diff options
Diffstat (limited to 'cli/tests')
| -rw-r--r-- | cli/tests/integration/worker_tests.rs | 2 | ||||
| -rw-r--r-- | cli/tests/testdata/test/allow_all.ts | 2 | ||||
| -rw-r--r-- | cli/tests/testdata/workers/no_permissions_worker.js | 12 | ||||
| -rw-r--r-- | cli/tests/testdata/workers/parent_read_check_granular_worker.js | 41 | ||||
| -rw-r--r-- | cli/tests/testdata/workers/parent_read_check_worker.js | 39 | ||||
| -rw-r--r-- | cli/tests/testdata/workers/read_check_granular_worker.js | 40 | ||||
| -rw-r--r-- | cli/tests/testdata/workers/test.ts | 235 |
7 files changed, 155 insertions, 216 deletions
diff --git a/cli/tests/integration/worker_tests.rs b/cli/tests/integration/worker_tests.rs index bf1057821..c17b63af9 100644 --- a/cli/tests/integration/worker_tests.rs +++ b/cli/tests/integration/worker_tests.rs @@ -3,7 +3,7 @@ use crate::itest; itest!(workers { - args: "test --reload --location http://127.0.0.1:4545/ --allow-net --allow-read --unstable workers/test.ts", + args: "test --reload --location http://127.0.0.1:4545/ -A --unstable workers/test.ts", output: "workers/test.ts.out", http_server: true, }); diff --git a/cli/tests/testdata/test/allow_all.ts b/cli/tests/testdata/test/allow_all.ts index abe55a8d5..e70ac46b0 100644 --- a/cli/tests/testdata/test/allow_all.ts +++ b/cli/tests/testdata/test/allow_all.ts @@ -18,7 +18,7 @@ for (const name of permissions) { }, async fn() { const status = await Deno.permissions.query({ name }); - assertEquals(status.state, "denied"); + assertEquals(status.state, "prompt"); }, }); diff --git a/cli/tests/testdata/workers/no_permissions_worker.js b/cli/tests/testdata/workers/no_permissions_worker.js index db0d911ac..f49f690ab 100644 --- a/cli/tests/testdata/workers/no_permissions_worker.js +++ b/cli/tests/testdata/workers/no_permissions_worker.js @@ -6,12 +6,12 @@ self.onmessage = async () => { const run = await Deno.permissions.query({ name: "run" }); const write = await Deno.permissions.query({ name: "write" }); self.postMessage( - hrtime.state === "denied" && - net.state === "denied" && - ffi.state === "denied" && - read.state === "denied" && - run.state === "denied" && - write.state === "denied", + hrtime.state === "prompt" && + net.state === "prompt" && + ffi.state === "prompt" && + read.state === "prompt" && + run.state === "prompt" && + write.state === "prompt", ); self.close(); }; diff --git a/cli/tests/testdata/workers/parent_read_check_granular_worker.js b/cli/tests/testdata/workers/parent_read_check_granular_worker.js deleted file mode 100644 index 1391190cd..000000000 --- a/cli/tests/testdata/workers/parent_read_check_granular_worker.js +++ /dev/null @@ -1,41 +0,0 @@ -const worker = new Worker( - new URL("./read_check_granular_worker.js", import.meta.url).href, - { - type: "module", - deno: { - namespace: true, - permissions: { - read: [], - }, - }, - }, -); - -let received = 0; -const messages = []; - -worker.onmessage = ({ data: childResponse }) => { - received++; - postMessage({ - childHasPermission: childResponse.hasPermission, - index: childResponse.index, - parentHasPermission: messages[childResponse.index], - }); - if (received === messages.length) { - worker.terminate(); - } -}; - -onmessage = async ({ data }) => { - const { state } = await Deno.permissions.query({ - name: "read", - path: data.path, - }); - - messages[data.index] = state === "granted"; - - worker.postMessage({ - index: data.index, - route: data.route, - }); -}; diff --git a/cli/tests/testdata/workers/parent_read_check_worker.js b/cli/tests/testdata/workers/parent_read_check_worker.js index ec92cca3f..87ea6bded 100644 --- a/cli/tests/testdata/workers/parent_read_check_worker.js +++ b/cli/tests/testdata/workers/parent_read_check_worker.js @@ -1,27 +1,18 @@ -onmessage = async () => { - const { state } = await Deno.permissions.query({ - name: "read", - }); - - const worker = new Worker( - new URL("./read_check_worker.js", import.meta.url).href, - { - type: "module", - deno: { - namespace: true, - permissions: { - read: false, - }, - }, +const worker = new Worker( + new URL("./read_check_granular_worker.js", import.meta.url).href, + { + type: "module", + deno: { + namespace: true, + permissions: "none", }, - ); + }, +); + +onmessage = ({ data }) => { + worker.postMessage(data); +}; - worker.onmessage = ({ data: childHasPermission }) => { - postMessage({ - parentHasPermission: state === "granted", - childHasPermission, - }); - close(); - }; - worker.postMessage(null); +worker.onmessage = ({ data }) => { + postMessage(data); }; diff --git a/cli/tests/testdata/workers/read_check_granular_worker.js b/cli/tests/testdata/workers/read_check_granular_worker.js index 25f2058b3..d40fac876 100644 --- a/cli/tests/testdata/workers/read_check_granular_worker.js +++ b/cli/tests/testdata/workers/read_check_granular_worker.js @@ -1,11 +1,29 @@ -onmessage = async ({ data }) => { - const { state } = await Deno.permissions.query({ - name: "read", - path: data.path, - }); - - postMessage({ - hasPermission: state === "granted", - index: data.index, - }); -}; +// deno-fmt-ignore-file +postMessage({ + envGlobal: (await Deno.permissions.query({ name: "env" })).state, + envFoo: (await Deno.permissions.query({ name: "env", variable: "foo" })).state, + envAbsent: (await Deno.permissions.query({ name: "env", variable: "absent" })).state, + hrtime: (await Deno.permissions.query({ name: "hrtime" })).state, + netGlobal: (await Deno.permissions.query({ name: "net" })).state, + netFoo: (await Deno.permissions.query({ name: "net", host: "foo" })).state, + netFoo8000: (await Deno.permissions.query({ name: "net", host: "foo:8000" })).state, + netBar: (await Deno.permissions.query({ name: "net", host: "bar" })).state, + netBar8000: (await Deno.permissions.query({ name: "net", host: "bar:8000" })).state, + ffiGlobal: (await Deno.permissions.query({ name: "ffi" })).state, + ffiFoo: (await Deno.permissions.query({ name: "ffi", path: new URL("foo", import.meta.url) })).state, + ffiBar: (await Deno.permissions.query({ name: "ffi", path: "bar" })).state, + ffiAbsent: (await Deno.permissions.query({ name: "ffi", path: "absent" })).state, + readGlobal: (await Deno.permissions.query({ name: "read" })).state, + readFoo: (await Deno.permissions.query({ name: "read", path: new URL("foo", import.meta.url) })).state, + readBar: (await Deno.permissions.query({ name: "read", path: "bar" })).state, + readAbsent: (await Deno.permissions.query({ name: "read", path: "absent" })).state, + runGlobal: (await Deno.permissions.query({ name: "run" })).state, + runFoo: (await Deno.permissions.query({ name: "run", command: new URL("foo", import.meta.url) })).state, + runBar: (await Deno.permissions.query({ name: "run", command: "bar" })).state, + runBaz: (await Deno.permissions.query({ name: "run", command: "./baz" })).state, + runAbsent: (await Deno.permissions.query({ name: "run", command: "absent" })).state, + writeGlobal: (await Deno.permissions.query({ name: "write" })).state, + writeFoo: (await Deno.permissions.query({ name: "write", path: new URL("foo", import.meta.url) })).state, + writeBar: (await Deno.permissions.query({ name: "write", path: "bar" })).state, + writeAbsent: (await Deno.permissions.query({ name: "write", path: "absent" })).state, +}); diff --git a/cli/tests/testdata/workers/test.ts b/cli/tests/testdata/workers/test.ts index effd104f5..4a6575863 100644 --- a/cli/tests/testdata/workers/test.ts +++ b/cli/tests/testdata/workers/test.ts @@ -8,7 +8,6 @@ import { assertThrows, } from "../../../../test_util/std/testing/asserts.ts"; import { deferred } from "../../../../test_util/std/async/deferred.ts"; -import { fromFileUrl } from "../../../../test_util/std/path/mod.ts"; Deno.test({ name: "worker terminate", @@ -454,7 +453,6 @@ Deno.test("Worker limit children permissions", async function () { }); Deno.test("Worker limit children permissions granularly", async function () { - const promise = deferred(); const worker = new Worker( new URL("./read_check_granular_worker.js", import.meta.url).href, { @@ -462,53 +460,52 @@ Deno.test("Worker limit children permissions granularly", async function () { deno: { namespace: true, permissions: { - read: [ - new URL("./read_check_worker.js", import.meta.url), - ], + env: ["foo"], + hrtime: true, + net: ["foo", "bar:8000"], + ffi: [new URL("foo", import.meta.url), "bar"], + read: [new URL("foo", import.meta.url), "bar"], + run: [new URL("foo", import.meta.url), "bar", "./baz"], + write: [new URL("foo", import.meta.url), "bar"], }, }, }, ); - - //Routes are relative to the spawned worker location - const routes = [ - { - permission: false, - path: fromFileUrl( - new URL("read_check_granular_worker.js", import.meta.url), - ), - }, - { - permission: true, - path: fromFileUrl(new URL("read_check_worker.js", import.meta.url)), - }, - ]; - - let checked = 0; - worker.onmessage = ({ data }) => { - checked++; - assertEquals(data.hasPermission, routes[data.index].permission); - routes.shift(); - if (checked === routes.length) { - promise.resolve(); - } - }; - - routes.forEach(({ path }, index) => - worker.postMessage({ - index, - path, - }) - ); - - await promise; + const promise = deferred(); + worker.onmessage = ({ data }) => promise.resolve(data); + assertEquals(await promise, { + envGlobal: "prompt", + envFoo: "granted", + envAbsent: "prompt", + hrtime: "granted", + netGlobal: "prompt", + netFoo: "granted", + netFoo8000: "granted", + netBar: "prompt", + netBar8000: "granted", + ffiGlobal: "prompt", + ffiFoo: "granted", + ffiBar: "granted", + ffiAbsent: "prompt", + readGlobal: "prompt", + readFoo: "granted", + readBar: "granted", + readAbsent: "prompt", + runGlobal: "prompt", + runFoo: "granted", + runBar: "granted", + runBaz: "granted", + runAbsent: "prompt", + writeGlobal: "prompt", + writeFoo: "granted", + writeBar: "granted", + writeAbsent: "prompt", + }); worker.terminate(); }); Deno.test("Nested worker limit children permissions", async function () { - const promise = deferred(); - - /** This worker has read permissions but doesn't grant them to its children */ + /** This worker has permissions but doesn't grant them to its children */ const worker = new Worker( new URL("./parent_read_check_worker.js", import.meta.url).href, { @@ -519,104 +516,65 @@ Deno.test("Nested worker limit children permissions", async function () { }, }, ); - - worker.onmessage = ({ data }) => { - assert(data.parentHasPermission); - assert(!data.childHasPermission); - promise.resolve(); - }; - - worker.postMessage(null); - - await promise; - worker.terminate(); -}); - -Deno.test("Nested worker limit children permissions granularly", async function () { const promise = deferred(); - - /** This worker has read permissions but doesn't grant them to its children */ - const worker = new Worker( - new URL("./parent_read_check_granular_worker.js", import.meta.url) - .href, - { - type: "module", - deno: { - namespace: true, - permissions: { - read: [ - new URL("./read_check_granular_worker.js", import.meta.url), - ], - }, - }, - }, - ); - - //Routes are relative to the spawned worker location - const routes = [ - { - childHasPermission: false, - parentHasPermission: true, - path: fromFileUrl( - new URL("read_check_granular_worker.js", import.meta.url), - ), - }, - { - childHasPermission: false, - parentHasPermission: false, - path: fromFileUrl(new URL("read_check_worker.js", import.meta.url)), - }, - ]; - - let checked = 0; - worker.onmessage = ({ data }) => { - checked++; - assertEquals( - data.childHasPermission, - routes[data.index].childHasPermission, - ); - assertEquals( - data.parentHasPermission, - routes[data.index].parentHasPermission, - ); - if (checked === routes.length) { - promise.resolve(); - } - }; - - // Index needed cause requests will be handled asynchronously - routes.forEach(({ path }, index) => - worker.postMessage({ - index, - path, - }) - ); - - await promise; + worker.onmessage = ({ data }) => promise.resolve(data); + assertEquals(await promise, { + envGlobal: "prompt", + envFoo: "prompt", + envAbsent: "prompt", + hrtime: "prompt", + netGlobal: "prompt", + netFoo: "prompt", + netFoo8000: "prompt", + netBar: "prompt", + netBar8000: "prompt", + ffiGlobal: "prompt", + ffiFoo: "prompt", + ffiBar: "prompt", + ffiAbsent: "prompt", + readGlobal: "prompt", + readFoo: "prompt", + readBar: "prompt", + readAbsent: "prompt", + runGlobal: "prompt", + runFoo: "prompt", + runBar: "prompt", + runBaz: "prompt", + runAbsent: "prompt", + writeGlobal: "prompt", + writeFoo: "prompt", + writeBar: "prompt", + writeAbsent: "prompt", + }); worker.terminate(); }); // This test relies on env permissions not being granted on main thread -Deno.test("Worker initialization throws on worker permissions greater than parent thread permissions", function () { - assertThrows( - () => { - const worker = new Worker( - new URL("./deno_worker.ts", import.meta.url).href, - { - type: "module", - deno: { - namespace: true, - permissions: { - env: true, +Deno.test({ + name: + "Worker initialization throws on worker permissions greater than parent thread permissions", + permissions: { env: false }, + fn: function () { + assertThrows( + () => { + const worker = new Worker( + new URL("./deno_worker.ts", import.meta.url).href, + { + type: "module", + deno: { + namespace: true, + permissions: { + env: true, + }, }, }, - }, - ); - worker.terminate(); - }, - Deno.errors.PermissionDenied, - "Can't escalate parent thread permissions", - ); + ); + worker.terminate(); + }, + Deno.errors.PermissionDenied, + "Can't escalate parent thread permissions", + ); + }, }); Deno.test("Worker with disabled permissions", async function () { @@ -643,6 +601,19 @@ Deno.test("Worker with disabled permissions", async function () { worker.terminate(); }); +Deno.test("Worker with invalid permission arg", function () { + assertThrows( + () => + new Worker(`data:,close();`, { + type: "module", + // @ts-expect-error invalid env value + deno: { permissions: { env: "foo" } }, + }), + TypeError, + 'Error parsing args: (deno.permissions.env) invalid value: string "foo", expected "inherit" or boolean or string[]', + ); +}); + Deno.test({ name: "worker location", fn: async function () { |