diff options
Diffstat (limited to 'cli')
| -rw-r--r-- | cli/main.rs | 4 | ||||
| -rw-r--r-- | cli/msg.fbs | 1 | ||||
| -rw-r--r-- | cli/ops.rs | 8 | ||||
| -rw-r--r-- | cli/state.rs | 5 | ||||
| -rw-r--r-- | cli/worker.rs | 4 |
5 files changed, 19 insertions, 3 deletions
diff --git a/cli/main.rs b/cli/main.rs index d8d834e8f..ff757ed36 100644 --- a/cli/main.rs +++ b/cli/main.rs @@ -196,8 +196,10 @@ fn create_worker_and_state( s.status(status, msg).expect("shell problem"); } }); + // TODO(kevinkassimo): maybe make include_deno_namespace also configurable? let state = - ThreadSafeState::new(flags, argv, ops::op_selector_std, progress).unwrap(); + ThreadSafeState::new(flags, argv, ops::op_selector_std, progress, true) + .unwrap(); let worker = Worker::new( "main".to_string(), startup_data::deno_isolate_init(), diff --git a/cli/msg.fbs b/cli/msg.fbs index 014bfb7e9..8f6497afc 100644 --- a/cli/msg.fbs +++ b/cli/msg.fbs @@ -204,6 +204,7 @@ table FormatErrorRes { // Create worker as host table CreateWorker { specifier: string; + include_deno_namespace: bool; } table CreateWorkerRes { diff --git a/cli/ops.rs b/cli/ops.rs index 0e90e19c4..06c4eae99 100644 --- a/cli/ops.rs +++ b/cli/ops.rs @@ -2069,6 +2069,10 @@ fn op_create_worker( let cmd_id = base.cmd_id(); let inner = base.inner_as_create_worker().unwrap(); let specifier = inner.specifier().unwrap(); + // Only include deno namespace if requested AND current worker + // has included namespace (to avoid escalation). + let include_deno_namespace = + inner.include_deno_namespace() && state.include_deno_namespace; let parent_state = state.clone(); @@ -2077,13 +2081,15 @@ fn op_create_worker( parent_state.argv.clone(), op_selector_std, parent_state.progress.clone(), + include_deno_namespace, )?; let rid = child_state.resource.rid; let name = format!("USER-WORKER-{}", specifier); + let deno_main_call = format!("denoMain({})", include_deno_namespace); let mut worker = Worker::new(name, startup_data::deno_isolate_init(), child_state); - worker.execute("denoMain()").unwrap(); + worker.execute(&deno_main_call).unwrap(); worker.execute("workerMain()").unwrap(); let module_specifier = ModuleSpecifier::resolve_url_or_path(specifier)?; diff --git a/cli/state.rs b/cli/state.rs index 139584394..f4e3d9c84 100644 --- a/cli/state.rs +++ b/cli/state.rs @@ -84,6 +84,8 @@ pub struct State { pub js_compiler: JsCompiler, pub json_compiler: JsonCompiler, pub ts_compiler: TsCompiler, + + pub include_deno_namespace: bool, } impl Clone for ThreadSafeState { @@ -151,6 +153,7 @@ impl ThreadSafeState { argv_rest: Vec<String>, dispatch_selector: ops::OpSelector, progress: Progress, + include_deno_namespace: bool, ) -> Result<Self, ErrBox> { let custom_root = env::var("DENO_DIR").map(String::into).ok(); @@ -223,6 +226,7 @@ impl ThreadSafeState { ts_compiler, js_compiler: JsCompiler {}, json_compiler: JsonCompiler {}, + include_deno_namespace, }; Ok(ThreadSafeState(Arc::new(state))) @@ -302,6 +306,7 @@ impl ThreadSafeState { argv, ops::op_selector_std, Progress::new(), + true, ) .unwrap() } diff --git a/cli/worker.rs b/cli/worker.rs index befc69f85..f18062836 100644 --- a/cli/worker.rs +++ b/cli/worker.rs @@ -126,6 +126,7 @@ mod tests { argv, op_selector_std, Progress::new(), + true, ) .unwrap(); let state_ = state.clone(); @@ -155,6 +156,7 @@ mod tests { argv, op_selector_std, Progress::new(), + true, ) .unwrap(); let state_ = state.clone(); @@ -182,7 +184,7 @@ mod tests { let mut flags = flags::DenoFlags::default(); flags.reload = true; let state = - ThreadSafeState::new(flags, argv, op_selector_std, Progress::new()) + ThreadSafeState::new(flags, argv, op_selector_std, Progress::new(), true) .unwrap(); let state_ = state.clone(); tokio_util::run(lazy(move || { |