| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Co-authored-by: nathanwhit <nathanwhit@users.noreply.github.com>
|
|
This is the release commit being forwarded back to main for 1.44.1
Co-authored-by: devsnek <devsnek@users.noreply.github.com>
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
|
|
Bumped versions for 1.44.0
Co-authored-by: littledivy <littledivy@users.noreply.github.com>
|
|
Bumped versions for 1.43.6
Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
|
|
Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
|
|
**Unix**: Returns the value of the HOME environment variable if it is
set even if it is an empty string. Otherwise, it tries to determine the
home directory by invoking the
[getpwuid_r](https://linux.die.net/man/3/getpwuid_r) function with the
UID of the current user.
**Windows**: Returns the value of the USERPROFILE environment variable
if it is set and it is not an empty string. Otherwise, it tries to
determine the home directory by invoking the
[SHGetKnownFolderPath](https://learn.microsoft.com/en-us/windows/win32/api/shlobj_core/nf-shlobj_core-shgetknownfolderpath)
function with
[FOLDERID_Profile](https://learn.microsoft.com/en-us/windows/win32/shell/knownfolderid).
Fixes https://github.com/denoland/deno/issues/23824
|
|
|
|
Co-authored-by: David Sherret <dsherret@gmail.com>
|
|
`deno run script.ts <(some command)` is a valid use case -- let's allow
this to work without `--allow-all`.
Fixes #23703
|
|
1. Generally we should prefer to use the `log` crate.
2. I very often accidentally commit `eprintln`s.
When we should use `println` or `eprintln`, it's not too bad to be a bit
more verbose and ignore the lint rule.
|
|
**THIS PR HAS GIT CONFLICTS THAT MUST BE RESOLVED**
This is the release commit being forwarded back to main for 1.43.2
Please ensure:
- [x] Everything looks ok in the PR
- [x] The release has been published
To make edits to this PR:
```shell
git fetch upstream forward_v1.43.2 && git checkout -b forward_v1.43.2 upstream/forward_v1.43.2
```
Don't need this PR? Close it.
cc @nathanwhit
Co-authored-by: nathanwhit <nathanwhit@users.noreply.github.com>
Co-authored-by: Nathan Whitaker <nathan@deno.com>
|
|
Fixes [23721](https://github.com/denoland/deno/issues/23721)
|
|
This is not a special path that can be used to escalate or bypass Deno
permissions, such as `--allow-env`.
|
|
Bumped versions for 1.43.0
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
|
|
Bumped versions for 1.43.0
Co-authored-by: littledivy <littledivy@users.noreply.github.com>
|
|
open (#23208)
Embedders may have special requirements around file opening, so we add a
new `check_open` permission check that is called as part of the file
open process.
|
|
Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
|
|
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
|
|
Co-authored-by: Satya Rohith <me@satyarohith.com>
|
|
Followup to https://github.com/denoland/deno/pull/23184
|
|
The permission prompt doesn't wait for quiescent input, so someone
pasting a large text file into the console may end up losing the prompt.
We enforce a minimum human delay and wait for a 100ms quiescent period
before we write and accept prompt input to avoid this problem.
This does require adding a human delay in all prompt tests, but that's
pretty straightforward. I rewrote the locked stdout/stderr test while I
was in here.
|
|
This is the release commit being forwarded back to main for 1.42.1
Co-authored-by: littledivy <littledivy@users.noreply.github.com>
|
|
Bumped versions for 1.42.0
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
|
|
Forward 1.41.3 release commit
Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
Co-authored-by: nathanwhit <nathanwhit@users.noreply.github.com>
|
|
"fully-granted" state (#22894)
Skips the access check if the specific unary permission is in an
all-granted state. Generally prevents an allocation or two.
Hooks up a quiet "all" permission that is automatically inherited. This
permission will be used in the future to indicate that the user wishes
to accept all side-effects of the permissions they explicitly granted.
The "all" permission is an "ambient flag"-style permission that states
whether "allow-all" was passed on the command-line.
|
|
Unlocking a potential perf optimization at a later date -- carry the
`allow_all` flag into the permission container.
|
|
|
|
Issue https://github.com/denoland/deno/issues/22222
This PR moves `runtime/permissions` code to a upstream crate called
`deno_permissions`. The `deno_permissions::PermissionsContainer` is put
into the OpState and can be used instead of the current trait-based
permissions system.
