mirror of
https://github.com/denoland/deno.git
synced 2025-01-21 21:50:00 -05:00
BREAKING(permissions): remove --allow-hrtime (#25367)
Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because it is already possible to get access to high resolution timers through workers and SharedArrayBuffer. Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
This commit is contained in:
parent
b5695d02df
commit
5cf97f539b
34 changed files with 30 additions and 270 deletions
|
@ -619,8 +619,6 @@ pub struct PermissionFlags {
|
||||||
pub allow_all: bool,
|
pub allow_all: bool,
|
||||||
pub allow_env: Option<Vec<String>>,
|
pub allow_env: Option<Vec<String>>,
|
||||||
pub deny_env: Option<Vec<String>>,
|
pub deny_env: Option<Vec<String>>,
|
||||||
pub allow_hrtime: bool,
|
|
||||||
pub deny_hrtime: bool,
|
|
||||||
pub allow_ffi: Option<Vec<String>>,
|
pub allow_ffi: Option<Vec<String>>,
|
||||||
pub deny_ffi: Option<Vec<String>>,
|
pub deny_ffi: Option<Vec<String>>,
|
||||||
pub allow_net: Option<Vec<String>>,
|
pub allow_net: Option<Vec<String>>,
|
||||||
|
@ -641,8 +639,6 @@ impl PermissionFlags {
|
||||||
self.allow_all
|
self.allow_all
|
||||||
|| self.allow_env.is_some()
|
|| self.allow_env.is_some()
|
||||||
|| self.deny_env.is_some()
|
|| self.deny_env.is_some()
|
||||||
|| self.allow_hrtime
|
|
||||||
|| self.deny_hrtime
|
|
||||||
|| self.allow_ffi.is_some()
|
|| self.allow_ffi.is_some()
|
||||||
|| self.deny_ffi.is_some()
|
|| self.deny_ffi.is_some()
|
||||||
|| self.allow_net.is_some()
|
|| self.allow_net.is_some()
|
||||||
|
@ -690,8 +686,6 @@ impl PermissionFlags {
|
||||||
allow_all: self.allow_all,
|
allow_all: self.allow_all,
|
||||||
allow_env: self.allow_env.clone(),
|
allow_env: self.allow_env.clone(),
|
||||||
deny_env: self.deny_env.clone(),
|
deny_env: self.deny_env.clone(),
|
||||||
allow_hrtime: self.allow_hrtime,
|
|
||||||
deny_hrtime: self.deny_hrtime,
|
|
||||||
allow_net: self.allow_net.clone(),
|
allow_net: self.allow_net.clone(),
|
||||||
deny_net: self.deny_net.clone(),
|
deny_net: self.deny_net.clone(),
|
||||||
allow_ffi: convert_option_str_to_path_buf(&self.allow_ffi, initial_cwd)?,
|
allow_ffi: convert_option_str_to_path_buf(&self.allow_ffi, initial_cwd)?,
|
||||||
|
@ -905,14 +899,6 @@ impl Flags {
|
||||||
_ => {}
|
_ => {}
|
||||||
}
|
}
|
||||||
|
|
||||||
if self.permissions.allow_hrtime {
|
|
||||||
args.push("--allow-hrtime".to_string());
|
|
||||||
}
|
|
||||||
|
|
||||||
if self.permissions.deny_hrtime {
|
|
||||||
args.push("--deny-hrtime".to_string());
|
|
||||||
}
|
|
||||||
|
|
||||||
args
|
args
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -996,8 +982,6 @@ impl Flags {
|
||||||
pub fn has_permission_in_argv(&self) -> bool {
|
pub fn has_permission_in_argv(&self) -> bool {
|
||||||
self.argv.iter().any(|arg| {
|
self.argv.iter().any(|arg| {
|
||||||
arg == "--allow-all"
|
arg == "--allow-all"
|
||||||
|| arg == "--allow-hrtime"
|
|
||||||
|| arg == "--deny-hrtime"
|
|
||||||
|| arg.starts_with("--allow-env")
|
|| arg.starts_with("--allow-env")
|
||||||
|| arg.starts_with("--deny-env")
