diff options
Diffstat (limited to 'runtime')
| -rw-r--r-- | runtime/build.rs | 5 | ||||
| -rw-r--r-- | runtime/js/10_permissions.js (renamed from runtime/js/40_permissions.js) | 34 | ||||
| -rw-r--r-- | runtime/js/11_workers.js | 144 | ||||
| -rw-r--r-- | runtime/js/40_testing.js | 6 | ||||
| -rw-r--r-- | runtime/ops/permissions.rs | 7 | ||||
| -rw-r--r-- | runtime/ops/worker_host.rs | 391 | ||||
| -rw-r--r-- | runtime/permissions.rs | 1029 |
7 files changed, 1025 insertions, 591 deletions
diff --git a/runtime/build.rs b/runtime/build.rs index 920aafc9f..b1d4fa8cb 100644 --- a/runtime/build.rs +++ b/runtime/build.rs @@ -83,7 +83,10 @@ mod not_docs { } impl deno_ffi::FfiPermissions for Permissions { - fn check(&mut self, _path: &str) -> Result<(), deno_core::error::AnyError> { + fn check( + &mut self, + _path: &Path, + ) -> Result<(), deno_core::error::AnyError> { unreachable!("snapshotting!") } } diff --git a/runtime/js/40_permissions.js b/runtime/js/10_permissions.js index 147ae92f0..a6884aab9 100644 --- a/runtime/js/40_permissions.js +++ b/runtime/js/10_permissions.js @@ -10,7 +10,10 @@ } = window; const { pathFromURL } = window.__bootstrap.util; const { + ArrayIsArray, ArrayPrototypeIncludes, + ArrayPrototypeMap, + ArrayPrototypeSlice, Map, MapPrototypeGet, MapPrototypeHas, @@ -162,7 +165,9 @@ ); } - if (desc.name === "read" || desc.name === "write") { + if ( + desc.name === "read" || desc.name === "write" || desc.name === "ffi" + ) { desc.path = pathFromURL(desc.path); } else if (desc.name === "run") { desc.command = pathFromURL(desc.command); @@ -213,7 +218,34 @@ const permissions = new Permissions(illegalConstructorKey); + /** Converts all file URLs in FS allowlists to paths. */ + function serializePermissions(permissions) { + if (typeof permissions == "object" && permissions != null) { + const serializedPermissions = {}; + for (const key of ["read", "write", "run", "ffi"]) { + if (ArrayIsArray(permissions[key])) { + serializedPermissions[key] = ArrayPrototypeMap( + permissions[key], + (path) => pathFromURL(path), + ); + } else { + serializedPermissions[key] = permissions[key]; + } + } + for (const key of ["env", "hrtime", "net"]) { + if (ArrayIsArray(permissions[key])) { + serializedPermissions[key] = ArrayPrototypeSlice(permissions[key]); + } else { + serializedPermissions[key] = permissions[key]; + } + } + return serializedPermissions; + } + return permissions; + } + window.__bootstrap.permissions = { + serializePermissions, permissions, Permissions, PermissionStatus, diff --git a/runtime/js/11_workers.js b/runtime/js/11_workers.js index 53b256334..8f0095056 100644 --- a/runtime/js/11_workers.js +++ b/runtime/js/11_workers.js @@ -4,8 +4,6 @@ ((window) => { const core = window.Deno.core; const { - ArrayIsArray, - ArrayPrototypeMap, Error, StringPrototypeStartsWith, String, @@ -15,7 +13,8 @@ const webidl = window.__bootstrap.webidl; const { URL } = window.__bootstrap.url; const { getLocationHref } = window.__bootstrap.location; - const { log, pathFromURL } = window.__bootstrap.util; + const { serializePermissions } = window.__bootstrap.permissions; + const { log } = window.__bootstrap.util; const { defineEventHandler } = window.__bootstrap.event; const { deserializeJsMessageData, serializeJsMessageData } = window.__bootstrap.messagePort; @@ -32,7 +31,7 @@ return core.opSync("op_create_worker", { hasSourceCode, name, - permissions, + permissions: serializePermissions(permissions), sourceCode, specifier, useDenoNamespace, @@ -56,87 +55,6 @@ return core.opAsync("op_host_recv_message", id); } - /** - * @param {"inherit" | boolean} value - * @param {string} permission - * @return {boolean} - */ - function parseUnitPermission( - value, - permission, - ) { - if (value !== "inherit" && typeof value !== "boolean") { - throw new Error( - `Expected 'boolean' for ${permission} permission, ${typeof value} received`, - ); - } - return value === "inherit" ? undefined : value; - } - - /** - * @param {string} permission - * @return {(boolean | string[])} - */ - function parseArrayPermission( - value, - permission, - ) { - if (typeof value === "string") { - if (value !== "inherit") { - throw new Error( - `Expected 'array' or 'boolean' for ${permission} permission, "${value}" received`, - ); - } - } else if (!ArrayIsArray(value) && typeof value !== "boolean") { - throw new Error( - `Expected 'array' or 'boolean' for ${permission} permission, ${typeof value} received`, - ); - //Casts URLs to absolute routes - } else if (ArrayIsArray(value)) { - value = ArrayPrototypeMap(value, (route) => { - if (route instanceof URL) { - if (permission === "net") { - throw new Error( - `Expected 'string' for net permission, received 'URL'`, - ); - } else if (permission === "env") { - throw new Error( - `Expected 'string' for env permission, received 'URL'`, - ); - } else { - route = pathFromURL(route); - } - } - return route; - }); - } - - return value === "inherit" ? undefined : value; - } - - /** - * Normalizes data, runs checks on parameters and deletes inherited permissions - */ - function parsePermissions({ - env = "inherit", - hrtime = "inherit", - net = "inherit", - ffi = "inherit", - read = "inherit", - run = "inherit", - write = "inherit", - }) { - return { - env: parseArrayPermission(env, "env"), - hrtime: parseUnitPermission(hrtime, "hrtime"), - net: parseArrayPermission(net, "net"), - ffi: parseUnitPermission(ffi, "ffi"), - read: parseArrayPermission(read, "read"), - run: parseUnitPermission(run, "run"), - write: parseArrayPermission(write, "write"), - }; - } - class Worker extends EventTarget { #id = 0; #name = ""; @@ -152,43 +70,23 @@ super(); specifier = String(specifier); const { - deno = {}, - name = "unknown", + deno, + name, type = "classic", } = options; - // TODO(Soremwar) - // `deno: boolean` is kept for backwards compatibility with the previous - // worker options implementation. Remove for 2.0 - let workerDenoAttributes; - if (typeof deno == "boolean") { - workerDenoAttributes = { - // Change this to enable the Deno namespace by default - namespace: deno, - permissions: null, - }; + let namespace; + let permissions; + if (typeof deno == "object") { + namespace = deno.namespace ?? false; + permissions = deno.permissions ?? undefined; } else { - workerDenoAttributes = { - // Change this to enable the Deno namespace by default - namespace: !!(deno?.namespace ?? false), - permissions: (deno?.permissions ?? "inherit") === "inherit" - ? null - : deno?.permissions, - }; - - // If the permission option is set to "none", all permissions - // must be removed from the worker - if (workerDenoAttributes.permissions === "none") { - workerDenoAttributes.permissions = { - env: false, - hrtime: false, - net: false, - ffi: false, - read: false, - run: false, - write: false, - }; - } + // Assume `deno: boolean | undefined`. + // TODO(Soremwar) + // `deno: boolean` is kept for backwards compatibility with the previous + // worker options implementation. Remove for 2.0 + namespace = !!deno; + permissions = undefined; } const workerType = webidl.converters["WorkerType"](type); @@ -218,17 +116,16 @@ specifier, hasSourceCode, sourceCode, - workerDenoAttributes.namespace, - workerDenoAttributes.permissions === null - ? null - : parsePermissions(workerDenoAttributes.permissions), - options?.name, + namespace, + permissions, + name, workerType, ); this.#id = id; this.#pollControl(); this.#pollMessages(); } + #handleError(e) { const event = new ErrorEvent("error", { cancelable: true, @@ -359,7 +256,6 @@ ]); window.__bootstrap.worker = { - parsePermissions, Worker, }; })(this); diff --git a/runtime/js/40_testing.js b/runtime/js/40_testing.js index 5b404766e..b4f7c847c 100644 --- a/runtime/js/40_testing.js +++ b/runtime/js/40_testing.js @@ -3,10 +3,10 @@ ((window) => { const core = window.Deno.core; - const { parsePermissions } = window.