foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-21 21:50:00 -05:00
Code Issues Packages 1 Wiki Activity

Rename DenoPermissions, add abs path asserts (#5076)

Browse source
This commit is contained in:
Ryan Dahl 2020-05-04 14:10:59 -04:00 committed by GitHub
parent 796fc9bc3e
commit 191c59a591
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 39 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cli/global_state.rs
View file

@ -10,7 +10,7 @@ use crate::flags;
use crate::http_cache;
use crate::lockfile::Lockfile;
use crate::msg;
use crate::permissions::DenoPermissions;
use crate::permissions::Permissions;
use deno_core::ErrBox;
use deno_core::ModuleSpecifier;
use std::env;
@ -31,7 +31,7 @@ pub struct GlobalStateInner {
/// Flags parsed from `argv` contents.
pub flags: flags::Flags,
/// Permissions parsed from `flags`.
pub permissions: DenoPermissions,
pub permissions: Permissions,
pub dir: deno_dir::DenoDir,
pub file_fetcher: SourceFileFetcher,
pub js_compiler: JsCompiler,
@ -81,7 +81,7 @@ impl GlobalState {
let inner = GlobalStateInner {
dir,
permissions: DenoPermissions::from_flags(&flags),
permissions: Permissions::from_flags(&flags),
flags,
file_fetcher,
ts_compiler,

6
cli/ops/worker_host.rs
View file

@ -4,7 +4,7 @@ use crate::fmt_errors::JSError;
use crate::global_state::GlobalState;
use crate::op_error::OpError;
use crate::ops::io::get_stdio;
use crate::permissions::DenoPermissions;
use crate::permissions::Permissions;
use crate::startup_data;
use crate::state::State;
use crate::tokio_util::create_basic_runtime;
@ -39,7 +39,7 @@ fn create_web_worker(
worker_id: u32,
name: String,
global_state: GlobalState,
permissions: DenoPermissions,
permissions: Permissions,
specifier: ModuleSpecifier,
has_deno_namespace: bool,
) -> Result<WebWorker, ErrBox> {
@ -77,7 +77,7 @@ fn run_worker_thread(
worker_id: u32,
name: String,
global_state: GlobalState,
permissions: DenoPermissions,
permissions: Permissions,
specifier: ModuleSpecifier,
has_deno_namespace: bool,
maybe_source_code: Option<String>,