|
|| arg.starts_with("--deny-env")
|
||||||
|| arg.starts_with("--allow-ffi")
|
|| arg.starts_with("--allow-ffi")
|
||||||
|
@ -1025,7 +1009,6 @@ impl Flags {
|
||||||
self.permissions.allow_write = Some(vec![]);
|
self.permissions.allow_write = Some(vec![]);
|
||||||
self.permissions.allow_sys = Some(vec![]);
|
self.permissions.allow_sys = Some(vec![]);
|
||||||
self.permissions.allow_ffi = Some(vec![]);
|
self.permissions.allow_ffi = Some(vec![]);
|
||||||
self.permissions.allow_hrtime = true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn resolve_watch_exclude_set(
|
pub fn resolve_watch_exclude_set(
|
||||||
|
@ -1393,7 +1376,6 @@ fn handle_repl_flags(flags: &mut Flags, repl_flags: ReplFlags) {
|
||||||
flags.permissions.allow_sys = Some(vec![]);
|
flags.permissions.allow_sys = Some(vec![]);
|
||||||
flags.permissions.allow_write = Some(vec![]);
|
flags.permissions.allow_write = Some(vec![]);
|
||||||
flags.permissions.allow_ffi = Some(vec![]);
|
flags.permissions.allow_ffi = Some(vec![]);
|
||||||
flags.permissions.allow_hrtime = true;
|
|
||||||
}
|
}
|
||||||
flags.subcommand = DenoSubcommand::Repl(repl_flags);
|
flags.subcommand = DenoSubcommand::Repl(repl_flags);
|
||||||
}
|
}
|
||||||
|
@ -3098,8 +3080,6 @@ Docs: <c>https://docs.deno.com/go/permissions</>
|
||||||
<p(245)>--allow-run | --allow-run="whoami,ps"</>
|
<p(245)>--allow-run | --allow-run="whoami,ps"</>
|
||||||
<g>--allow-ffi[=<<PATH>...]</> (Unstable) Allow loading dynamic libraries. Optionally specify allowed directories or files.
|
<g>--allow-ffi[=<<PATH>...]</> (Unstable) Allow loading dynamic libraries. Optionally specify allowed directories or files.
|
||||||
<p(245)>--allow-ffi | --allow-ffi="./libfoo.so"</>
|
<p(245)>--allow-ffi | --allow-ffi="./libfoo.so"</>
|
||||||
<g>--allow-hrtime</> Allow high-resolution time measurement. Note: this can enable timing attacks and fingerprinting.
|
|
||||||
<p(245)>--allow-hrtime</>
|
|
||||||
<g> --deny-read[=<<PATH>...]</> Deny file system read access. Optionally specify denied paths.
|
<g> --deny-read[=<<PATH>...]</> Deny file system read access. Optionally specify denied paths.
|
||||||
<p(245)>--deny-read | --deny-read="/etc,/var/log.txt"</>
|
<p(245)>--deny-read | --deny-read="/etc,/var/log.txt"</>
|
||||||
<g> --deny-write[=<<PATH>...]</> Deny file system write access. Optionally specify denied paths.
|
<g> --deny-write[=<<PATH>...]</> Deny file system write access. Optionally specify denied paths.
|
||||||
|
@ -3114,8 +3094,6 @@ Docs: <c>https://docs.deno.com/go/permissions</>
|
||||||
<p(245)>--deny-run | --deny-run="whoami,ps"</>
|
<p(245)>--deny-run | --deny-run="whoami,ps"</>
|
||||||
<g>--deny-ffi[=<<PATH>...]</> (Unstable) Deny loading dynamic libraries. Optionally specify denied directories or files.
|
<g>--deny-ffi[=<<PATH>...]</> (Unstable) Deny loading dynamic libraries. Optionally specify denied directories or files.
|
||||||
<p(245)>--deny-ffi | --deny-ffi="./libfoo.so"</>
|
<p(245)>--deny-ffi | --deny-ffi="./libfoo.so"</>
|
||||||
<g>--deny-hrtime</> Deny high-resolution time measurement.