For this PR, I've migrated `deno_fetch` to the new crate but kept the
rest of the trait-based system as a wrapper of `deno_permissions` crate.
Doing the migration all at once is error prone and hard to review.
Comparing incremental compile times for `ext/fetch` on Mac M1:
| profile | `cargo build --bin deno` | `cargo plonk build --bin deno` |
| --------- | ------------- | ------------------- |
| `debug` | 20 s | 0.8s |
| `release` | 4 mins 12 s | 1.4s |
|
|
If we strip out unprintable chars, we don't see the full filename being
requested by permission prompts. Instead, we highlight and escape them
to make them visible.
|
|
|
|
Fixes #22221 with the suggested fix, and added "cpus" to the existing
tests.
|
|
Fixes https://github.com/denoland/deno/issues/20803
Fixes https://github.com/denoland/deno/issues/21723
Performance: copying a 48GiB rust `target` folder (recursive)
| Platform | `deno` | `node v21.5` | Improvement |
| -------- | ------- | ------- | ------- |
| macOS (APFS) | 3.1secs | 127.99 secs | **42x** |
| Windows | 18.3secs | 67.2secs | **3.8x** |
Copying files with varying sizes:
|
|
Harden the code that does permission checks to protect against
re-opening of stdin.
Code that runs FFI is vulnerable to an attack where fd 0 is closed
during a permission check and re-opened with a file that contains a
positive response (ie: `y` or `A`). While FFI code is dangerous in
general, we can make it more difficult for FFI-enabled code to bypass
additional permission checks.
- Checks to see if the underlying file for stdin has changed from the
start to the end of the permission check (detects races)
- Checks to see if the message is excessively long (lowering the window
for races)
- Checks to see if stdin and stderr are still terminals at the end of
the function (making races more difficult)
|
|
|
|
|
|
|
|
fix #21385
|
|
This is dead code that was not used in any way.
Ref https://github.com/denoland/deno/pull/20797
|
|
queries (#14130)
Closes #14122.
Adds two extensions to `--allow-run` behaviour:
- When `--allow-run=foo` is specified and `foo` is found in the `PATH`
at startup, `RunDescriptor::Path(which("foo"))` is added to the
allowlist alongside `RunDescriptor::Name("foo")`. Currently only the
latter is.
- When run permission for `foo` is queried and `foo` is found in the
`PATH` at runtime, either `RunDescriptor::Path(which("foo"))` or
`RunDescriptor::Name("foo")` would qualify in the allowlist. Currently
only the latter does.
|
|
Removes a crate with an outstanding vulnerability.
|
|
This patch adds a `remote` backend for `ext/kv`. This supports
connection to Deno Deploy and potentially other services compatible with
the KV Connect protocol.
|
|
This commit adds new "--deny-*" permission flags. These are complimentary to
"--allow-*" flags.
These flags can be used to restrict access to certain resources, even if they
were granted using "--allow-*" flags or the "--allow-all" ("-A") flag.
Eg. specifying "--allow-read --deny-read" will result in a permission error,
while "--allow-read --deny-read=/etc" will allow read access to all FS but the
"/etc" directory.
Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly
by adding, a new "PermissionStatus.partial" field. This field denotes that
while permission might be granted to requested resource, it's only partial (ie.
a "--deny-*" flag was specified that excludes some of the requested resources).
Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for
permissions like "Deno.permissions.query({ name: "read", path: "foo/" })"
will return "PermissionStatus { state: "granted", onchange: null, partial: true }",
denoting that some of the subpaths don't have read access.
Closes #18804.
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
|
|
Takes #4202 over
Closes #17850
---------
Co-authored-by: ecyrbe <ecyrbe@gmail.com>
|
|
|
|
|
|
Co-authored-by: linbingquan <695601626@qq.com>
|
|
Refactors the internal usage of a readablestream to write to the
resource directly
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
clones (#18831)
We can make `NodePermissions` rely on interior mutability (which the
`PermissionsContainer` is already doing) in order to not have to clone
everything all the time. This also reduces the chance of an accidental
`borrow` while `borrrow_mut`.
|
