diff options
| -rw-r--r-- | cli/global_state.rs | 6 | ||||
| -rw-r--r-- | cli/ops/worker_host.rs | 6 | ||||
| -rw-r--r-- | cli/permissions.rs | 51 | ||||
| -rw-r--r-- | cli/state.rs | 8 |
4 files changed, 39 insertions, 32 deletions
diff --git a/cli/global_state.rs b/cli/global_state.rs index cee105d4d..a682e8de2 100644 --- a/cli/global_state.rs +++ b/cli/global_state.rs @@ -10,7 +10,7 @@ use crate::flags; use crate::http_cache; use crate::lockfile::Lockfile; use crate::msg; -use crate::permissions::DenoPermissions; +use crate::permissions::Permissions; use deno_core::ErrBox; use deno_core::ModuleSpecifier; use std::env; @@ -31,7 +31,7 @@ pub struct GlobalStateInner { /// Flags parsed from `argv` contents. pub flags: flags::Flags, /// Permissions parsed from `flags`. - pub permissions: DenoPermissions, + pub permissions: Permissions, pub dir: deno_dir::DenoDir, pub file_fetcher: SourceFileFetcher, pub js_compiler: JsCompiler, @@ -81,7 +81,7 @@ impl GlobalState { let inner = GlobalStateInner { dir, - permissions: DenoPermissions::from_flags(&flags), + permissions: Permissions::from_flags(&flags), flags, file_fetcher, ts_compiler, diff --git a/cli/ops/worker_host.rs b/cli/ops/worker_host.rs index df8bfa7fd..ea8e3db56 100644 --- a/cli/ops/worker_host.rs +++ b/cli/ops/worker_host.rs @@ -4,7 +4,7 @@ use crate::fmt_errors::JSError; use crate::global_state::GlobalState; use crate::op_error::OpError; use crate::ops::io::get_stdio; -use crate::permissions::DenoPermissions; +use crate::permissions::Permissions; use crate::startup_data; use crate::state::State; use crate::tokio_util::create_basic_runtime; @@ -39,7 +39,7 @@ fn create_web_worker( worker_id: u32, name: String, global_state: GlobalState, - permissions: DenoPermissions, + permissions: Permissions, specifier: ModuleSpecifier, has_deno_namespace: bool, ) -> Result<WebWorker, ErrBox> { @@ -77,7 +77,7 @@ fn run_worker_thread( worker_id: u32, name: String, global_state: GlobalState, - permissions: DenoPermissions, + permissions: Permissions, specifier: ModuleSpecifier, has_deno_namespace: bool, maybe_source_code: Option<String>, diff --git a/cli/permissions.rs b/cli/permissions.rs index 2179ed33f..a56754f18 100644 --- a/cli/permissions.rs +++ b/cli/permissions.rs @@ -97,7 +97,7 @@ impl Default for PermissionState { } #[derive(Clone, Debug, Default)] -pub struct DenoPermissions { +pub struct Permissions { // Keep in sync with cli/js/permissions.ts pub allow_read: PermissionState, pub read_whitelist: HashSet<PathBuf>, @@ -111,8 +111,15 @@ pub struct DenoPermissions { pub allow_hrtime: PermissionState, } -impl DenoPermissions { +impl Permissions { pub fn from_flags(flags: &Flags) -> Self { + // assert each whitelist path is absolute, since the cwd may change. + for path in &flags.read_whitelist { + assert!(path.has_root()); + } + for path in &flags.write_whitelist { + assert!(path.has_root()); + } Self { allow_read: PermissionState::from(flags.allow_read), read_whitelist: flags.read_whitelist.iter().cloned().collect(), @@ -392,7 +399,7 @@ mod tests { PathBuf::from("/b/c"), ]; - let perms = DenoPermissions::from_flags(&Flags { + let perms = Permissions::from_flags(&Flags { read_whitelist: whitelist.clone(), write_whitelist: whitelist, ..Default::default() @@ -439,7 +446,7 @@ mod tests { #[test] fn test_check_net() { - let perms = DenoPermissions::from_flags(&Flags { + let perms = Permissions::from_flags(&Flags { net_whitelist: svec![ "localhost", "deno.land", @@ -523,13 +530,13 @@ mod tests { #[test] fn test_permissions_request_run() { let guard = PERMISSION_PROMPT_GUARD.lock().unwrap(); - let mut perms0 = DenoPermissions::from_flags(&Flags { + let mut perms0 = Permissions::from_flags(&Flags { ..Default::default() }); set_prompt_result(true); assert_eq!(perms0.request_run(), PermissionState::Allow); - let mut perms1 = DenoPermissions::from_flags(&Flags { + let mut perms1 = Permissions::from_flags(&Flags { ..Default::default() }); set_prompt_result(false); @@ -541,7 +548,7 @@ mod tests { fn test_permissions_request_read() { let guard = PERMISSION_PROMPT_GUARD.lock().unwrap(); let whitelist = vec![PathBuf::from("/foo/bar")]; - let mut perms0 = DenoPermissions::from_flags(&Flags { + let mut perms0 = Permissions::from_flags(&Flags { read_whitelist: whitelist.clone(), ..Default::default() }); @@ -553,7 +560,7 @@ mod tests { PermissionState::Allow ); - let mut perms1 = DenoPermissions::from_flags(&Flags { + let mut perms1 = Permissions::from_flags(&Flags { read_whitelist: whitelist.clone(), ..Default::default() }); @@ -563,7 +570,7 @@ mod tests { PermissionState::Allow ); - let mut perms2 = DenoPermissions::from_flags(&Flags { + let mut perms2 = Permissions::from_flags(&Flags { read_whitelist: whitelist, ..Default::default() }); @@ -579,7 +586,7 @@ mod tests { fn test_permissions_request_write() { let guard = PERMISSION_PROMPT_GUARD.lock().unwrap(); let whitelist = vec![PathBuf::from("/foo/bar")]; - let mut perms0 = DenoPermissions::from_flags(&Flags { + let mut perms0 = Permissions::from_flags(&Flags { write_whitelist: whitelist.clone(), ..Default::default() }); @@ -591,7 +598,7 @@ mod tests { PermissionState::Allow ); - let mut perms1 = DenoPermissions::from_flags(&Flags { + let mut perms1 = Permissions::from_flags(&Flags { write_whitelist: whitelist.clone(), ..Default::default() }); @@ -601,7 +608,7 @@ mod tests { PermissionState::Allow ); - let mut perms2 = DenoPermissions::from_flags(&Flags { + let mut perms2 = Permissions::from_flags(&Flags { write_whitelist: whitelist, ..Default::default() }); @@ -618,7 +625,7 @@ mod tests { let guard = PERMISSION_PROMPT_GUARD.lock().unwrap(); let whitelist = svec!["localhost:8080"]; - let mut perms0 = DenoPermissions::from_flags(&Flags { + let mut perms0 = Permissions::from_flags(&Flags { net_whitelist: whitelist.clone(), ..Default::default() }); @@ -632,7 +639,7 @@ mod tests { PermissionState::Allow ); - let mut perms1 = DenoPermissions::from_flags(&Flags { + let mut perms1 = Permissions::from_flags(&Flags { net_whitelist: whitelist.clone(), ..Default::default() }); @@ -644,7 +651,7 @@ mod tests { PermissionState::Allow ); - let mut perms2 = DenoPermissions::from_flags(&Flags { + let mut perms2 = Permissions::from_flags(&Flags { net_whitelist: whitelist.clone(), ..Default::default() }); @@ -656,7 +663,7 @@ mod tests { PermissionState::Deny ); - let mut perms3 = DenoPermissions::from_flags(&Flags { + let mut perms3 = Permissions::from_flags(&Flags { net_whitelist: whitelist, ..Default::default() }); @@ -668,13 +675,13 @@ mod tests { #[test] fn test_permissions_request_env() { let guard = PERMISSION_PROMPT_GUARD.lock().unwrap(); - let mut perms0 = DenoPermissions::from_flags(&Flags { + let mut perms0 = Permissions::from_flags(&Flags { ..Default::default() }); set_prompt_result(true); assert_eq!(perms0.request_env(), PermissionState::Allow); - let mut perms1 = DenoPermissions::from_flags(&Flags { + let mut perms1 = Permissions::from_flags(&Flags { ..Default::default() }); set_prompt_result(false); @@ -685,13 +692,13 @@ mod tests { #[test] fn test_permissions_request_plugin() { let guard = PERMISSION_PROMPT_GUARD.lock().unwrap(); - let mut perms0 = DenoPermissions::from_flags(&Flags { + let mut perms0 = Permissions::from_flags(&Flags { ..Default::default() }); set_prompt_result(true); assert_eq!(perms0.request_plugin(), PermissionState::Allow); - let mut perms1 = DenoPermissions::from_flags(&Flags { + let mut perms1 = Permissions::from_flags(&Flags { ..Default::default() }); set_prompt_result(false); @@ -702,13 +709,13 @@ mod tests { #[test] fn test_permissions_request_hrtime() { let guard = PERMISSION_PROMPT_GUARD.lock().unwrap(); - let mut perms0 = DenoPermissions::from_flags(&Flags { + let mut perms0 = Permissions::from_flags(&Flags { ..Default::default() }); set_prompt_result(true); assert_eq!(perms0.request_hrtime(), PermissionState::Allow); - let mut perms1 = DenoPermissions::from_flags(&Flags { + let mut perms1 = Permissions::from_flags(&Flags { ..Default::default() }); set_prompt_result(false); diff --git a/cli/state.rs b/cli/state.rs index 6cc915738..acf418189 100644 --- a/cli/state.rs +++ b/cli/state.rs @@ -7,7 +7,7 @@ use crate::metrics::Metrics; use crate::op_error::OpError; use crate::ops::JsonOp; use crate::ops::MinimalOp; -use crate::permissions::DenoPermissions; +use crate::permissions::Permissions; use crate::web_worker::WebWorkerHandle; use deno_core::Buf; use deno_core::ErrBox; @@ -53,7 +53,7 @@ impl Deref for State { #[cfg_attr(feature = "cargo-clippy", allow(stutter))] pub struct StateInner { pub global_state: GlobalState, - pub permissions: DenoPermissions, + pub permissions: Permissions, pub main_module: ModuleSpecifier, /// When flags contains a `.import_map_path` option, the content of the /// import map file will be resolved and set. @@ -355,7 +355,7 @@ impl State { /// If `shared_permission` is None then permissions from globa state are used. pub fn new( global_state: GlobalState, - shared_permissions: Option<DenoPermissions>, + shared_permissions: Option<Permissions>, main_module: ModuleSpecifier, debug_type: DebugType, ) -> Result<Self, ErrBox> { @@ -402,7 +402,7 @@ impl State { /// If `shared_permission` is None then permissions from globa state are used. pub fn new_for_worker( global_state: GlobalState, - shared_permissions: Option<DenoPermissions>, + shared_permissions: Option<Permissions>, main_module: ModuleSpecifier, ) -> Result<Self, ErrBox> { let seeded_rng = match global_state.flags.seed { |