|
|
||||||
<p(245)>--deny-hrtime</>
|
|
||||||
"#))
|
"#))
|
||||||
.arg(
|
.arg(
|
||||||
Arg::new("allow-all")
|
Arg::new("allow-all")
|
||||||
|
@ -3312,14 +3290,14 @@ Docs: <c>https://docs.deno.com/go/permissions</>
|
||||||
Arg::new("allow-hrtime")
|
Arg::new("allow-hrtime")
|
||||||
.long("allow-hrtime")
|
.long("allow-hrtime")
|
||||||
.action(ArgAction::SetTrue)
|
.action(ArgAction::SetTrue)
|
||||||
.help("Allow high-resolution time measurement. Note: this can enable timing attacks and fingerprinting")
|
.help("REMOVED in Deno 2.0")
|
||||||
.hide(true),
|
.hide(true),
|
||||||
)
|
)
|
||||||
.arg(
|
.arg(
|
||||||
Arg::new("deny-hrtime")
|
Arg::new("deny-hrtime")
|
||||||
.long("deny-hrtime")
|
.long("deny-hrtime")
|
||||||
.action(ArgAction::SetTrue)
|
.action(ArgAction::SetTrue)
|
||||||
.help("Deny high-resolution time measurement. Note: this can prevent timing attacks and fingerprinting")
|
.help("REMOVED in Deno 2.0")
|
||||||
.hide(true),
|
.hide(true),
|
||||||
)
|
)
|
||||||
.arg(
|
.arg(
|
||||||
|
@ -4802,12 +4780,8 @@ fn permission_args_parse(flags: &mut Flags, matches: &mut ArgMatches) {
|
||||||
debug!("ffi denylist: {:#?}", &flags.permissions.deny_ffi);
|
debug!("ffi denylist: {:#?}", &flags.permissions.deny_ffi);
|
||||||
}
|
}
|
||||||
|
|
||||||
if matches.get_flag("allow-hrtime") {
|
if matches.get_flag("allow-hrtime") || matches.get_flag("deny-hrtime") {
|
||||||
flags.permissions.allow_hrtime = true;
|
log::warn!("⚠️ Warning: `allow-hrtime` and `deny-hrtime` have been removed in Deno 2, as high resolution time is now always allowed.");
|
||||||
}
|
|
||||||
|
|
||||||
if matches.get_flag("deny-hrtime") {
|
|
||||||
flags.permissions.deny_hrtime = true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if matches.get_flag("allow-all") {
|
if matches.get_flag("allow-all") {
|
||||||
|
@ -5784,7 +5758,6 @@ mod tests {
|
||||||
allow_sys: Some(vec![]),
|
allow_sys: Some(vec![]),
|
||||||
allow_write: Some(vec![]),
|
allow_write: Some(vec![]),
|
||||||
allow_ffi: Some(vec![]),
|
allow_ffi: Some(vec![]),
|
||||||
allow_hrtime: true,
|
|
||||||
..Default::default()
|
..Default::default()
|
||||||
},
|
},
|
||||||
code_cache_enabled: true,
|
code_cache_enabled: true,
|
||||||
|
@ -5856,44 +5829,6 @@ mod tests {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn allow_hrtime() {
|
|
||||||
let r = flags_from_vec(svec!["deno", "run", "--allow-hrtime", "gist.ts"]);
|
|
||||||
assert_eq!(
|
|
||||||
r.unwrap(),
|
|
||||||
Flags {
|
|
||||||
subcommand: DenoSubcommand::Run(RunFlags::new_default(
|
|
||||||
"gist.ts".to_string(),
|
|
||||||
)),
|
|
||||||
permissions: PermissionFlags {
|
|
||||||
allow_hrtime: true,
|
|
||||||
..Default::default()
|
|
||||||
},
|
|
||||||
code_cache_enabled: true,
|
|
||||||
..Flags::default()
|
|
||||||
}
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn deny_hrtime() {
|
|
||||||
let r = flags_from_vec(svec!["deno", "run", "--deny-hrtime", "gist.ts"]);
|
|
||||||
assert_eq!(
|
|
||||||
r.unwrap(),
|
|
||||||
Flags {
|
|
||||||
subcommand: DenoSubcommand::Run(RunFlags::new_default(
|
|
||||||
"gist.ts".to_string(),
|
|
||||||
)),
|
|
||||||
permissions: PermissionFlags {
|
|
||||||
deny_hrtime: true,
|
|
||||||
..Default::default()
|
|
||||||
},
|
|
||||||
code_cache_enabled: true,
|
|
||||||
..Flags::default()
|
|
||||||
}
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn double_hyphen() {
|
fn double_hyphen() {
|
||||||
// notice that flags passed after double dash will not
|
