow_write: PermissionAccessor::from(true), + allow_net: PermissionAccessor::from(true), ..Default::default() }; let rid = cell.get_or_insert_with(|| { diff --git a/src/ops.rs b/src/ops.rs index da4a01863..495540b22 100644 --- a/src/ops.rs +++ b/src/ops.rs @@ -39,7 +39,6 @@ use std::net::Shutdown; use std::path::Path; use std::path::PathBuf; use std::process::Command; -use std::sync::atomic::Ordering; use std::sync::Arc; use std::time::{Duration, Instant, SystemTime, UNIX_EPOCH}; use tokio; @@ -373,19 +372,19 @@ fn op_fetch_module_meta_data( let referrer = inner.referrer().unwrap(); // Check for allow read since this operation could be used to read from the file system. - if !isolate.permissions.allow_read.load(Ordering::SeqCst) { + if !isolate.permissions.allows_read() { debug!("No read permission for fetch_module_meta_data"); return odd_future(permission_denied()); } // Check for allow write since this operation could be used to write to the file system. - if !isolate.permissions.allow_write.load(Ordering::SeqCst) { + if !isolate.permissions.allows_write() { debug!("No network permission for fetch_module_meta_data"); return odd_future(permission_denied()); } // Check for allow net since this operation could be used to make https/http requests. - if !isolate.permissions.allow_net.load(Ordering::SeqCst) { + if !isolate.permissions.allows_net() { debug!("No network permission for fetch_module_meta_data"); return odd_future(permission_denied()); } @@ -1887,18 +1886,16 @@ mod tests { use super::*; use crate::isolate::{Isolate, IsolateState}; use crate::isolate_init::IsolateInit; - use crate::permissions::DenoPermissions; - use std::sync::atomic::AtomicBool; + use crate::permissions::{DenoPermissions, PermissionAccessor}; #[test] fn fetch_module_meta_fails_without_read() { let state = IsolateState::mock(); let permissions = DenoPermissions { - allow_read: AtomicBool::new(false), - allow_write: AtomicBool::new(true), - allow_env: AtomicBool::new(true), - allow_net: AtomicBool::new(true), - allow_run: AtomicBool::new(true), + allow_write: PermissionAccessor::from(true), + allow_env: PermissionAccessor::from(true), + allow_net: PermissionAccessor::from(true), + allow_run: PermissionAccessor::from(true), ..Default::default() }; let isolate = Isolate::new( @@ -1940,11 +1937,10 @@ mod tests { fn fetch_module_meta_fails_without_write() { let state = IsolateState::mock(); let permissions = DenoPermissions { - allow_read: AtomicBool::new(true), - allow_write: AtomicBool::new(false), - allow_env: AtomicBool::new(true), - allow_net: AtomicBool::new(true), - allow_run: AtomicBool::new(true), + allow_read: PermissionAccessor::from(true), + allow_env: PermissionAccessor::from(true), + allow_net: PermissionAccessor::from(true), + allow_run: PermissionAccessor::from(true), ..Default::default() }; let isolate = Isolate::new( @@ -1986,11 +1982,10 @@ mod tests { fn fetch_module_meta_fails_without_net() { let state = IsolateState::mock(); let permissions = DenoPermissions { - allow_read: AtomicBool::new(true), - allow_write: AtomicBool::new(true), - allow_env: AtomicBool::new(true), - allow_net: AtomicBool::new(false), - allow_run: AtomicBool::new(true), + allow_read: PermissionAccessor::from(true), + allow_write: PermissionAccessor::from(true), + allow_env: PermissionAccessor::from(true), + allow_run: PermissionAccessor::from(true), ..Default::default() }; let isolate = Isolate::new( @@ -2032,11 +2027,9 @@ mod tests { fn fetch_module_meta_not_permission_denied_with_permissions() { let state = IsolateState::mock(); let permissions = DenoPermissions { - allow_read: AtomicBool::new(true), - allow_write: AtomicBool::new(true), - allow_env: AtomicBool::new(false), - allow_net: AtomicBool::new(true), - allow_run: AtomicBool::new(false), + allow_read: PermissionAccessor::from(true), + allow_write: PermissionAccessor::from(true), + allow_net: PermissionAccessor::from(true), ..Default::default() }; let isolate = Isolate::new( diff --git a/src/permissions.rs b/src/permissions.rs index 5f9588a1e..9093c14f0 100644 --- a/src/permissions.rs +++ b/src/permissions.rs @@ -6,179 +6,338 @@ use crate::flags::DenoFlags; use ansi_term::Style; use crate::errors::permission_denied; use crate::errors::DenoResult; +use std::fmt; use std::io; -use std::sync::atomic::{AtomicBool, Ordering}; +use std::sync::atomic::{AtomicBool, AtomicUsize, Ordering}; +use std::sync::Arc; + +/// Tri-state value for storing permission state +pub enum PermissionAccessorState { + Allow = 0, + Ask = 1, + Deny = 2, +} + +impl From<usize> for PermissionAccessorState { + fn from(val: usize) -> Self { + match val { + 0 => PermissionAccessorState::Allow, + 1 => PermissionAccessorState::Ask, + 2 => PermissionAccessorState::Deny, + _ => unreachable!(), + } + } +} + +impl From<bool> for PermissionAccessorState { + fn from(val: bool) -> Self { + match val { + true => PermissionAccessorState::Allow, + false => PermissionAccessorState::Ask, + } + } +} + +impl fmt::Display for PermissionAccessorState { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + PermissionAccessorState::Allow => f.pad("Allow"), + PermissionAccessorState::Ask => f.pad("Ask"), + PermissionAccessorState::Deny => f.pad("Deny"), + } + } +} + +#[derive(Debug)] +pub struct PermissionAccessor { + state: Arc<AtomicUsize>, +} + +impl PermissionAccessor { + pub fn new(state: PermissionAccessorState) -> Self { + Self { + state: Arc::new(AtomicUsize::new(state as usize)), + } + } + + pub fn is_allow(&self) -> bool { + match self.get_state() { + PermissionAccessorState::Allow => true, + _ => false, + } + } + + /// If the state is "Allow" walk it back to the default "Ask" + /// Don't do anything if state is "Deny" + pub fn revoke(&self) { + if self.is_allow() { + self.ask(); + } + } + + pub fn allow(&self) { + self.set_state(PermissionAccessorState::Allow) + } + + pub fn ask(&self) { + self.set_state(PermissionAccessorState::Ask) + } + + pub fn deny(&self) { + self.set_state(PermissionAccessorState::Deny) + } + + /// Update this accessors state based on a PromptResult value + /// This will only update the state if the PromptResult value + /// is one of the "Always" values + pub fn update_with_prompt_result(&self, prompt_result: &PromptResult) { + match prompt_result { + PromptResult::AllowAlways => self.allow(), + PromptResult::DenyAlways => self.deny(), + _ => {} + } + } + + #[inline] + pub fn get_state(&self) -> PermissionAccessorState { + self.state.load(Ordering::SeqCst).into() + } + fn set_state(&self, state: PermissionAccessorState) { + self.state.store(state as usize, Ordering::SeqCst) + } +} + +impl From<bool> for PermissionAccessor { + fn from(val: bool) -> Self { + Self::new(PermissionAccessorState::from(val)) + } +} + +impl Default for PermissionAccessor { + fn default() -> Self { + Self { + state: Arc::new(AtomicUsize::new(PermissionAccessorState::Ask as usize)), + } + } +} #[cfg_attr(feature = "cargo-clippy", allow(stutter))] #[derive(Debug, Default)] pub struct DenoPermissions { // Keep in sync with src/permissions.ts - pub allow_read: AtomicBool, - pub allow_write: AtomicBool, - pub allow_net: AtomicBool, - pub allow_env: AtomicBool, - pub allow_run: AtomicBool, + pub allow_read: PermissionAccessor, + pub allow_write: PermissionAccessor, + pub allow_net: PermissionAccessor, + pub allow_env: PermissionAccessor, + pub allow_run: PermissionAccessor, pub no_prompts: AtomicBool, } impl DenoPermissions { pub fn from_flags(flags: &DenoFlags) -> Self { Self { - allow_read: AtomicBool::new(flags.allow_read), - allow_write: AtomicBool::new(flags.allow_write), - allow_env: AtomicBool::new(flags.allow_env), - allow_net: AtomicBool::new(flags.allow_net), - allow_run: AtomicBool::new(flags.allow_run), + allow_read: PermissionAccessor::from(flags.allow_read), + allow_write: PermissionAccessor::from(flags.allow_write), + allow_env: PermissionAccessor::from(flags.allow_env), + allow_net: PermissionAccessor::from(flags.allow_net), + allow_run: PermissionAccessor::from(flags.allow_run), no_prompts: AtomicBool::new(flags.no_prompts), } } pub fn check_run(&self) -> DenoResult<()> { - if self.allow_run.load(Ordering::SeqCst) { - return Ok(()); - }; - // TODO get location (where access occurred) - let r = self.try_permissions_prompt("access to run a subprocess"); - if r.is_ok() { - self.allow_run.store(true, Ordering::SeqCst); + match self.allow_run.get_state() { + PermissionAccessorState::Allow => Ok(()), + PermissionAccessorState::Ask => { + match self.try_permissions_prompt("access to run a subprocess") { + Err(e) => Err(e), + Ok(v) => { + self.allow_run.update_with_prompt_result(&v); + v.check()?; + Ok(()) + } + } + } + PermissionAccessorState::Deny => Err(permission_denied()), } - r } pub fn check_read(&self, filename: &str) -> DenoResult<()> { - if self.allow_read.load(Ordering::SeqCst) { - return Ok(()); - }; - // TODO get location (where access occurred) - let r = - self.try_permissions_prompt(&format!("read access to \"{}\"", filename));; - if r.is_ok() { - self.allow_read.store(true, Ordering::SeqCst); + match self.allow_read.get_state() { + PermissionAccessorState::Allow => Ok(()), + PermissionAccessorState::Ask => match self + .try_permissions_prompt(&format!("read access to \"{}\"", filename)) + { + Err(e) => Err(e), + Ok(v) => { + self.allow_read.update_with_prompt_result(&v); + v.check()?; + Ok(()) + } + }, + PermissionAccessorState::Deny => Err(permission_denied()), } - r } pub fn check_write(&self, filename: &str) -> DenoResult<()> { - if self.allow_write.load(Ordering::SeqCst) { - return Ok(()); - }; - // TODO get location (where access occurred) - let r = - self.try_permissions_prompt(&format!("write access to \"{}\"", filename));; - if r.is_ok() { - self.allow_write.store(true, Ordering::SeqCst); + match self.allow_write.get_state() { + PermissionAccessorState::Allow => Ok(()), + PermissionAccessorState::Ask => match self + .try_permissions_prompt(&format!("write access to \"{}\"", filename)) + { + Err(e) => Err(e), + Ok(v) => { + self.allow_write.update_with_prompt_result(&v); + v.check()?; + Ok(()) + } + }, + PermissionAccessorState::Deny => Err(permission_denied()), } - r } pub fn check_net(&self, domain_name: &str) -> DenoResult<()> { - if self.allow_net.load(Ordering::SeqCst) { - return Ok(()); - }; - // TODO get location (where access occurred) - let r = self.try_permissions_prompt(&format!( - "network access to \"{}\"", - domain_name - )); - if r.is_ok() { - self.allow_net.store(true, Ordering::SeqCst); + match self.allow_net.get_state() { + PermissionAccessorState::Allow => Ok(()), + PermissionAccessorState::Ask => match self.try_permissions_prompt( + &format!("network access to \"{}\"", domain_name), + ) { + Err(e) => Err(e), + Ok(v) => { + self.allow_net.update_with_prompt_result(&v); + v.check()?; + Ok(()) + } + }, + PermissionAccessorState::Deny => Err(permission_denied()), } - r } pub fn check_env(&self) -> DenoResult<()> { - if self.allow_env.load(Ordering::SeqCst) { - return Ok(()); - }; - // TODO get location (where access occurred) - let r = self.try_permissions_prompt(&"access to environment variables"); - if r.is_ok() { - self.allow_env.store(true, Ordering::SeqCst); + match self.allow_env.get_state() { + PermissionAccessorState::Allow => Ok(()), + PermissionAccessorState::Ask => { + match self.try_permissions_prompt("access to environment variables") { + Err(e) => Err(e), + Ok(v) => { + self.allow_env.update_with_prompt_result(&v); + v.check()?; + Ok(()) + } + } + } + PermissionAccessorState::Deny => Err(permission_denied()), } - r } /// Try to present the user with a permission prompt /// will error with permission_denied if no_prompts is enabled - fn try_permissions_prompt(&self, message: &str) -> DenoResult<()> { + fn try_permissions_prompt(&self, message: &str) -> DenoResult<PromptResult> { if self.no_prompts.load(Ordering::SeqCst) { return