__bootstrap.worker; const { setExitHandler } = window.__bootstrap.os; const { Console, inspectArgs } = window.__bootstrap.console; const { metrics } = core; + const { serializePermissions } = window.__bootstrap.permissions; const { assert } = window.__bootstrap.util; const { ArrayPrototypeFilter, @@ -230,7 +230,7 @@ finishing test case.`; function pledgePermissions(permissions) { return core.opSync( "op_pledge_test_permissions", - parsePermissions(permissions), + serializePermissions(permissions), ); } @@ -289,7 +289,7 @@ finishing test case.`; if (testDef.permissions) { testDef.fn = withPermissions( testDef.fn, - parsePermissions(testDef.permissions), + testDef.permissions, ); } diff --git a/runtime/ops/permissions.rs b/runtime/ops/permissions.rs index d9f341633..05f4b75d7 100644 --- a/runtime/ops/permissions.rs +++ b/runtime/ops/permissions.rs @@ -28,7 +28,6 @@ pub struct PermissionArgs { host: Option<String>, variable: Option<String>, command: Option<String>, - library: Option<String>, } pub fn op_query_permission( @@ -50,7 +49,7 @@ pub fn op_query_permission( ), "env" => permissions.env.query(args.variable.as_deref()), "run" => permissions.run.query(args.command.as_deref()), - "ffi" => permissions.ffi.query(args.library.as_deref()), + "ffi" => permissions.ffi.query(args.path.as_deref().map(Path::new)), "hrtime" => permissions.hrtime.query(), n => { return Err(custom_error( @@ -81,7 +80,7 @@ pub fn op_revoke_permission( ), "env" => permissions.env.revoke(args.variable.as_deref()), "run" => permissions.run.revoke(args.command.as_deref()), - "ffi" => permissions.ffi.revoke(args.library.as_deref()), + "ffi" => permissions.ffi.revoke(args.path.as_deref().map(Path::new)), "hrtime" => permissions.hrtime.revoke(), n => { return Err(custom_error( @@ -112,7 +111,7 @@ pub fn op_request_permission( ), "env" => permissions.env.request(args.variable.as_deref()), "run" => permissions.run.request(args.command.as_deref()), - "ffi" => permissions.ffi.request(args.library.as_deref()), + "ffi" => permissions.ffi.request(args.path.as_deref().map(Path::new)), "hrtime" => permissions.hrtime.request(), n => { return Err(custom_error( diff --git a/runtime/ops/worker_host.rs b/runtime/ops/worker_host.rs index c1ce782da..e9eb380e0 100644 --- a/runtime/ops/worker_host.rs +++ b/runtime/ops/worker_host.rs @@ -1,18 +1,9 @@ // Copyright 2018-2021 the Deno authors. All rights reserved. MIT license. use crate::ops::TestingFeaturesEnabled; -use crate::permissions::resolve_read_allowlist; -use crate::permissions::resolve_write_allowlist; -use crate::permissions::EnvDescriptor; -use crate::permissions::FfiDescriptor; -use crate::permissions::NetDescriptor; -use crate::permissions::PermissionState; +use crate::permissions::create_child_permissions; +use crate::permissions::ChildPermissionsArg; use crate::permissions::Permissions; -use crate::permissions::ReadDescriptor; -use crate::permissions::RunDescriptor; -use crate::permissions::UnaryPermission; -use crate::permissions::UnitPermission; -use crate::permissions::WriteDescriptor; use crate::web_worker::run_web_worker; use crate::web_worker::SendableWebWorkerHandle; use crate::web_worker::WebWorker; @@ -20,14 +11,10 @@ use crate::web_worker::WebWorkerHandle; use crate::web_worker::WebWorkerType; use crate::web_worker::WorkerControlEvent; use crate::web_worker::WorkerId; -use deno_core::error::custom_error; use deno_core::error::AnyError; use deno_core::op_async; use deno_core::op_sync; -use deno_core::serde::de; -use deno_core::serde::de::SeqAccess; use deno_core::serde::Deserialize; -use deno_core::serde::Deserializer; use deno_core::Extension; use deno_core::ModuleSpecifier; use deno_core::OpState; @@ -35,10 +22,6 @@ use deno_web::JsMessageData; use log::debug; use std::cell::RefCell; use std::collections::HashMap; -use std::collections::HashSet; -use std::convert::From; -use std::fmt; -use std::path::PathBuf; use std::rc::Rc; use std::sync::Arc; use std::thread::JoinHandle; @@ -131,369 +114,12 @@ pub fn init(create_web_worker_cb: Arc<CreateWebWorkerCb>) -> Extension { .build() } -fn merge_boolean_permission( - mut main: UnitPermission, - worker: Option<PermissionState>, -) -> Result<UnitPermission, AnyError> { - if let Some(worker) = worker { - if worker < main.state { - return Err(custom_error( - "PermissionDenied", - "Can't escalate parent thread permissions", - )); - } else { - main.state = worker; - } - } - Ok(main) -} - -fn merge_net_permission( - mut main: UnaryPermission<NetDescriptor>, - worker: Option<UnaryPermission<NetDescriptor>>, -) -> Result<UnaryPermission<NetDescriptor>, AnyError> { - if let Some(worker) = worker { - if (worker.global_state < main.global_state) - || !worker - .granted_list - .iter() - .all(|x| main.check(&(&x.0, x.1)).is_ok()) - { - return Err(custom_error( - "PermissionDenied", - "Can't escalate parent thread permissions", - )); - } else { - main.global_state = worker.global_state; - main.granted_list = worker.granted_list; - } - } - Ok(main) -} - -fn merge_read_permission( - mut main: UnaryPermission<ReadDescriptor>, - worker: Option<UnaryPermission<ReadDescriptor>>, -) -> Result<UnaryPermission<ReadDescriptor>, AnyError> { - if let Some(worker) = worker { - if (worker.global_state < main.global_state) - || !worker - .granted_list - .iter() - .all(|x| main.check(x.0.as_path()).is_ok()) - { - return Err(custom_error( - "PermissionDenied", - "Can't escalate parent thread permissions", - )); - } else { - main.global_state = worker.global_state; - main.granted_list = worker.granted_list; - } - } - Ok(main) -} - -fn merge_write_permission( - mut main: UnaryPermission<WriteDescriptor>, - worker: Option<UnaryPermission<WriteDescriptor>>, -) -> Result<UnaryPermission<WriteDescriptor>, AnyError> { - if let Some(worker) = worker { - if (worker.global_state < main.global_state) - || !worker - .granted_list - .iter() - .all(|x| main.check(x.0.as_path()).is_ok()) - { - return Err(custom_error( - "PermissionDenied", - "Can't escalate parent thread permissions", - )); - } else { - main.global_state = worker.global_state; - main.granted_list = worker.granted_list; - } - } - Ok(main) -} - -fn merge_env_permission( - mut main: UnaryPermission<EnvDescriptor>, - worker: Option<UnaryPermission<EnvDescriptor>>, -) -> Result<UnaryPermission<EnvDescriptor>, AnyError> { - if let Some(worker) = worker { - if (worker.global_state < main.global_state) - || !worker - .granted_list - .iter() - .all(|x| main.check(x.as_ref()).is_ok()) - { - return Err(custom_error( - "PermissionDenied", - "Can't escalate parent thread permissions", - )); - } else { - main.global_state = worker.global_state; - main.granted_list = worker.granted_list; - } - } - Ok(main) -} - -fn merge_run_permission( - mut main: UnaryPermission<RunDescriptor>, - worker: Option<UnaryPermission<RunDescriptor>>, -) -> Result<UnaryPermission<RunDescriptor>, AnyError> { - if let Some(worker) = worker { - if (worker.global_state < main.global_state) - || !worker.granted_list.iter().all(|x| main.check(&x.0).is_ok()) - { - return Err(custom_error( - "PermissionDenied", - "Can't escalate parent thread permissions", - )); - } else { - main.global_state = worker.global_state; - main.granted_list = worker.granted_list; - } - } - Ok(main) -} - -fn merge_ffi_permission( - mut main: UnaryPermission<FfiDescriptor>, - worker: Option<UnaryPermission<FfiDescriptor>>, -) -> Result<UnaryPermission<FfiDescriptor>, AnyError> { - if let Some(worker) = worker { - if (worker.global_state < main.global_state) - || !worker.granted_list.iter().all(|x| main.check(&x.0).is_ok()) - { - return Err(custom_error( - "PermissionDenied", - "Can't