// notice that flags passed after double dash will not
|
||||||
|
@ -6717,7 +6652,6 @@ mod tests {
|
||||||
allow_sys: Some(vec![]),
|
allow_sys: Some(vec![]),
|
||||||
allow_write: Some(vec![]),
|
allow_write: Some(vec![]),
|
||||||
allow_ffi: Some(vec![]),
|
allow_ffi: Some(vec![]),
|
||||||
allow_hrtime: true,
|
|
||||||
..Default::default()
|
..Default::default()
|
||||||
},
|
},
|
||||||
..Flags::default()
|
..Flags::default()
|
||||||
|
@ -6744,7 +6678,6 @@ mod tests {
|
||||||
allow_sys: Some(vec![]),
|
allow_sys: Some(vec![]),
|
||||||
allow_write: Some(vec![]),
|
allow_write: Some(vec![]),
|
||||||
allow_ffi: Some(vec![]),
|
allow_ffi: Some(vec![]),
|
||||||
allow_hrtime: true,
|
|
||||||
..Default::default()
|
..Default::default()
|
||||||
},
|
},
|
||||||
..Flags::default()
|
..Flags::default()
|
||||||
|
@ -6776,7 +6709,6 @@ mod tests {
|
||||||
allow_sys: Some(vec![]),
|
allow_sys: Some(vec![]),
|
||||||
allow_write: Some(vec![]),
|
allow_write: Some(vec![]),
|
||||||
allow_ffi: Some(vec![]),
|
allow_ffi: Some(vec![]),
|
||||||
allow_hrtime: true,
|
|
||||||
..Default::default()
|
..Default::default()
|
||||||
},
|
},
|
||||||
ext: Some("ts".to_string()),
|
ext: Some("ts".to_string()),
|
||||||
|
@ -6817,7 +6749,6 @@ mod tests {
|
||||||
allow_sys: Some(vec![]),
|
allow_sys: Some(vec![]),
|
||||||
allow_write: Some(vec![]),
|
allow_write: Some(vec![]),
|
||||||
allow_ffi: Some(vec![]),
|
allow_ffi: Some(vec![]),
|
||||||
allow_hrtime: true,
|
|
||||||
..Default::default()
|
..Default::default()
|
||||||
},
|
},
|
||||||
env_file: Some(".example.env".to_owned()),
|
env_file: Some(".example.env".to_owned()),
|
||||||
|
@ -6852,7 +6783,6 @@ mod tests {
|
||||||
allow_sys: Some(vec![]),
|
allow_sys: Some(vec![]),
|
||||||
allow_write: Some(vec![]),
|
allow_write: Some(vec![]),
|
||||||
allow_ffi: Some(vec![]),
|
allow_ffi: Some(vec![]),
|
||||||
allow_hrtime: true,
|
|
||||||
..Default::default()
|
..Default::default()
|
||||||
},
|
},
|
||||||
..Flags::default()
|
..Flags::default()
|
||||||
|
@ -6886,7 +6816,6 @@ mod tests {
|
||||||
deny_write: None,
|
deny_write: None,
|
||||||
allow_ffi: Some(vec![]),
|
allow_ffi: Some(vec![]),
|
||||||
deny_ffi: None,
|
deny_ffi: None,
|
||||||
allow_hrtime: true,
|
|
||||||
..Default::default()
|
..Default::default()
|
||||||
},
|
},
|
||||||
..Flags::default()
|
..Flags::default()
|
||||||
|
@ -6940,7 +6869,6 @@ mod tests {
|
||||||
allow_sys: Some(vec![]),
|
allow_sys: Some(vec![]),
|
||||||
allow_write: Some(vec![]),
|
allow_write: Some(vec![]),
|
||||||
allow_ffi: Some(vec![]),
|
allow_ffi: Some(vec![]),
|
||||||
allow_hrtime: true,
|
|
||||||
..Default::default()
|
..Default::default()
|
||||||
},
|
},
|
||||||
env_file: Some(".example.env".to_owned()),
|
env_file: Some(".example.env".to_owned()),
|
||||||
|
@ -10312,7 +10240,6 @@ mod tests {
|
||||||
allow_sys: Some(vec![]),
|
allow_sys: Some(vec![]),
|
||||||
allow_write: Some(vec![]),
|
allow_write: Some(vec![]),
|
||||||
allow_ffi: Some(vec![]),
|
allow_ffi: Some(vec![]),
|
||||||
allow_hrtime: true,
|
|
||||||
..Default::default()
|
..Default::default()
|
||||||
},
|
},
|
||||||
..Flags::default()
|
..Flags::default()
|
||||||
|
|
26
cli/tsc/dts/lib.deno.ns.d.ts
vendored
26
cli/tsc/dts/lib.deno.ns.d.ts
vendored
|
@ -553,15 +553,6 @@ declare namespace Deno {
|
||||||
*/
|
*/
|
||||||
sys?: "inherit" | boolean | string[];
|
sys?: "inherit" | boolean | string[];
|
||||||
|
|
||||||
/** Specifies if the `hrtime` permission should be requested or revoked.