51
cli/permissions.rs
View file

@ -97,7 +97,7 @@ impl Default for PermissionState {
}
#[derive(Clone, Debug, Default)]
pub struct DenoPermissions {
pub struct Permissions {
// Keep in sync with cli/js/permissions.ts
pub allow_read: PermissionState,
pub read_whitelist: HashSet<PathBuf>,
@ -111,8 +111,15 @@ pub struct DenoPermissions {
pub allow_hrtime: PermissionState,
}
impl DenoPermissions {
impl Permissions {
pub fn from_flags(flags: &Flags) -> Self {
// assert each whitelist path is absolute, since the cwd may change.
for path in &flags.read_whitelist {
assert!(path.has_root());
}
for path in &flags.write_whitelist {
assert!(path.has_root());
}
Self {
allow_read: PermissionState::from(flags.allow_read),
read_whitelist: flags.read_whitelist.iter().cloned().collect(),
@ -392,7 +399,7 @@ mod tests {
PathBuf::from("/b/c"),
];
let perms = DenoPermissions::from_flags(&Flags {
let perms = Permissions::from_flags(&Flags {
read_whitelist: whitelist.clone(),
write_whitelist: whitelist,
..Default::default()
@ -439,7 +446,7 @@ mod tests {
#[test]
fn test_check_net() {
let perms = DenoPermissions::from_flags(&Flags {
let perms = Permissions::from_flags(&Flags {
net_whitelist: svec![
"localhost",
"deno.land",
@ -523,13 +530,13 @@ mod tests {
#[test]
fn test_permissions_request_run() {
let guard = PERMISSION_PROMPT_GUARD.lock().unwrap();
let mut perms0 = DenoPermissions::from_flags(&Flags {
let mut perms0 = Permissions::from_flags(&Flags {
..Default::default()
});
set_prompt_result(true);
assert_eq!(perms0.request_run(), PermissionState::Allow);
let mut perms1 = DenoPermissions::from_flags(&Flags {
let mut perms1 = Permissions::from_flags(&Flags {
..Default::default()
});
set_prompt_result(false);
@ -541,7 +548,7 @@ mod tests {
fn test_permissions_request_read() {
let guard = PERMISSION_PROMPT_GUARD.lock().unwrap();
let whitelist = vec![PathBuf::from("/foo/bar")];
let mut perms0 = DenoPermissions::from_flags(&Flags {
let mut perms0 = Permissions::from_flags(&Flags {
read_whitelist: whitelist.clone(),
..Default::default()
});
@ -553,7 +560,7 @@ mod tests {
PermissionState::Allow
);
let mut perms1 = DenoPermissions::from_flags(&Flags {
let mut perms1 = Permissions::from_flags(&Flags {
read_whitelist: whitelist.clone(),
..Default::default()
});
@ -563,7 +570,7 @@ mod tests {
PermissionState::Allow
);
let mut perms2 = DenoPermissions::from_flags(&Flags {
let mut perms2 = Permissions::from_flags(&Flags {
read_whitelist: whitelist,
..Default::default()
});
@ -579,7 +586,7 @@ mod tests {
fn test_permissions_request_write() {
let guard = PERMISSION_PROMPT_GUARD.lock().unwrap();
let whitelist = vec![PathBuf::from("/foo/bar")];
let mut perms0 = DenoPermissions::from_flags(&Flags {
let mut perms0 = Permissions::from_flags(&Flags {
write_whitelist: whitelist.clone(),
..Default::default()
});
@ -591,7 +598,7 @@ mod tests {
PermissionState::Allow
);
let mut perms1 = DenoPermissions::from_flags(&Flags {
let mut perms1 = Permissions::from_flags(&Flags {
write_whitelist: whitelist.clone(),
..Default::default()
});
@ -601,7 +608,7 @@ mod tests {
PermissionState::Allow
);
let mut perms2 = DenoPermissions::from_flags(&Flags {
let mut perms2 = Permissions::from_flags(&Flags {
write_whitelist: whitelist,
..Default::default()
});
@ -618,7 +625,7 @@ mod tests {
let guard = PERMISSION_PROMPT_GUARD.lock().unwrap();
let whitelist = svec!["localhost:8080"];
let mut perms0 = DenoPermissions::from_flags(&Flags {
let mut perms0 = Permissions::from_flags(&Flags {
net_whitelist: whitelist.clone(),
..Default::default()
});
@ -632,7 +639,7 @@ mod tests {
PermissionState::Allow
);
let mut perms1 = DenoPermissions::from_flags(&Flags {
let mut perms1 = Permissions::from_flags(&Flags {
net_whitelist: whitelist.clone(),
..Default::default()
});
@ -644,7 +651,7 @@ mod tests {
PermissionState::Allow
);
let mut perms2 = DenoPermissions::from_flags(&Flags {
let mut perms2 = Permissions::from_flags(&Flags {
net_whitelist: whitelist.clone(),
..Default::default()
});
@ -656,7 +663,7 @@ mod tests {
PermissionState::Deny
);
let mut perms3 = DenoPermissions::from_flags(&Flags {
let mut perms3 = Permissions::from_flags(&Flags {
net_whitelist: whitelist,
..Default::default()
});
@ -668,13 +675,13 @@ mod tests {
#[test]
fn test_permissions_request_env() {
let guard = PERMISSION_PROMPT_GUARD.lock().unwrap();
let mut perms0 = DenoPermissions::from_flags(&Flags {
let mut perms0 = Permissions::from_flags(&Flags {
..Default::default()
});
set_prompt_result(true);
assert_eq!(perms0.request_env(), PermissionState::Allow);
let mut perms1 = DenoPermissions::from_flags(&Flags {
let mut perms1 = Permissions::from_flags(&Flags {
..Default::default()
});
set_prompt_result(false);
@ -685,13 +692,13 @@ mod tests {
#[test]
fn test_permissions_request_plugin() {
let guard = PERMISSION_PROMPT_GUARD.lock().unwrap();
let mut perms0 = DenoPermissions::from_flags(&Flags {
let mut perms0 = Permissions::from_flags(&Flags {
..Default::default()
});
set_prompt_result(true);
assert_eq!(perms0.request_plugin(), PermissionState::Allow);
let mut perms1 = DenoPermissions::from_flags(&Flags {
let mut perms1 = Permissions::from_flags(&Flags {
..Default::default()
});
set_prompt_result(false);
@ -702,13 +709,13 @@ mod tests {
#[test]
fn test_permissions_request_hrtime() {
let guard = PERMISSION_PROMPT_GUARD.lock().unwrap();
let mut perms0 = DenoPermissions::from_flags(&Flags {
let mut perms0 = Permissions::from_flags(&Flags {
..Default::default()
});
set_prompt_result(true);
assert_eq!(perms0.request_hrtime(), PermissionState::Allow);
let mut perms1 = DenoPermissions::from_flags(&Flags {
let mut perms1 = Permissions::from_flags(&Flags {
..Default::default()
});
set_prompt_result(false);

8
cli/state.rs
View file

@ -7,7 +7,7 @@ use crate::metrics::Metrics;
use crate::op_error::OpError;
use crate::ops::JsonOp;
use crate::ops::MinimalOp;
use crate::permissions::DenoPermissions;
use crate::permissions::Permissions;
use crate::web_worker::WebWorkerHandle;
use deno_core::Buf;
use deno_core::ErrBox;
@ -53,7 +53,7 @@ impl Deref for State {
#[cfg_attr(feature = "cargo-clippy", allow(stutter))]
pub struct StateInner {
pub global_state: GlobalState,
pub permissions: DenoPermissions,
pub permissions: Permissions,
pub main_module: ModuleSpecifier,
/// When flags contains a `.import_map_path` option, the content of the
/// import map file will be resolved and set.
@ -355,7 +355,7 @@ impl State {
/// If `shared_permission` is None then permissions from globa state are used.
pub fn new(
global_state: GlobalState,
shared_permissions: Option<DenoPermissions>,
shared_permissions: Option<Permissions>,
main_module: ModuleSpecifier,
debug_type: DebugType,
) -> Result<Self, ErrBox> {
@ -402,7 +402,7 @@ impl State {
/// If `shared_permission` is None then permissions from globa state are used.
pub fn new_for_worker(
global_state: GlobalState,
shared_permissions: Option<DenoPermissions>,
shared_permissions: Option<Permissions>,
main_module: ModuleSpecifier,
) -> Result<Self, ErrBox> {
let seeded_rng = match global_state.flags.seed {