escalate parent thread permissions", - )); - } else { - main.global_state = worker.global_state; - main.granted_list = worker.granted_list; - } - } - Ok(main) -} - -pub fn create_worker_permissions( - main_perms: Permissions, - worker_perms: PermissionsArg, -) -> Result<Permissions, AnyError> { - Ok(Permissions { - env: merge_env_permission(main_perms.env, worker_perms.env)?, - hrtime: merge_boolean_permission(main_perms.hrtime, worker_perms.hrtime)?, - net: merge_net_permission(main_perms.net, worker_perms.net)?, - ffi: merge_ffi_permission(main_perms.ffi, worker_perms.ffi)?, - read: merge_read_permission(main_perms.read, worker_perms.read)?, - run: merge_run_permission(main_perms.run, worker_perms.run)?, - write: merge_write_permission(main_perms.write, worker_perms.write)?, - }) -} - -#[derive(Debug, Deserialize)] -pub struct PermissionsArg { - #[serde(default, deserialize_with = "as_unary_env_permission")] - env: Option<UnaryPermission<EnvDescriptor>>, - #[serde(default, deserialize_with = "as_permission_state")] - hrtime: Option<PermissionState>, - #[serde(default, deserialize_with = "as_unary_net_permission")] - net: Option<UnaryPermission<NetDescriptor>>, - #[serde(default, deserialize_with = "as_unary_ffi_permission")] - ffi: Option<UnaryPermission<FfiDescriptor>>, - #[serde(default, deserialize_with = "as_unary_read_permission")] - read: Option<UnaryPermission<ReadDescriptor>>, - #[serde(default, deserialize_with = "as_unary_run_permission")] - run: Option<UnaryPermission<RunDescriptor>>, - #[serde(default, deserialize_with = "as_unary_write_permission")] - write: Option<UnaryPermission<WriteDescriptor>>, -} - -fn as_permission_state<'de, D>( - deserializer: D, -) -> Result<Option<PermissionState>, D::Error> -where - D: Deserializer<'de>, -{ - let value: bool = Deserialize::deserialize(deserializer)?; - - match value { - true => Ok(Some(PermissionState::Granted)), - false => Ok(Some(PermissionState::Denied)), - } -} - -struct UnaryPermissionBase { - global_state: PermissionState, - paths: Vec<String>, -} - -struct ParseBooleanOrStringVec; - -impl<'de> de::Visitor<'de> for ParseBooleanOrStringVec { - type Value = UnaryPermissionBase; - - fn expecting(&self, formatter: &mut fmt::Formatter) -> fmt::Result { - formatter.write_str("a vector of strings or a boolean") - } - - // visit_unit maps undefined/missing values to false - fn visit_unit<E>(self) -> Result<UnaryPermissionBase, E> - where - E: de::Error, - { - self.visit_bool(false) - } - - fn visit_bool<E>(self, v: bool) -> Result<UnaryPermissionBase, E> - where - E: de::Error, - { - Ok(UnaryPermissionBase { - global_state: match v { - true => PermissionState::Granted, - false => PermissionState::Denied, - }, - paths: Vec::new(), - }) - } - - fn visit_seq<V>(self, mut visitor: V) -> Result<UnaryPermissionBase, V::Error> - where - V: SeqAccess<'de>, - { - let mut vec: Vec<String> = Vec::new(); - - let mut value = visitor.next_element::<String>()?; - while value.is_some() { - vec.push(value.unwrap()); - value = visitor.next_element()?; - } - Ok(UnaryPermissionBase { - global_state: PermissionState::Prompt, - paths: vec, - }) - } -} - -fn as_unary_net_permission<'de, D>( - deserializer: D, -) -> Result<Option<UnaryPermission<NetDescriptor>>, D::Error> -where - D: Deserializer<'de>, -{ - let value: UnaryPermissionBase = - deserializer.deserialize_any(ParseBooleanOrStringVec)?; - - let allowed: HashSet<NetDescriptor> = value - .paths - .into_iter() - .map(NetDescriptor::from_string) - .collect(); - - Ok(Some(UnaryPermission::<NetDescriptor> { - global_state: value.global_state, - granted_list: allowed, - ..Default::default() - })) -} - -fn as_unary_read_permission<'de, D>( - deserializer: D, -) -> Result<Option<UnaryPermission<ReadDescriptor>>, D::Error> -where - D: Deserializer<'de>, -{ - let value: UnaryPermissionBase = - deserializer.deserialize_any(ParseBooleanOrStringVec)?; - - let paths: Vec<PathBuf> = - value.paths.into_iter().map(PathBuf::from).collect(); - - Ok(Some(UnaryPermission::<ReadDescriptor> { - global_state: value.global_state, - granted_list: resolve_read_allowlist(&Some(paths)), - ..Default::default() - })) -} - -fn as_unary_write_permission<'de, D>( - deserializer: D, -) -> Result<Option<UnaryPermission<WriteDescriptor>>, D::Error> -where - D: Deserializer<'de>, -{ - let value: UnaryPermissionBase = - deserializer.deserialize_any(ParseBooleanOrStringVec)?; - - let paths: Vec<PathBuf> = - value.paths.into_iter().map(PathBuf::from).collect(); - - Ok(Some(UnaryPermission::<WriteDescriptor> { - global_state: value.global_state, - granted_list: resolve_write_allowlist(&Some(paths)), - ..Default::default() - })) -} - -fn as_unary_env_permission<'de, D>( - deserializer: D, -) -> Result<Option<UnaryPermission<EnvDescriptor>>, D::Error> -where - D: Deserializer<'de>, -{ - let value: UnaryPermissionBase = - deserializer.deserialize_any(ParseBooleanOrStringVec)?; - - Ok(Some(UnaryPermission::<EnvDescriptor> { - global_state: value.global_state, - granted_list: value.paths.into_iter().map(EnvDescriptor::new).collect(), - ..Default::default() - })) -} - -fn as_unary_run_permission<'de, D>( - deserializer: D, -) -> Result<Option<UnaryPermission<RunDescriptor>>, D::Error> -where - D: Deserializer<'de>, -{ - let value: UnaryPermissionBase = - deserializer.deserialize_any(ParseBooleanOrStringVec)?; - - Ok(Some(UnaryPermission::<RunDescriptor> { - global_state: value.global_state, - granted_list: value.paths.into_iter().map(RunDescriptor).collect(), - ..Default::default() - })) -} - -fn as_unary_ffi_permission<'de, D>( - deserializer: D, -) -> Result<Option<UnaryPermission<FfiDescriptor>>, D::Error> -where - D: Deserializer<'de>, -{ - let value: UnaryPermissionBase = - deserializer.deserialize_any(ParseBooleanOrStringVec)?; - - Ok(Some(UnaryPermission::<FfiDescriptor> { - global_state: value.global_state, - granted_list: value.paths.into_iter().map(FfiDescriptor).collect(), - ..Default::default() - })) -} - #[derive(Deserialize)] #[serde(rename_all = "camelCase")] pub struct CreateWorkerArgs { has_source_code: bool, name: Option<String>, - permissions: Option<PermissionsArg>, + permissions: Option<ChildPermissionsArg>, source_code: String, specifier: String, use_deno_namespace: bool, @@ -528,13 +154,18 @@ fn op_create_worker( ); } } - let parent_permissions = state.borrow::<Permissions>().clone(); - let worker_permissions = if let Some(permissions) = args.permissions { + + if args.permissions.is_some() { super::check_unstable(state, "Worker.deno.permissions"); - create_worker_permissions(parent_permissions.clone(), permissions)? + } + let parent_permissions = state.borrow_mut::<Permissions>(); + let worker_permissions = if let Some(child_permissions_arg) = args.permissions + { + create_child_permissions(parent_permissions, child_permissions_arg)? } else { parent_permissions.clone() }; + let parent_permissions = parent_permissions.clone(); let worker_id = state.take::<WorkerId>(); let create_module_loader = state.take::<CreateWebWorkerCbHolder>(); diff --git a/runtime/permissions.rs b/runtime/permissions.rs index 081268aa9..e62ce4eb1 100644 --- a/runtime/permissions.rs +++ b/runtime/permissions.rs @@ -7,8 +7,11 @@ use deno_core::error::uri_error; use deno_core::error::AnyError; #[cfg(test)] use deno_core::parking_lot::Mutex; +use deno_core::serde::de; use deno_core::serde::Deserialize; +use deno_core::serde::Deserializer; use deno_core::serde::Serialize; +use deno_core::serde_json; use deno_core::url; use deno_core::ModuleSpecifier; use deno_core::OpState; @@ -17,6 +20,8 @@ use std::collections::HashSet; use std::fmt; use std::hash::Hash; use std::path::{Path, PathBuf}; +use std::str::FromStr; +use std::string::ToString; #[cfg(test)] use