diff options
Diffstat (limited to 'runtime/ops')
| -rw-r--r-- | runtime/ops/net.rs | 6 | ||||
| -rw-r--r-- | runtime/ops/permissions.rs | 38 | ||||
| -rw-r--r-- | runtime/ops/tls.rs | 6 |
3 files changed, 40 insertions, 10 deletions
diff --git a/runtime/ops/net.rs b/runtime/ops/net.rs index 1ff1e3511..a2df881e6 100644 --- a/runtime/ops/net.rs +++ b/runtime/ops/net.rs @@ -200,7 +200,7 @@ async fn op_datagram_send( { let s = state.borrow(); s.borrow::<Permissions>() - .check_net(&args.hostname, args.port)?; + .check_net(&(&args.hostname, Some(args.port)))?; } let addr = resolve_addr(&args.hostname, args.port) .await? @@ -268,7 +268,7 @@ async fn op_connect( let state_ = state.borrow(); state_ .borrow::<Permissions>() - .check_net(&args.hostname, args.port)?; + .check_net(&(&args.hostname, Some(args.port)))?; } let addr = resolve_addr(&args.hostname, args.port) .await? @@ -473,7 +473,7 @@ fn op_listen( if transport == "udp" { super::check_unstable(state, "Deno.listenDatagram"); } - permissions.check_net(&args.hostname, args.port)?; + permissions.check_net(&(&args.hostname, Some(args.port)))?; } let addr = resolve_addr_sync(&args.hostname, args.port)? .next() diff --git a/runtime/ops/permissions.rs b/runtime/ops/permissions.rs index 7474c0e37..98940dfc1 100644 --- a/runtime/ops/permissions.rs +++ b/runtime/ops/permissions.rs @@ -2,10 +2,12 @@ use crate::permissions::Permissions; use deno_core::error::custom_error; +use deno_core::error::uri_error; use deno_core::error::AnyError; use deno_core::serde_json; use deno_core::serde_json::json; use deno_core::serde_json::Value; +use deno_core::url; use deno_core::OpState; use deno_core::ZeroCopyBuf; use serde::Deserialize; @@ -20,8 +22,8 @@ pub fn init(rt: &mut deno_core::JsRuntime) { #[derive(Deserialize)] struct PermissionArgs { name: String, - url: Option<String>, path: Option<String>, + host: Option<String>, } pub fn op_query_permission( @@ -35,7 +37,13 @@ pub fn op_query_permission( let perm = match args.name.as_ref() { "read" => permissions.query_read(&path.as_deref().map(Path::new)), "write" => permissions.query_write(&path.as_deref().map(Path::new)), - "net" => permissions.query_net_url(&args.url.as_deref())?, + "net" => permissions.query_net( + &match args.host.as_deref() { + None => None, + Some(h) => Some(parse_host(h)?), + } + .as_ref(), + ), "env" => permissions.query_env(), "run" => permissions.query_run(), "plugin" => permissions.query_plugin(), @@ -61,7 +69,13 @@ pub fn op_revoke_permission( let perm = match args.name.as_ref() { "read" => permissions.revoke_read(&path.as_deref().map(Path::new)), "write" => permissions.revoke_write(&path.as_deref().map(Path::new)), - "net" => permissions.revoke_net(&args.url.as_deref())?, + "net" => permissions.revoke_net( + &match args.host.as_deref() { + None => None, + Some(h) => Some(parse_host(h)?), + } + .as_ref(), + ), "env" => permissions.revoke_env(), "run" => permissions.revoke_run(), "plugin" => permissions.revoke_plugin(), @@ -87,7 +101,13 @@ pub fn op_request_permission( let perm = match args.name.as_ref() { "read" => permissions.request_read(&path.as_deref().map(Path::new)), "write" => permissions.request_write(&path.as_deref().map(Path::new)), - "net" => permissions.request_net(&args.url.as_deref())?, + "net" => permissions.request_net( + &match args.host.as_deref() { + None => None, + Some(h) => Some(parse_host(h)?), + } + .as_ref(), + ), "env" => permissions.request_env(), "run" => permissions.request_run(), "plugin" => permissions.request_plugin(), @@ -101,3 +121,13 @@ pub fn op_request_permission( }; Ok(json!({ "state": perm.to_string() })) } + +fn parse_host(host_str: &str) -> Result<(String, Option<u16>), AnyError> { + let url = url::Url::parse(&format!("http://{}/", host_str)) + .map_err(|_| uri_error("Invalid host"))?; + if url.path() != "/" { + return Err(uri_error("Invalid host")); + } + let hostname = url.host_str().unwrap(); + Ok((hostname.to_string(), url.port())) +} diff --git a/runtime/ops/tls.rs b/runtime/ops/tls.rs index fb8b08f00..62c8fc441 100644 --- a/runtime/ops/tls.rs +++ b/runtime/ops/tls.rs @@ -83,7 +83,7 @@ async fn op_start_tls( super::check_unstable2(&state, "Deno.startTls"); let s = state.borrow(); let permissions = s.borrow::<Permissions>(); - permissions.check_net(&domain, 0)?; + permissions.check_net(&(&domain, Some(0)))?; if let Some(path) = cert_file.clone() { permissions.check_read(Path::new(&path))?; } @@ -147,7 +147,7 @@ async fn op_connect_tls( { let s = state.borrow(); let permissions = s.borrow::<Permissions>(); - permissions.check_net(&args.hostname, args.port)?; + permissions.check_net(&(&args.hostname, Some(args.port)))?; if let Some(path) = cert_file.clone() { permissions.check_read(Path::new(&path))?; } @@ -290,7 +290,7 @@ fn op_listen_tls( let key_file = args.key_file; { let permissions = state.borrow::<Permissions>(); - permissions.check_net(&args.hostname, args.port)?; + permissions.check_net(&(&args.hostname, Some(args.port)))?; permissions.check_read(Path::new(&cert_file))?; permissions.check_read(Path::new(&key_file))?; } |