|
|
||||||
* If set to `"inherit"`, the current `hrtime` permission will be inherited.
|
|
||||||
* If set to `true`, the global `hrtime` permission will be requested.
|
|
||||||
* If set to `false`, the global `hrtime` permission will be revoked.
|
|
||||||
*
|
|
||||||
* @default {false}
|
|
||||||
*/
|
|
||||||
hrtime?: "inherit" | boolean;
|
|
||||||
|
|
||||||
/** Specifies if the `net` permission should be requested or revoked.
|
/** Specifies if the `net` permission should be requested or revoked.
|
||||||
* if set to `"inherit"`, the current `net` permission will be inherited.
|
* if set to `"inherit"`, the current `net` permission will be inherited.
|
||||||
* if set to `true`, the global `net` permission will be requested.
|
* if set to `true`, the global `net` permission will be requested.
|
||||||
|
@ -4741,8 +4732,7 @@ declare namespace Deno {
|
||||||
| "net"
|
| "net"
|
||||||
| "env"
|
| "env"
|
||||||
| "sys"
|
| "sys"
|
||||||
| "ffi"
|
| "ffi";
|
||||||
| "hrtime";
|
|
||||||
|
|
||||||
/** The current status of the permission:
|
/** The current status of the permission:
|
||||||
*
|
*
|
||||||
|
@ -4873,17 +4863,6 @@ declare namespace Deno {
|
||||||
path?: string | URL;
|
path?: string | URL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** The permission descriptor for the `allow-hrtime` and `deny-hrtime` permissions, which
|
|
||||||
* controls if the runtime code has access to high resolution time. High
|
|
||||||
* resolution time is considered sensitive information, because it can be used
|
|
||||||
* by malicious code to gain information about the host that it might not
|
|
||||||
* otherwise have access to.
|
|
||||||
*
|
|
||||||
* @category Permissions */
|
|
||||||
export interface HrtimePermissionDescriptor {
|
|
||||||
name: "hrtime";
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Permission descriptors which define a permission and can be queried,
|
/** Permission descriptors which define a permission and can be queried,
|
||||||
* requested, or revoked.
|
* requested, or revoked.
|
||||||
*
|
*
|
||||||
|
@ -4899,8 +4878,7 @@ declare namespace Deno {
|
||||||
| NetPermissionDescriptor
|
| NetPermissionDescriptor
|
||||||
| EnvPermissionDescriptor
|
| EnvPermissionDescriptor
|
||||||
| SysPermissionDescriptor
|
| SysPermissionDescriptor
|
||||||
| FfiPermissionDescriptor
|
| FfiPermissionDescriptor;
|
||||||
| HrtimePermissionDescriptor;
|
|
||||||
|
|
||||||
/** The interface which defines what event types are supported by
|
/** The interface which defines what event types are supported by
|
||||||
* {@linkcode PermissionStatus} instances.
|
* {@linkcode PermissionStatus} instances.
|
||||||
|
|
6
cli/tsc/dts/lib.deno.shared_globals.d.ts
vendored
6
cli/tsc/dts/lib.deno.shared_globals.d.ts
vendored
|
@ -593,16 +593,12 @@ declare interface Performance extends EventTarget {
|
||||||
endMark?: string,
|
endMark?: string,
|
||||||
): PerformanceMeasure;
|
): PerformanceMeasure;
|
||||||
|
|
||||||
/** Returns a current time from Deno's start in milliseconds.
|
/** Returns a current time from Deno's start in fractional milliseconds.
|
||||||
*
|
|
||||||
* Use the permission flag `--allow-hrtime` to return a precise value.