std::sync::atomic::AtomicBool; #[cfg(test)] @@ -115,7 +120,7 @@ impl Default for PermissionState { } } -#[derive(Clone, Debug, Default, PartialEq)] +#[derive(Clone, Debug, PartialEq)] pub struct UnitPermission { pub name: &'static str, pub description: &'static str, @@ -161,7 +166,7 @@ impl UnitPermission { /// A normalized environment variable name. On Windows this will /// be uppercase and on other platforms it will stay as-is. -#[derive(Clone, Eq, PartialEq, Hash, Debug, Default)] +#[derive(Clone, Eq, PartialEq, Hash, Debug)] struct EnvVarName { inner: String, } @@ -184,7 +189,7 @@ impl AsRef<str> for EnvVarName { } } -#[derive(Clone, Debug, Default, PartialEq)] +#[derive(Clone, Debug, PartialEq)] pub struct UnaryPermission<T: Eq + Hash> { pub name: &'static str, pub description: &'static str, @@ -194,13 +199,13 @@ pub struct UnaryPermission<T: Eq + Hash> { pub prompt: bool, } -#[derive(Clone, Eq, PartialEq, Hash, Debug, Default)] +#[derive(Clone, Eq, PartialEq, Hash, Debug)] pub struct ReadDescriptor(pub PathBuf); -#[derive(Clone, Eq, PartialEq, Hash, Debug, Default)] +#[derive(Clone, Eq, PartialEq, Hash, Debug)] pub struct WriteDescriptor(pub PathBuf); -#[derive(Clone, Eq, PartialEq, Hash, Debug, Default)] +#[derive(Clone, Eq, PartialEq, Hash, Debug)] pub struct NetDescriptor(pub String, pub Option<u16>); impl NetDescriptor { @@ -225,7 +230,7 @@ impl fmt::Display for NetDescriptor { } } -#[derive(Clone, Eq, PartialEq, Hash, Debug, Default)] +#[derive(Clone, Eq, PartialEq, Hash, Debug)] pub struct EnvDescriptor(EnvVarName); impl EnvDescriptor { @@ -240,11 +245,38 @@ impl AsRef<str> for EnvDescriptor { } } -#[derive(Clone, Eq, PartialEq, Hash, Debug, Default)] -pub struct RunDescriptor(pub String); +#[derive(Clone, Eq, PartialEq, Hash, Debug)] +pub enum RunDescriptor { + Name(String), + Path(PathBuf), +} + +impl FromStr for RunDescriptor { + type Err = (); + + fn from_str(s: &str) -> Result<Self, Self::Err> { + let is_path = s.contains('/'); + #[cfg(windows)] + let is_path = is_path || s.contains('\\') || Path::new(s).is_absolute(); + if is_path { + Ok(Self::Path(resolve_from_cwd(Path::new(s)).unwrap())) + } else { + Ok(Self::Name(s.to_string())) + } + } +} + +impl ToString for RunDescriptor { + fn to_string(&self) -> String { + match self { + RunDescriptor::Name(s) => s.clone(), + RunDescriptor::Path(p) => p.to_string_lossy().to_string(), + } + } +} -#[derive(Clone, Eq, PartialEq, Hash, Debug, Default)] -pub struct FfiDescriptor(pub String); +#[derive(Clone, Eq, PartialEq, Hash, Debug)] +pub struct FfiDescriptor(pub PathBuf); impl UnaryPermission<ReadDescriptor> { pub fn query(&self, path: Option<&Path>) -> PermissionState { @@ -369,6 +401,32 @@ impl UnaryPermission<ReadDescriptor> { } result } + + pub fn check_all(&mut self) -> Result<(), AnyError> { + let (result, prompted) = + self.query(None).check(self.name, Some("all"), self.prompt); + if prompted { + if result.is_ok() { + self.global_state = PermissionState::Granted; + } else { + self.global_state = PermissionState::Denied; + } + } + result + } +} + +impl Default for UnaryPermission<ReadDescriptor> { + fn default() -> Self { + UnaryPermission::<ReadDescriptor> { + name: "read", + description: "read the file system", + global_state: Default::default(), + granted_list: Default::default(), + denied_list: Default::default(), + prompt: false, + } + } } impl UnaryPermission<WriteDescriptor> { @@ -470,6 +528,32 @@ impl UnaryPermission<WriteDescriptor> { } result } + + pub fn check_all(&mut self) -> Result<(), AnyError> { + let (result, prompted) = + self.query(None).check(self.name, Some("all"), self.prompt); + if prompted { + if result.is_ok() { + self.global_state = PermissionState::Granted; + } else { + self.global_state = PermissionState::Denied; + } + } + result + } +} + +impl Default for UnaryPermission<WriteDescriptor> { + fn default() -> Self { + UnaryPermission::<WriteDescriptor> { + name: "write", + description: "write to the file system", + global_state: Default::default(), + granted_list: Default::default(), + denied_list: Default::default(), + prompt: false, + } + } } impl UnaryPermission<NetDescriptor> { @@ -615,6 +699,34 @@ impl UnaryPermission<NetDescriptor> { } result } + + pub fn check_all(&mut self) -> Result<(), AnyError> { + let (result, prompted) = + self + .query::<&str>(None) + .check(self.name, Some("all"), self.prompt); + if prompted { + if result.is_ok() { + self.global_state = PermissionState::Granted; + } else { + self.global_state = PermissionState::Denied; + } + } + result + } +} + +impl Default for UnaryPermission<NetDescriptor> { + fn default() -> Self { + UnaryPermission::<NetDescriptor> { + name: "net", + description: "network", + global_state: Default::default(), + granted_list: Default::default(), + denied_list: Default::default(), + prompt: false, + } + } } impl UnaryPermission<EnvDescriptor> { @@ -623,14 +735,14 @@ impl UnaryPermission<EnvDescriptor> { if self.global_state == PermissionState::Denied && match env.as_ref() { None => true, - Some(env) => self.denied_list.iter().any(|env_| &env_.0 == env), + Some(env) => self.denied_list.contains(&EnvDescriptor::new(env)), } { PermissionState::Denied } else if self.global_state == PermissionState::Granted || match env.as_ref() { None => false, - Some(env) => self.granted_list.iter().any(|env_| &env_.0 == env), + Some(env) => self.granted_list.contains(&EnvDescriptor::new(env)), } { PermissionState::Granted @@ -717,19 +829,36 @@ impl UnaryPermission<EnvDescriptor> { } } +impl Default for UnaryPermission<EnvDescriptor> { + fn default() -> Self { + UnaryPermission::<EnvDescriptor> { + name: "env", + description: "environment variables", + global_state: Default::default(), + granted_list: Default::default(), + denied_list: Default::default(), + prompt: false, + } + } +} + impl UnaryPermission<RunDescriptor> { pub fn query(&self, cmd: Option<&str>) -> PermissionState { if self.global_state == PermissionState::Denied && match cmd { None => true, - Some(cmd) => self.denied_list.iter().any(|cmd_| cmd_.0 == cmd), + Some(cmd) => self + .denied_list + .contains(&RunDescriptor::from_str(cmd).unwrap()), } { PermissionState::Denied } else if self.global_state == PermissionState::Granted || match cmd { None => false, - Some(cmd) => self.granted_list.iter().any(|cmd_| cmd_.0 == cmd), + Some(cmd) => self + .granted_list + .contains(&RunDescriptor::from_str(cmd).unwrap()), } { PermissionState::Granted @@ -743,15 +872,21 @@ impl UnaryPermission<RunDescriptor> { let state = self.query(Some(cmd)); if state == PermissionState::Prompt { if permission_prompt(&format!