foster/deno
0
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-03-09 21:57:40 -04:00
Code Issues Packages 1 Wiki Activity

fix(runtime): improve permission descriptor validation (#14676)

Browse source 
This commit improves the permission descriptor validation by
explicitly checking for object types and using optional
chaining when creating error messages in case the descriptor
is not an object.

Fixes: https://github.com/denoland/deno/issues/14675
This commit is contained in:
Colin Ihrig 2022-05-19 17:45:09 -04:00 committed by Kitson Kelly
parent 11e4d43cfc
commit 7ae0858fda
No known key found for this signature in database
GPG key ID: 2D87CFF11B51960A
2 changed files with 22 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
cli/tests/unit/permissions_test.ts
View file

@ -71,3 +71,18 @@ Deno.test(async function permissionURL() {
command: new URL(".", import.meta.url), command: new URL(".", import.meta.url),
}); });
}); });
Deno.test(async function permissionDescriptorValidation() {
for (const value of [undefined, null, {}]) {
for (const method of ["query", "request", "revoke"]) {
await assertRejects(
async () => {
// deno-lint-ignore no-explicit-any
await (Deno.permissions as any)[method](value as any);
},
TypeError,
'"undefined" is not a valid permission name',
);
}
}
});

11
runtime/js/10_permissions.js
View file

@ -149,7 +149,7 @@
* @returns {desc is Deno.PermissionDescriptor} * @returns {desc is Deno.PermissionDescriptor}
*/ */
function isValidDescriptor(desc) { function isValidDescriptor(desc) {
return desc && desc !== null && return typeof desc === "object" && desc !== null &&
ArrayPrototypeIncludes(permissionNames, desc.name); ArrayPrototypeIncludes(permissionNames, desc.name);
} }
@ -164,7 +164,8 @@
if (!isValidDescriptor(desc)) { if (!isValidDescriptor(desc)) {
return PromiseReject( return PromiseReject(
new TypeError( new TypeError(
`The provided value "${desc.name}" is not a valid permission name.`, `The provided value "${desc
?.name}" is not a valid permission name.`,
), ),
); );
} }
@ -185,7 +186,8 @@
if (!isValidDescriptor(desc)) { if (!isValidDescriptor(desc)) {
return PromiseReject( return PromiseReject(
new TypeError( new TypeError(
`The provided value "${desc.name}" is not a valid permission name.`, `The provided value "${desc
?.name}" is not a valid permission name.`,
), ),
); );
} }
@ -204,7 +206,8 @@
if (!isValidDescriptor(desc)) { if (!isValidDescriptor(desc)) {
return PromiseReject( return PromiseReject(
new TypeError( new TypeError(
`The provided value "${desc.name}" is not a valid permission name.`, `The provided value "${desc
?.name}" is not a valid permission name.`,
), ),
); );
} }