|
|
||||||
*
|
*
|
||||||
* ```ts
|
* ```ts
|
||||||
* const t = performance.now();
|
* const t = performance.now();
|
||||||
* console.log(`${t} ms since start!`);
|
* console.log(`${t} ms since start!`);
|
||||||
* ```
|
* ```
|
||||||
*
|
|
||||||
* @tags allow-hrtime
|
|
||||||
*/
|
*/
|
||||||
now(): number;
|
now(): number;
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ pub trait TimersPermission {
|
||||||
impl TimersPermission for deno_permissions::PermissionsContainer {
|
impl TimersPermission for deno_permissions::PermissionsContainer {
|
||||||
#[inline(always)]
|
#[inline(always)]
|
||||||
fn allow_hrtime(&mut self) -> bool {
|
fn allow_hrtime(&mut self) -> bool {
|
||||||
deno_permissions::PermissionsContainer::allow_hrtime(self)
|
true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,7 @@ const illegalConstructorKey = Symbol("illegalConstructorKey");
|
||||||
* @property {boolean} partial
|
* @property {boolean} partial
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "sys" | "run" | "ffi" | "hrtime">} */
|
/** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "sys" | "run" | "ffi">} */
|
||||||
const permissionNames = [
|
const permissionNames = [
|
||||||
"read",
|
"read",
|
||||||
"write",
|
"write",
|
||||||
|
@ -46,7 +46,6 @@ const permissionNames = [
|
||||||
"sys",
|
"sys",
|
||||||
"run",
|
"run",
|
||||||
"ffi",
|
"ffi",
|
||||||
"hrtime",
|
|
||||||
];
|
];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -282,7 +281,7 @@ function serializePermissions(permissions) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (
|
for (
|
||||||
const key of new SafeArrayIterator(["env", "hrtime", "net", "sys"])
|
const key of new SafeArrayIterator(["env", "net", "sys"])
|
||||||
) {
|
) {
|
||||||
if (ArrayIsArray(permissions[key])) {
|
if (ArrayIsArray(permissions[key])) {
|
||||||
serializedPermissions[key] = ArrayPrototypeSlice(permissions[key]);
|
serializedPermissions[key] = ArrayPrototypeSlice(permissions[key]);
|
||||||
|
|
|
@ -73,7 +73,6 @@ pub fn op_query_permission(
|
||||||
.query(args.kind.as_deref().map(parse_sys_kind).transpose()?),
|
.query(args.kind.as_deref().map(parse_sys_kind).transpose()?),
|
||||||
"run" => permissions.run.query(args.command.as_deref()),
|
"run" => permissions.run.query(args.command.as_deref()),
|
||||||
"ffi" => permissions.ffi.query(args.path.as_deref().map(Path::new)),
|
"ffi" => permissions.ffi.query(args.path.as_deref().map(Path::new)),
|
||||||
"hrtime" => permissions.hrtime.query(),
|
|
||||||
n => {
|
n => {
|
||||||
return Err(custom_error(
|
return Err(custom_error(
|
||||||
"ReferenceError",
|
"ReferenceError",
|
||||||
|
@ -108,7 +107,6 @@ pub fn op_revoke_permission(
|
||||||
.revoke(args.kind.as_deref().map(parse_sys_kind).transpose()?),
|
.revoke(args.kind.as_deref().map(parse_sys_kind).transpose()?),
|
||||||
"run" => permissions.run.revoke(args.command.as_deref()),
|
"run" => permissions.run.revoke(args.command.as_deref()),
|
||||||
"ffi" => permissions.ffi.revoke(args.path.as_deref().map(Path::new)),
|
"ffi" => permissions.ffi.revoke(args.path.as_deref().map(Path::new)),
|
||||||
"hrtime" => permissions.hrtime.revoke(),
|
|
||||||
n => {
|
n => {
|
||||||
return Err(custom_error(
|
return Err(custom_error(
|
||||||
"ReferenceError",
|
"ReferenceError",
|
||||||
|
@ -143,7 +141,6 @@ pub fn op_request_permission(
|
||||||
.request(args.kind.as_deref().map(parse_sys_kind).transpose()?),
|
.request(args.kind.as_deref().map(parse_sys_kind).transpose()?),
|
||||||
"run" => permissions.run.request(args.command.as_deref()),
|
"run" => permissions.run.request(args.command.as_deref()),
|
||||||