("run access to \"{}\"", cmd)) { - self.granted_list.insert(RunDescriptor(cmd.to_string())); + self + .granted_list + .insert(RunDescriptor::from_str(cmd).unwrap()); PermissionState::Granted } else { - self.denied_list.insert(RunDescriptor(cmd.to_string())); + self + .denied_list + .insert(RunDescriptor::from_str(cmd).unwrap()); self.global_state = PermissionState::Denied; PermissionState::Denied } } else if state == PermissionState::Granted { - self.granted_list.insert(RunDescriptor(cmd.to_string())); + self + .granted_list + .insert(RunDescriptor::from_str(cmd).unwrap()); PermissionState::Granted } else { state @@ -775,7 +910,9 @@ impl UnaryPermission<RunDescriptor> { pub fn revoke(&mut self, cmd: Option<&str>) -> PermissionState { if let Some(cmd) = cmd { - self.granted_list.remove(&RunDescriptor(cmd.to_string())); + self + .granted_list + .remove(&RunDescriptor::from_str(cmd).unwrap()); } else { self.granted_list.clear(); } @@ -793,9 +930,13 @@ impl UnaryPermission<RunDescriptor> { ); if prompted { if result.is_ok() { - self.granted_list.insert(RunDescriptor(cmd.to_string())); + self + .granted_list + .insert(RunDescriptor::from_str(cmd).unwrap()); } else { - self.denied_list.insert(RunDescriptor(cmd.to_string())); + self + .denied_list + .insert(RunDescriptor::from_str(cmd).unwrap()); self.global_state = PermissionState::Denied; } } @@ -816,19 +957,33 @@ impl UnaryPermission<RunDescriptor> { } } +impl Default for UnaryPermission<RunDescriptor> { + fn default() -> Self { + UnaryPermission::<RunDescriptor> { + name: "run", + description: "run a subprocess", + global_state: Default::default(), + granted_list: Default::default(), + denied_list: Default::default(), + prompt: false, + } + } +} + impl UnaryPermission<FfiDescriptor> { - pub fn query(&self, lib: Option<&str>) -> PermissionState { + pub fn query(&self, path: Option<&Path>) -> PermissionState { + let path = path.map(|p| resolve_from_cwd(p).unwrap()); if self.global_state == PermissionState::Denied - && match lib { + && match path.as_ref() { None => true, - Some(lib) => self.denied_list.iter().any(|lib_| lib_.0 == lib), + Some(path) => self.denied_list.contains(&FfiDescriptor(path.clone())), } { PermissionState::Denied } else if self.global_state == PermissionState::Granted - || match lib { + || match path.as_ref() { None => false, - Some(lib) => self.granted_list.iter().any(|lib_| lib_.0 == lib), + Some(path) => self.granted_list.contains(&FfiDescriptor(path.clone())), } { PermissionState::Granted @@ -837,20 +992,24 @@ impl UnaryPermission<FfiDescriptor> { } } - pub fn request(&mut self, lib: Option<&str>) -> PermissionState { - if let Some(lib) = lib { - let state = self.query(Some(lib)); + pub fn request(&mut self, path: Option<&Path>) -> PermissionState { + if let Some(path) = path { + let (resolved_path, display_path) = resolved_and_display_path(path); + let state = self.query(Some(&resolved_path)); if state == PermissionState::Prompt { - if permission_prompt(&format!("ffi access to \"{}\"", lib)) { - self.granted_list.insert(FfiDescriptor(lib.to_string())); + if permission_prompt(&format!( + "ffi access to \"{}\"", + display_path.display() + )) { + self.granted_list.insert(FfiDescriptor(resolved_path)); PermissionState::Granted } else { - self.denied_list.insert(FfiDescriptor(lib.to_string())); + self.denied_list.insert(FfiDescriptor(resolved_path)); self.global_state = PermissionState::Denied; PermissionState::Denied } } else if state == PermissionState::Granted { - self.granted_list.insert(FfiDescriptor(lib.to_string())); + self.granted_list.insert(FfiDescriptor(resolved_path)); PermissionState::Granted } else { state @@ -872,29 +1031,31 @@ impl UnaryPermission<FfiDescriptor> { } } - pub fn revoke(&mut self, lib: Option<&str>) -> PermissionState { - if let Some(lib) = lib { - self.granted_list.remove(&FfiDescriptor(lib.to_string())); + pub fn revoke(&mut self, path: Option<&Path>) -> PermissionState { + if let Some(path) = path { + let path = resolve_from_cwd(path).unwrap(); + self.granted_list.remove(&FfiDescriptor(path)); } else { self.granted_list.clear(); } if self.global_state == PermissionState::Granted { self.global_state = PermissionState::Prompt; } - self.query(lib) + self.query(path) } - pub fn check(&mut self, lib: &str) -> Result<(), AnyError> { - let (result, prompted) = self.query(Some(lib)).check( + pub fn check(&mut self, path: &Path) -> Result<(), AnyError> { + let (resolved_path, display_path) = resolved_and_display_path(path); + let (result, prompted) = self.query(Some(&resolved_path)).check( self.name, - Some(&format!("\"{}\"", lib)), + Some(&format!("\"{}\"", display_path.display())), self.prompt, ); if prompted { if result.is_ok() { - self.granted_list.insert(FfiDescriptor(lib.to_string())); + self.granted_list.insert(FfiDescriptor(resolved_path)); } else { - self.denied_list.insert(FfiDescriptor(lib.to_string())); + self.denied_list.insert(FfiDescriptor(resolved_path)); self.global_state = PermissionState::Denied; } } @@ -915,7 +1076,20 @@ impl UnaryPermission<FfiDescriptor> { } } -#[derive(Clone, Debug, Default, PartialEq)] +impl Default for UnaryPermission<FfiDescriptor> { + fn default() -> Self { + UnaryPermission::<FfiDescriptor> { + name: "ffi", + description: "load a dynamic library", + global_state: Default::default(), + granted_list: Default::default(), + denied_list: Default::default(), + prompt: false, + } + } +} + +#[derive(Clone, Debug, PartialEq)] pub struct Permissions { pub read: UnaryPermission<ReadDescriptor>, pub write: UnaryPermission<WriteDescriptor>, @@ -926,12 +1100,26 @@ pub struct Permissions { pub hrtime: UnitPermission, } +impl Default for Permissions { + fn default() -> Self { + Self { + read: Permissions::new_read(&None, false), + write: Permissions::new_write(&None, false), + net: Permissions::new_net(&None, false), + env: Permissions::new_env(&None, false), + run: Permissions::new_run(&None, false), + ffi: Permissions::new_ffi(&None, false), + hrtime: Permissions::new_hrtime(false, false), + } + } +} + #[derive(Clone, Debug, PartialEq, Default, Serialize, Deserialize)] pub struct PermissionsOptions { pub allow_env: Option<Vec<String>>, pub allow_hrtime: bool, pub allow_net: Option<Vec<String>>, - pub allow_ffi: Option<Vec<String>>, + pub allow_ffi: Option<Vec<PathBuf>>, pub allow_read: Option<Vec<PathBuf>>, pub allow_run: Option<Vec<String>>, pub allow_write: Option<Vec<PathBuf>>, @@ -944,12 +1132,10 @@ impl Permissions { prompt: bool, ) -> UnaryPermission<ReadDescriptor> { UnaryPermission::<ReadDescriptor> { - name: "read", - description: "read the file system", global_state: global_state_from_option(state), granted_list: resolve_read_allowlist(state), - denied_list: Default::default(), prompt, + ..Default::default() } } @@ -958,12 +1144,10 @@ impl Permissions { prompt: bool, ) -> UnaryPermission<WriteDescriptor> { UnaryPermission::<WriteDescriptor> { - name: "write", - description: "write to the file system", global_state: global_state_from_option(state), granted_list: resolve_write_allowlist(state), - denied_list: Default::default(), prompt, + ..Default::default() } } @@ -972,8 +1156,6 @@ impl Permissions { prompt: bool, ) -> UnaryPermission<NetDescriptor> { UnaryPermission::<NetDescriptor> { - name: "net", - description: "network", global_state: global_state_from_option(state), granted_list: state .as_ref() @@ -983,8 +1165,8 @@ impl Permissions { .collect() }) .unwrap_or_else(HashSet::new), - denied_list: Default::default(), prompt, + ..Default::default() } } @@ -993,15 +1175,13 @@ impl Permissions { prompt: bool, ) -> UnaryPermission<EnvDescriptor> { UnaryPermission::<EnvDescriptor> { - name: "env", - description: "environment variables", global_state: global_state_from_option(state), granted_list: state .as_ref() .map(|v| v.iter().map(EnvDescriptor::new).collect()) .unwrap_or_else(HashSet::new), - denied_list: Default::default(), prompt, + ..Default::default() } } @@ -1010,32 +1190,29 @@ impl Permissions { prompt: bool, ) -> UnaryPermission<RunDescriptor> { UnaryPermission::<RunDescriptor> { - name: "run", - description: "run a subprocess", global_state: global_state_from_option(state), granted_list: state .as_ref() - .map(|v| v.iter().map(|x| RunDescriptor(x.clone())).collect()) + .map(|v| { + v.iter() + .map(|x| RunDescriptor::from_str(x).unwrap()) + .collect() + }) .unwrap_or_else(HashSet::new), - denied_list: Default::default(), prompt, + ..Default::default() } } pub fn new_ffi( - state: &Option<Vec<String>>, + state: &Option<Vec<PathBuf>>, prompt: bool, ) -> UnaryPermission<FfiDescriptor> { UnaryPermission::<FfiDescriptor> { - name: "ffi", - description: "load a dynamic library", global_state: global_state_from_option(state), - granted_list: state - .as_ref() - .map(|v| v.iter().map(|x| FfiDescriptor(x.clone())).collect()) - .unwrap_or_else(HashSet::new), - denied_list: Default::default(), + granted_list: resolve_ffi_allowlist(state), prompt, + ..Default::default() } } @@ -1137,7 +1314,7 @@ impl deno_websocket::WebSocketPermissions for Permissions { } impl deno_ffi::FfiPermissions for Permissions { - fn check(&mut self, path: &str) -> Result<(), AnyError> { + fn check(&mut self, path: &Path) -> Result<(), AnyError> { self.ffi.check(path) } } @@ -1196,6 +1373,20 @@ pub fn resolve_write_allowlist( } } +pub fn resolve_ffi_allowlist( + allow: &Option<Vec<PathBuf>>, +) -> HashSet<FfiDescriptor> { + if let Some(v) = allow { + v.iter() + .map(|raw_path| { + FfiDescriptor(resolve_from_cwd(Path::new(&raw_path)).unwrap()) + }) + .collect() + } else { + HashSet::new() + } +} + /// Arbitrary helper. Resolves the path from CWD, and also gets a path that /// can be displayed without leaking the CWD when not allowed. fn resolved_and_display_path(path: &Path) -> (PathBuf, PathBuf) { @@ -1204,6 +1395,458 @@ fn resolved_and_display_path(path: &Path) -> (PathBuf, PathBuf) { (resolved_path, display_path) } +fn escalation_error() -> AnyError { + custom_error( + "PermissionDenied", + "Can't escalate parent thread permissions", + ) +} + +#[derive(Debug, PartialEq)] +pub enum ChildUnitPermissionArg { + Inherit, + Granted, + NotGranted, +} + +impl Default for ChildUnitPermissionArg { + fn default() -> Self { + ChildUnitPermissionArg::Inherit + } +} + +impl<'de> Deserialize<'de> for ChildUnitPermissionArg { + fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> + where + D: Deserializer<'de>, + { + struct ChildUnitPermissionArgVisitor; + impl<'de> de::Visitor<'de> for ChildUnitPermissionArgVisitor { + type Value = ChildUnitPermissionArg; + + fn expecting(&self, formatter: &mut fmt::Formatter) -> fmt::Result { + formatter.write_str("\"inherit\" or boolean") + } + + fn visit_unit<E>(self) -> Result<ChildUnitPermissionArg, E> + where + E: de::Error, + { + Ok(ChildUnitPermissionArg::Inherit) + } + + fn visit_str<E>(self, v: &str) -> Result<ChildUnitPermissionArg, E> + where + E: de::Error, + { + if v == "inherit" { + Ok(ChildUnitPermissionArg::Inherit) + } else { + Err(de::Error::invalid_value(de::Unexpected::Str(v), &self)) + } + } + + fn visit_bool<E>(self, v: bool) -> Result<ChildUnitPermissionArg, E> + where + E: de::Error, + { + match v { + true => Ok(ChildUnitPermissionArg::Granted), + false => Ok(ChildUnitPermissionArg::NotGranted), + } + } + } + deserializer.deserialize_any(ChildUnitPermissionArgVisitor) + } +} + +#[derive(Debug, PartialEq)] +pub enum ChildUnaryPermissionArg { + Inherit, + Granted, + NotGranted, + GrantedList(Vec<String>), +} + +impl Default for ChildUnaryPermissionArg { + fn default() -> Self { + ChildUnaryPermissionArg::Inherit + } +} + +impl<'de> Deserialize<'de> for ChildUnaryPermissionArg { + fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> + where + D: Deserializer<'de>, + { + struct ChildUnaryPermissionArgVisitor; + impl<'de> de::Visitor<'de> for ChildUnaryPermissionArgVisitor { + type Value = ChildUnaryPermissionArg; + + fn expecting(&self, formatter: &mut fmt::Formatter) -> fmt::Result { + formatter.write_str("\"inherit\" or boolean or string[]") + } + + fn visit_unit<E>(self) -> Result<ChildUnaryPermissionArg, E> + where + E: de::Error, + { + Ok(ChildUnaryPermissionArg::Inherit) + } + + fn visit_str<E>(self, v: &str) -> Result<ChildUnaryPermissionArg, E> + where + E: de::Error, + { + if v == "inherit" { + Ok(ChildUnaryPermissionArg::Inherit) + } else { + Err(de::Error::invalid_value(de::Unexpected::Str(v), &self)) + } + } + + fn visit_bool<E>(self, v: bool) -> Result<ChildUnaryPermissionArg, E> + where + E: de::Error, + { + match v { + true => Ok(ChildUnaryPermissionArg::Granted), + false => Ok(ChildUnaryPermissionArg::NotGranted), + } + } + + fn visit_seq<V>( + self, + mut v: V, + ) -> Result<ChildUnaryPermissionArg, V::Error> + where + V: de::SeqAccess<'de>, + { + let mut granted_list = vec![]; + while let Some(value) = v.next_element::<String>()? { + granted_list.push(value); + } + Ok(ChildUnaryPermissionArg::GrantedList(granted_list)) + } + } + deserializer.deserialize_any(ChildUnaryPermissionArgVisitor) + } +} + +/// Directly deserializable from JS worker and test permission options. +#[derive(Debug, Default, PartialEq)] +pub struct ChildPermissionsArg { + env: ChildUnaryPermissionArg, + hrtime: ChildUnitPermissionArg, + net: ChildUnaryPermissionArg, + ffi: ChildUnaryPermissionArg, + read: ChildUnaryPermissionArg, + run: ChildUnaryPermissionArg, + write: ChildUnaryPermissionArg, +} + +impl<'de> Deserialize<'de> for ChildPermissionsArg { + fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> + where + D: Deserializer<'de>, + { + struct ChildPermissionsArgVisitor; + impl<'de> de::Visitor<'de> for ChildPermissionsArgVisitor { + type Value = ChildPermissionsArg; + + fn expecting(&self, formatter: &mut fmt::Formatter) -> fmt::Result { + formatter.write_str("\"inherit\" or \"none\" or object") + } + + fn visit_unit<E>(self) -> Result<ChildPermissionsArg, E> + where + E: de::Error, + { + Ok(ChildPermissionsArg::default()) + } + + fn visit_str<E>(self, v: &str) -> Result<ChildPermissionsArg, E> + where + E: de::Error, + { + if v == "inherit" { + Ok(ChildPermissionsArg::default()) + } else if v == "none" { + Ok(ChildPermissionsArg { + env: ChildUnaryPermissionArg::NotGranted, + hrtime: ChildUnitPermissionArg::NotGranted, + net: ChildUnaryPermissionArg::NotGranted, + ffi: ChildUnaryPermissionArg::NotGranted, + read: ChildUnaryPermissionArg::NotGranted, + run: ChildUnaryPermissionArg::NotGranted, + write: ChildUnaryPermissionArg::NotGranted, + }) + } else { + Err(de::Error::invalid_value(de::Unexpected::Str(v), &self)) + } + } + + fn visit_map<V>(self, mut v: V) -> Result<ChildPermissionsArg, V::Error> + where + V: de::MapAccess<'de>, + { + let mut child_permissions_arg = ChildPermissionsArg::default(); + while let Some((key, value)) = + v.next_entry::<String, serde_json::Value>()? + { + if key == "env" { + let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value); + child_permissions_arg.env = arg.map_err(|e| { + de::Error::custom(format!("(deno.permissions.env) {}", e)) + })?; + } else if key == "hrtime" { + let arg = serde_json::from_value::<ChildUnitPermissionArg>(value); + child_permissions_arg.hrtime = arg.map_err(|e| { + de::Error::custom(format!("(deno.permissions.hrtime) {}", e)) + })?; + } else if key == "net" { + let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value); + child_permissions_arg.net = arg.map_err(|e| { + de::Error::custom(format!("(deno.permissions.net) {}", e)) + })?; + } else if key == "ffi" { + let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value); + child_permissions_arg.ffi = arg.map_err(|e| { + de::Error::custom(format!("(deno.permissions.ffi) {}", e)) + })?; + } else if key == "read" { + let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value); + child_permissions_arg.read = arg.map_err(|e| { + de::Error::custom(format!("(deno.permissions.read) {}", e)) + })?; + } else if key == "run" { + let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value); + child_permissions_arg.run = arg.map_err(|e| { + de::Error::custom(format!("(deno.permissions.run) {}", e)) + })?; + } else if key == "write" { + let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value); + child_permissions_arg.write = arg.map_err(|e| { + de::Error::custom(format!