From 32aeec9630dc91162f0408b95dd86e1c26e4c1d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Mon, 11 May 2020 13:13:27 +0200 Subject: refactor: check permissions in SourceFileFetcher (#5011) This PR hot-fixes permission escapes in dynamic imports, workers and runtime compiler APIs. "permissions" parameter was added to public APIs of SourceFileFetcher and appropriate permission checks are performed during loading of local and remote files. --- cli/ops/compiler.rs | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'cli/ops/compiler.rs') diff --git a/cli/ops/compiler.rs b/cli/ops/compiler.rs index 83b6d944c..b84401187 100644 --- a/cli/ops/compiler.rs +++ b/cli/ops/compiler.rs @@ -69,7 +69,11 @@ fn op_fetch_source_files( None }; - let global_state = state.borrow().global_state.clone(); + let s = state.borrow(); + let global_state = s.global_state.clone(); + let permissions = s.permissions.clone(); + let perms_ = permissions.clone(); + drop(s); let file_fetcher = global_state.file_fetcher.clone(); let specifiers = args.specifiers.clone(); let future = async move { @@ -78,6 +82,7 @@ fn op_fetch_source_files( .map(|specifier| { let file_fetcher_ = file_fetcher.clone(); let ref_specifier_ = ref_specifier.clone(); + let perms_ = perms_.clone(); async move { let resolved_specifier = ModuleSpecifier::resolve_url(&specifier) .expect("Invalid specifier"); @@ -100,7 +105,7 @@ fn op_fetch_source_files( } } file_fetcher_ - .fetch_source_file(&resolved_specifier, ref_specifier_) + .fetch_source_file(&resolved_specifier, ref_specifier_, perms_) .await } .boxed_local() @@ -118,7 +123,11 @@ fn op_fetch_source_files( let types_specifier = ModuleSpecifier::from(types_url); global_state .file_fetcher - .fetch_source_file(&types_specifier, ref_specifier.clone()) + .fetch_source_file( + &types_specifier, + ref_specifier.clone(), + permissions.clone(), + ) .await .map_err(OpError::from)? } -- cgit v1.2.3