"ffi" => permissions.ffi.request(args.path.as_deref().map(Path::new)),
|
"ffi" => permissions.ffi.request(args.path.as_deref().map(Path::new)),
|
||||||
"hrtime" => permissions.hrtime.request(),
|
|
||||||
n => {
|
n => {
|
||||||
return Err(custom_error(
|
return Err(custom_error(
|
||||||
"ReferenceError",
|
"ReferenceError",
|
||||||
|
|
|
@ -1416,7 +1416,6 @@ pub struct Permissions {
|
||||||
pub run: UnaryPermission<RunDescriptor>,
|
pub run: UnaryPermission<RunDescriptor>,
|
||||||
pub ffi: UnaryPermission<FfiDescriptor>,
|
pub ffi: UnaryPermission<FfiDescriptor>,
|
||||||
pub all: UnitPermission,
|
pub all: UnitPermission,
|
||||||
pub hrtime: UnitPermission,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Clone, Debug, Eq, PartialEq, Default, Serialize, Deserialize)]
|
#[derive(Clone, Debug, Eq, PartialEq, Default, Serialize, Deserialize)]
|
||||||
|
@ -1424,8 +1423,6 @@ pub struct PermissionsOptions {
|
||||||
pub allow_all: bool,
|
pub allow_all: bool,
|
||||||
pub allow_env: Option<Vec<String>>,
|
pub allow_env: Option<Vec<String>>,
|
||||||
pub deny_env: Option<Vec<String>>,
|
pub deny_env: Option<Vec<String>>,
|
||||||
pub allow_hrtime: bool,
|
|
||||||
pub deny_hrtime: bool,
|
|
||||||
pub allow_net: Option<Vec<String>>,
|
pub allow_net: Option<Vec<String>>,
|
||||||
pub deny_net: Option<Vec<String>>,
|
pub deny_net: Option<Vec<String>>,
|
||||||
pub allow_ffi: Option<Vec<PathBuf>>,
|
pub allow_ffi: Option<Vec<PathBuf>>,
|
||||||
|
@ -1460,19 +1457,6 @@ impl Permissions {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
pub const fn new_hrtime(
|
|
||||||
allow_state: bool,
|
|
||||||
deny_state: bool,
|
|
||||||
) -> UnitPermission {
|
|
||||||
unit_permission_from_flag_bools(
|
|
||||||
allow_state,
|
|
||||||
deny_state,
|
|
||||||
"hrtime",
|
|
||||||
"high precision time",
|
|
||||||
false, // never prompt for hrtime
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
pub const fn new_all(allow_state: bool) -> UnitPermission {
|
pub const fn new_all(allow_state: bool) -> UnitPermission {
|
||||||
unit_permission_from_flag_bools(
|
unit_permission_from_flag_bools(
|
||||||
allow_state,
|
allow_state,
|
||||||
|
@ -1521,7 +1505,6 @@ impl Permissions {
|
||||||
opts.prompt,
|
opts.prompt,
|
||||||
)?,
|
)?,
|
||||||
all: Permissions::new_all(opts.allow_all),
|
all: Permissions::new_all(opts.allow_all),
|
||||||
hrtime: Permissions::new_hrtime(opts.allow_hrtime, opts.deny_hrtime),
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1536,7 +1519,6 @@ impl Permissions {
|
||||||
run: UnaryPermission::allow_all(),
|
run: UnaryPermission::allow_all(),
|
||||||
ffi: UnaryPermission::allow_all(),
|
ffi: UnaryPermission::allow_all(),
|
||||||
all: Permissions::new_all(true),
|
all: Permissions::new_all(true),
|
||||||
hrtime: Permissions::new_hrtime(true, false),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1560,7 +1542,6 @@ impl Permissions {
|
||||||
run: Permissions::new_unary(&None, &None, prompt).unwrap(),
|
run: Permissions::new_unary(&None, &None, prompt).unwrap(),
|
||||||
ffi: Permissions::new_unary(&None, &None, prompt).unwrap(),
|
ffi: Permissions::new_unary(&None, &None, prompt).unwrap(),
|
||||||
all: Permissions::new_all(false),
|
all: Permissions::new_all(false),
|
||||||
hrtime: Permissions::new_hrtime(false, false),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1598,11 +1579,6 @@ impl PermissionsContainer {
|
||||||
Self(Arc::new(Mutex::new(perms)))
|
Self(Arc::new(Mutex::new(perms)))
|
||||||
}
|
}
|
||||||
|
|
||||||
#[inline(always)]
|
|
||||||
pub fn allow_hrtime(&mut self) -> bool {
|
|
||||||
self.0.lock().hrtime.check().is_ok()
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn allow_all() -> Self {