("(deno.permissions.write) {}", e)) + })?; + } else { + return Err(de::Error::custom("unknown permission name")); + } + } + Ok(child_permissions_arg) + } + } + deserializer.deserialize_any(ChildPermissionsArgVisitor) + } +} + +pub fn create_child_permissions( + main_perms: &mut Permissions, + child_permissions_arg: ChildPermissionsArg, +) -> Result<Permissions, AnyError> { + let mut worker_perms = Permissions::default(); + match child_permissions_arg.env { + ChildUnaryPermissionArg::Inherit => { + worker_perms.env = main_perms.env.clone(); + } + ChildUnaryPermissionArg::Granted => { + if main_perms.env.check_all().is_err() { + return Err(escalation_error()); + } + worker_perms.env.global_state = PermissionState::Granted; + } + ChildUnaryPermissionArg::NotGranted => {} + ChildUnaryPermissionArg::GrantedList(granted_list) => { + worker_perms.env.granted_list = + Permissions::new_env(&Some(granted_list), false).granted_list; + if !worker_perms + .env + .granted_list + .iter() + .all(|desc| main_perms.env.check(desc.as_ref()).is_ok()) + { + return Err(escalation_error()); + } + } + } + worker_perms.env.denied_list = main_perms.env.denied_list.clone(); + if main_perms.env.global_state == PermissionState::Denied { + worker_perms.env.global_state = PermissionState::Denied; + } + worker_perms.env.prompt = main_perms.env.prompt; + match child_permissions_arg.hrtime { + ChildUnitPermissionArg::Inherit => { + worker_perms.hrtime = main_perms.hrtime.clone(); + } + ChildUnitPermissionArg::Granted => { + if main_perms.hrtime.check().is_err() { + return Err(escalation_error()); + } + worker_perms.hrtime.state = PermissionState::Granted; + } + ChildUnitPermissionArg::NotGranted => {} + } + if main_perms.hrtime.state == PermissionState::Denied { + worker_perms.hrtime.state = PermissionState::Denied; + } + worker_perms.hrtime.prompt = main_perms.hrtime.prompt; + match child_permissions_arg.net { + ChildUnaryPermissionArg::Inherit => { + worker_perms.net = main_perms.net.clone(); + } + ChildUnaryPermissionArg::Granted => { + if main_perms.net.check_all().is_err() { + return Err(escalation_error()); + } + worker_perms.net.global_state = PermissionState::Granted; + } + ChildUnaryPermissionArg::NotGranted => {} + ChildUnaryPermissionArg::GrantedList(granted_list) => { + worker_perms.net.granted_list = + Permissions::new_net(&Some(granted_list), false).granted_list; + if !worker_perms + .net + .granted_list + .iter() + .all(|desc| main_perms.net.check(&(&desc.0, desc.1)).is_ok()) + { + return Err(escalation_error()); + } + } + } + worker_perms.net.denied_list = main_perms.net.denied_list.clone(); + if main_perms.net.global_state == PermissionState::Denied { + worker_perms.net.global_state = PermissionState::Denied; + } + worker_perms.net.prompt = main_perms.net.prompt; + match child_permissions_arg.ffi { + ChildUnaryPermissionArg::Inherit => { + worker_perms.ffi = main_perms.ffi.clone(); + } + ChildUnaryPermissionArg::Granted => { + if main_perms.ffi.check_all().is_err() { + return Err(escalation_error()); + } + worker_perms.ffi.global_state = PermissionState::Granted; + } + ChildUnaryPermissionArg::NotGranted => {} + ChildUnaryPermissionArg::GrantedList(granted_list) => { + worker_perms.ffi.granted_list = Permissions::new_ffi( + &Some(granted_list.iter().map(PathBuf::from).collect()), + false, + ) + .granted_list; + if !worker_perms + .ffi + .granted_list + .iter() + .all(|desc| main_perms.ffi.check(&desc.0).is_ok()) + { + return Err(escalation_error()); + } + } + } + worker_perms.ffi.denied_list = main_perms.ffi.denied_list.clone(); + if main_perms.ffi.global_state == PermissionState::Denied { + worker_perms.ffi.global_state = PermissionState::Denied; + } + worker_perms.ffi.prompt = main_perms.ffi.prompt; + match child_permissions_arg.read { + ChildUnaryPermissionArg::Inherit => { + worker_perms.read = main_perms.read.clone(); + } + ChildUnaryPermissionArg::Granted => { + if main_perms.read.check_all().is_err() { + return Err(escalation_error()); + } + worker_perms.read.global_state = PermissionState::Granted; + } + ChildUnaryPermissionArg::NotGranted => {} + ChildUnaryPermissionArg::GrantedList(granted_list) => { + worker_perms.read.granted_list = Permissions::new_read( + &Some(granted_list.iter().map(PathBuf::from).collect()), + false, + ) + .granted_list; + if !worker_perms + .read + .granted_list + .iter() + .all(|desc| main_perms.read.check(&desc.0).is_ok()) + { + return Err(escalation_error()); + } + } + } + worker_perms.read.denied_list = main_perms.read.denied_list.clone(); + if main_perms.read.global_state == PermissionState::Denied { + worker_perms.read.global_state = PermissionState::Denied; + } + worker_perms.read.prompt = main_perms.read.prompt; + match child_permissions_arg.run { + ChildUnaryPermissionArg::Inherit => { + worker_perms.run = main_perms.run.clone(); + } + ChildUnaryPermissionArg::Granted => { + if main_perms.run.check_all().is_err() { + return Err(escalation_error()); + } + worker_perms.run.global_state = PermissionState::Granted; + } + ChildUnaryPermissionArg::NotGranted => {} + ChildUnaryPermissionArg::GrantedList(granted_list) => { + worker_perms.run.granted_list = + Permissions::new_run(&Some(granted_list), false).granted_list; + if !worker_perms + .run + .granted_list + .iter() + .all(|desc| main_perms.run.check(&desc.to_string()).is_ok()) + { + return Err(escalation_error()); + } + } + } + worker_perms.run.denied_list = main_perms.run.denied_list.clone(); + if main_perms.run.global_state == PermissionState::Denied { + worker_perms.run.global_state = PermissionState::Denied; + } + worker_perms.run.prompt = main_perms.run.prompt; + match child_permissions_arg.write { + ChildUnaryPermissionArg::Inherit => { + worker_perms.write = main_perms.write.clone(); + } + ChildUnaryPermissionArg::Granted => { + if main_perms.write.check_all().is_err() { + return Err(escalation_error()); + } + worker_perms.write.global_state = PermissionState::Granted; + } + ChildUnaryPermissionArg::NotGranted => {} + ChildUnaryPermissionArg::GrantedList(granted_list) => { + worker_perms.write.granted_list = Permissions::new_write( + &Some(granted_list.iter().map(PathBuf::from).collect()), + false, + ) + .granted_list; + if !worker_perms + .write + .granted_list + .iter() + .all(|desc| main_perms.write.check(&desc.0).is_ok()) + { + return Err(escalation_error()); + } + } + } + worker_perms.write.denied_list = main_perms.write.denied_list.clone(); + if main_perms.write.global_state == PermissionState::Denied { + worker_perms.write.global_state = PermissionState::Denied; + } + worker_perms.write.prompt = main_perms.write.prompt; + Ok(worker_perms) +} + /// Shows the permission prompt and returns the answer according to the user input. /// This loops until the user gives the proper input. #[cfg(not(test))] @@ -1371,6 +2014,7 @@ fn set_prompt_result(value: bool) { mod tests { use super::*; use deno_core::resolve_url_or_path; + use deno_core::serde_json::json; // Creates vector of strings, Vec<String> macro_rules! svec { @@ -1701,11 +2345,11 @@ mod tests { }, ffi: UnaryPermission { global_state: PermissionState::Prompt, - ..Permissions::new_ffi(&Some(svec!["deno"]), false) + ..Permissions::new_ffi(&Some(vec![PathBuf::from("deno")]), false) }, hrtime: UnitPermission { state: PermissionState::Prompt, - ..Default::default() + ..Permissions::new_hrtime(false, false) }, }; #[rustfmt::skip] @@ -1733,9 +2377,9 @@ mod tests { assert_eq!(perms2.run.query(None), PermissionState::Prompt); assert_eq!(perms2.run.query(Some(&"deno".to_string())), PermissionState::Granted); assert_eq!(perms1.ffi.query(None), PermissionState::Granted); - assert_eq!(perms1.ffi.query(Some(&"deno".to_string())), PermissionState::Granted); + assert_eq!(perms1.ffi.query(Some(Path::new("deno"))), PermissionState::Granted); assert_eq!(perms2.ffi.query(None), PermissionState::Prompt); - assert_eq!(perms2.ffi.query(Some(&"deno".to_string())), PermissionState::Granted); + assert_eq!(perms2.ffi.query(Some(Path::new("deno"))), PermissionState::Granted); assert_eq!(perms1.hrtime.query(), PermissionState::Granted); assert_eq!