Err(permission_denied()); } + if !atty::is(atty::Stream::Stdin) || !atty::is(atty::Stream::Stderr) { + return Err(permission_denied()); + }; permission_prompt(message) } pub fn allows_run(&self) -> bool { - return self.allow_run.load(Ordering::SeqCst); + return self.allow_run.is_allow(); } pub fn allows_read(&self) -> bool { - return self.allow_read.load(Ordering::SeqCst); + return self.allow_read.is_allow(); } pub fn allows_write(&self) -> bool { - return self.allow_write.load(Ordering::SeqCst); + return self.allow_write.is_allow(); } pub fn allows_net(&self) -> bool { - return self.allow_net.load(Ordering::SeqCst); + return self.allow_net.is_allow(); } pub fn allows_env(&self) -> bool { - return self.allow_env.load(Ordering::SeqCst); + return self.allow_env.is_allow(); } pub fn revoke_run(&self) -> DenoResult<()> { - self.allow_run.store(false, Ordering::SeqCst); + self.allow_run.revoke(); return Ok(()); } pub fn revoke_read(&self) -> DenoResult<()> { - self.allow_read.store(false, Ordering::SeqCst); + self.allow_read.revoke(); return Ok(()); } pub fn revoke_write(&self) -> DenoResult<()> { - self.allow_write.store(false, Ordering::SeqCst); + self.allow_write.revoke(); return Ok(()); } pub fn revoke_net(&self) -> DenoResult<()> { - self.allow_net.store(false, Ordering::SeqCst); + self.allow_net.revoke(); return Ok(()); } pub fn revoke_env(&self) -> DenoResult<()> { - self.allow_env.store(false, Ordering::SeqCst); + self.allow_env.revoke(); return Ok(()); } +} - pub fn default() -> Self { - Self { - allow_read: AtomicBool::new(false), - allow_write: AtomicBool::new(false), - allow_env: AtomicBool::new(false), - allow_net: AtomicBool::new(false), - allow_run: AtomicBool::new(false), - ..Default::default() +/// Quad-state value for representing user input on permission prompt +#[derive(Debug, Clone)] +pub enum PromptResult { + AllowAlways = 0, + AllowOnce = 1, + DenyOnce = 2, + DenyAlways = 3, +} + +impl PromptResult { + /// If value is any form of deny this will error with permission_denied + pub fn check(&self) -> DenoResult<()> { + match self { + PromptResult::DenyOnce => Err(permission_denied()), + PromptResult::DenyAlways => Err(permission_denied()), + _ => Ok(()), } } } -fn permission_prompt(message: &str) -> DenoResult<()> { - if !atty::is(atty::Stream::Stdin) || !atty::is(atty::Stream::Stderr) { - return Err(permission_denied()); - }; - let msg = format!("⚠️ Deno requests {}. Grant? [yN] ", message); +impl fmt::Display for PromptResult { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + PromptResult::AllowAlways => f.pad("AllowAlways"), + PromptResult::AllowOnce => f.pad("AllowOnce"), + PromptResult::DenyOnce => f.pad("DenyOnce"), + PromptResult::DenyAlways => f.pad("DenyAlways"), + } + } +} + +fn permission_prompt(message: &str) -> DenoResult<PromptResult> { + let msg = format!("⚠️ Deno requests {}. Grant? [a/y/n/d (a = allow always, y = allow once, n = deny once, d = deny always)] ", message); // print to stderr so that if deno is > to a file this is still displayed. eprint!("{}", Style::new().bold().paint(msg)); - let mut input = String::new(); - let stdin = io::stdin(); - let _nread = stdin.read_line(&mut input)?; - let ch = input.chars().next().unwrap(); - let is_yes = ch == 'y' || ch == 'Y'; - if is_yes { - Ok(()) - } else { - Err(permission_denied()) + loop { + let mut input = String::new(); + let stdin = io::stdin(); + let _nread = stdin.read_line(&mut input)?; + let ch = input.chars().next().unwrap(); + match ch.to_ascii_lowercase() { + 'a' => return Ok(PromptResult::AllowAlways), + 'y' => return Ok(PromptResult::AllowOnce), + 'n' => return Ok(PromptResult::DenyOnce), + 'd' => return Ok(PromptResult::DenyAlways), + _ => { + // If we don't get a recognized option try again. + let msg_again = format!("Unrecognized option '{}' [a/y/n/d (a = allow always, y = allow once, n = deny once, d = deny always)] ", ch); + eprint!("{}", Style::new().bold().paint(msg_again)); + } + }; } } |