(perms2.hrtime.query(), PermissionState::Prompt); }; @@ -1772,10 +2416,10 @@ mod tests { set_prompt_result(false); assert_eq!(perms.run.request(Some(&"deno".to_string())), PermissionState::Granted); set_prompt_result(true); - assert_eq!(perms.ffi.request(Some(&"deno".to_string())), PermissionState::Granted); + assert_eq!(perms.ffi.request(Some(Path::new("deno"))), PermissionState::Granted); assert_eq!(perms.ffi.query(None), PermissionState::Prompt); set_prompt_result(false); - assert_eq!(perms.ffi.request(Some(&"deno".to_string())), PermissionState::Granted); + assert_eq!(perms.ffi.request(Some(Path::new("deno"))), PermissionState::Granted); set_prompt_result(false); assert_eq!(perms.hrtime.request(), PermissionState::Denied); set_prompt_result(true); @@ -1817,11 +2461,11 @@ mod tests { }, ffi: UnaryPermission { global_state: PermissionState::Prompt, - ..Permissions::new_ffi(&Some(svec!["deno"]), false) + ..Permissions::new_ffi(&Some(vec![PathBuf::from("deno")]), false) }, hrtime: UnitPermission { state: PermissionState::Denied, - ..Default::default() + ..Permissions::new_hrtime(false, false) }, }; #[rustfmt::skip] @@ -1837,7 +2481,7 @@ mod tests { assert_eq!(perms.net.query(Some(&("127.0.0.1", Some(8000)))), PermissionState::Granted); assert_eq!(perms.env.revoke(Some(&"HOME".to_string())), PermissionState::Prompt); assert_eq!(perms.run.revoke(Some(&"deno".to_string())), PermissionState::Prompt); - assert_eq!(perms.ffi.revoke(Some(&"deno".to_string())), PermissionState::Prompt); + assert_eq!(perms.ffi.revoke(Some(Path::new("deno"))), PermissionState::Prompt); assert_eq!(perms.hrtime.revoke(), PermissionState::Denied); }; } @@ -1977,4 +2621,233 @@ mod tests { PermissionState::Prompt ); } + + #[test] + fn test_deserialize_child_permissions_arg() { + assert_eq!( + ChildPermissionsArg::default(), + ChildPermissionsArg { + env: ChildUnaryPermissionArg::Inherit, + hrtime: ChildUnitPermissionArg::Inherit, + net: ChildUnaryPermissionArg::Inherit, + ffi: ChildUnaryPermissionArg::Inherit, + read: ChildUnaryPermissionArg::Inherit, + run: ChildUnaryPermissionArg::Inherit, + write: ChildUnaryPermissionArg::Inherit, + } + ); + assert_eq!( + serde_json::from_value::<ChildPermissionsArg>(json!("inherit")).unwrap(), + ChildPermissionsArg::default() + ); + assert_eq!( + serde_json::from_value::<ChildPermissionsArg>(json!("none")).unwrap(), + ChildPermissionsArg { + env: ChildUnaryPermissionArg::NotGranted, + hrtime: ChildUnitPermissionArg::NotGranted, + net: ChildUnaryPermissionArg::NotGranted, + ffi: ChildUnaryPermissionArg::NotGranted, + read: ChildUnaryPermissionArg::NotGranted, + run: ChildUnaryPermissionArg::NotGranted, + write: ChildUnaryPermissionArg::NotGranted, + } + ); + assert_eq!( + serde_json::from_value::<ChildPermissionsArg>(json!({})).unwrap(), + ChildPermissionsArg::default() + ); + assert_eq!( + serde_json::from_value::<ChildPermissionsArg>(json!({ + "env": ["foo", "bar"], + })) + .unwrap(), + ChildPermissionsArg { + env: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar"]), + ..Default::default() + } + ); + assert_eq!( + serde_json::from_value::<ChildPermissionsArg>(json!({ + "hrtime": true, + })) + .unwrap(), + ChildPermissionsArg { + hrtime: ChildUnitPermissionArg::Granted, + ..Default::default() + } + ); + assert_eq!( + serde_json::from_value::<ChildPermissionsArg>(json!({ + "hrtime": false, + })) + .unwrap(), + ChildPermissionsArg { + hrtime: ChildUnitPermissionArg::NotGranted, + ..Default::default() + } + ); + assert_eq!( + serde_json::from_value::<ChildPermissionsArg>(json!({ + "env": true, + "net": true, + "ffi": true, + "read": true, + "run": true, + "write": true, + })) + .unwrap(), + ChildPermissionsArg { + env: ChildUnaryPermissionArg::Granted, + net: ChildUnaryPermissionArg::Granted, + ffi: ChildUnaryPermissionArg::Granted, + read: ChildUnaryPermissionArg::Granted, + run: ChildUnaryPermissionArg::Granted, + write: ChildUnaryPermissionArg::Granted, + ..Default::default() + } + ); + assert_eq!( + serde_json::from_value::<ChildPermissionsArg>(json!({ + "env": false, + "net": false, + "ffi": false, + "read": false, + "run": false, + "write": false, + })) + .unwrap(), + ChildPermissionsArg { + env: ChildUnaryPermissionArg::NotGranted, + net: ChildUnaryPermissionArg::NotGranted, + ffi: ChildUnaryPermissionArg::NotGranted, + read: ChildUnaryPermissionArg::NotGranted, + run: ChildUnaryPermissionArg::NotGranted, + write: ChildUnaryPermissionArg::NotGranted, + ..Default::default() + } + ); + assert_eq!( + serde_json::from_value::<ChildPermissionsArg>(json!({ + "env": ["foo", "bar"], + "net": ["foo", "bar:8000"], + "ffi": ["foo", "file:///bar/baz"], + "read": ["foo", "file:///bar/baz"], + "run": ["foo", "file:///bar/baz", "./qux"], + "write": ["foo", "file:///bar/baz"], + })) + .unwrap(), + ChildPermissionsArg { + env: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar"]), + net: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar:8000"]), + ffi: ChildUnaryPermissionArg::GrantedList(svec![ + "foo", + "file:///bar/baz" + ]), + read: ChildUnaryPermissionArg::GrantedList(svec![ + "foo", + "file:///bar/baz" + ]), + run: ChildUnaryPermissionArg::GrantedList(svec![ + "foo", + "file:///bar/baz", + "./qux" + ]), + write: ChildUnaryPermissionArg::GrantedList(svec![ + "foo", + "file:///bar/baz" + ]), + ..Default::default() + } + ); + } + + #[test] + fn test_create_child_permissions() { + let mut main_perms = Permissions { + env: Permissions::new_env(&Some(vec![]), false), + hrtime: Permissions::new_hrtime(true, false), + net: Permissions::new_net(&Some(svec!["foo", "bar"]), false), + ..Default::default() + }; + assert_eq!( + create_child_permissions( + &mut main_perms.clone(), + ChildPermissionsArg { + env: ChildUnaryPermissionArg::Inherit, + hrtime: ChildUnitPermissionArg::NotGranted, + net: ChildUnaryPermissionArg::GrantedList(svec!["foo"]), + ffi: ChildUnaryPermissionArg::NotGranted, + ..Default::default() + } + ) + .unwrap(), + Permissions { + env: Permissions::new_env(&Some(vec![]), false), + net: Permissions::new_net(&Some(svec!["foo"]), false), + ..Default::default() + } + ); + assert!(create_child_permissions( + &mut main_perms.clone(), + ChildPermissionsArg { + net: ChildUnaryPermissionArg::Granted, + ..Default::default() + } + ) + .is_err()); + assert!(create_child_permissions( + &mut main_perms.clone(), + ChildPermissionsArg { + net: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar", "baz"]), + ..Default::default() + } + ) + .is_err()); + assert!(create_child_permissions( + &mut main_perms, + ChildPermissionsArg { + ffi: ChildUnaryPermissionArg::GrantedList(svec!["foo"]), + ..Default::default() + } + ) + .is_err()); + } + + #[test] + fn test_create_child_permissions_with_prompt() { + let _guard = PERMISSION_PROMPT_GUARD.lock(); + let mut main_perms = Permissions::from_options(&PermissionsOptions { + prompt: true, + ..Default::default() + }); + set_prompt_result(true); + let worker_perms = create_child_permissions( + &mut main_perms, + ChildPermissionsArg { + hrtime: ChildUnitPermissionArg::Granted, + read: ChildUnaryPermissionArg::Granted, + run: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar"]), + ..Default::default() + }, + ) + .unwrap(); + assert_eq!(main_perms, worker_perms); + } + + #[test] + fn test_create_child_permissions_with_inherited_denied_list() { + let _guard = PERMISSION_PROMPT_GUARD.lock(); + let mut main_perms = Permissions::from_options(&PermissionsOptions { + prompt: true, + ..Default::default() + }); + set_prompt_result(false); + assert!(main_perms.write.check(&PathBuf::from("foo")).is_err()); + let worker_perms = create_child_permissions( + &mut main_perms.clone(), + ChildPermissionsArg::default(), + ) + .unwrap(); + assert_eq!(worker_perms.write.denied_list, main_perms.write.denied_list); + } } |