|
pub fn allow_all() -> Self {
|
||||||
Self::new(Permissions::allow_all())
|
Self::new(Permissions::allow_all())
|
||||||
}
|
}
|
||||||
|
@ -2115,7 +2091,6 @@ impl<'de> Deserialize<'de> for ChildUnaryPermissionArg {
|
||||||
#[derive(Debug, Eq, PartialEq)]
|
#[derive(Debug, Eq, PartialEq)]
|
||||||
pub struct ChildPermissionsArg {
|
pub struct ChildPermissionsArg {
|
||||||
env: ChildUnaryPermissionArg,
|
env: ChildUnaryPermissionArg,
|
||||||
hrtime: ChildUnitPermissionArg,
|
|
||||||
net: ChildUnaryPermissionArg,
|
net: ChildUnaryPermissionArg,
|
||||||
ffi: ChildUnaryPermissionArg,
|
ffi: ChildUnaryPermissionArg,
|
||||||
read: ChildUnaryPermissionArg,
|
read: ChildUnaryPermissionArg,
|
||||||
|
@ -2128,7 +2103,6 @@ impl ChildPermissionsArg {
|
||||||
pub fn inherit() -> Self {
|
pub fn inherit() -> Self {
|
||||||
ChildPermissionsArg {
|
ChildPermissionsArg {
|
||||||
env: ChildUnaryPermissionArg::Inherit,
|
env: ChildUnaryPermissionArg::Inherit,
|
||||||
hrtime: ChildUnitPermissionArg::Inherit,
|
|
||||||
net: ChildUnaryPermissionArg::Inherit,
|
net: ChildUnaryPermissionArg::Inherit,
|
||||||
ffi: ChildUnaryPermissionArg::Inherit,
|
ffi: ChildUnaryPermissionArg::Inherit,
|
||||||
read: ChildUnaryPermissionArg::Inherit,
|
read: ChildUnaryPermissionArg::Inherit,
|
||||||
|
@ -2141,7 +2115,6 @@ impl ChildPermissionsArg {
|
||||||
pub fn none() -> Self {
|
pub fn none() -> Self {
|
||||||
ChildPermissionsArg {
|
ChildPermissionsArg {
|
||||||
env: ChildUnaryPermissionArg::NotGranted,
|
env: ChildUnaryPermissionArg::NotGranted,
|
||||||
hrtime: ChildUnitPermissionArg::NotGranted,
|
|
||||||
net: ChildUnaryPermissionArg::NotGranted,
|
net: ChildUnaryPermissionArg::NotGranted,
|
||||||
ffi: ChildUnaryPermissionArg::NotGranted,
|
ffi: ChildUnaryPermissionArg::NotGranted,
|
||||||
read: ChildUnaryPermissionArg::NotGranted,
|
read: ChildUnaryPermissionArg::NotGranted,
|
||||||
|
@ -2198,11 +2171,6 @@ impl<'de> Deserialize<'de> for ChildPermissionsArg {
|
||||||
child_permissions_arg.env = arg.map_err(|e| {
|
child_permissions_arg.env = arg.map_err(|e| {
|
||||||
de::Error::custom(format!("(deno.permissions.env) {e}"))
|
de::Error::custom(format!("(deno.permissions.env) {e}"))
|
||||||
})?;
|
})?;
|
||||||
} else if key == "hrtime" {
|
|
||||||
let arg = serde_json::from_value::<ChildUnitPermissionArg>(value);
|
|
||||||
child_permissions_arg.hrtime = arg.map_err(|e| {
|
|
||||||
de::Error::custom(format!("(deno.permissions.hrtime) {e}"))
|
|
||||||
})?;
|
|
||||||
} else if key == "net" {
|
} else if key == "net" {
|
||||||
let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value);
|
let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value);
|
||||||
child_permissions_arg.net = arg.map_err(|e| {
|
child_permissions_arg.net = arg.map_err(|e| {
|
||||||
|
@ -2258,13 +2226,6 @@ pub fn create_child_permissions(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn is_granted_unit(arg: &ChildUnitPermissionArg) -> bool {
|
|
||||||
match arg {
|
|
||||||
ChildUnitPermissionArg::Inherit | ChildUnitPermissionArg::Granted => true,
|
|
||||||
ChildUnitPermissionArg::NotGranted => false,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut worker_perms = Permissions::none_without_prompt();
|
let mut worker_perms = Permissions::none_without_prompt();
|
||||||
|
|
||||||
worker_perms.all = main_perms
|
worker_perms.all = main_perms
|
||||||
|
@ -2282,9 +2243,7 @@ pub fn create_child_permissions(
|
||||||
&child_permissions_arg.run,
|
&child_permissions_arg.run,
|
||||||
&child_permissions_arg.ffi,
|
&child_permissions_arg.ffi,
|
||||||
];
|
];
|
||||||
let unit_perms = [&child_permissions_arg.hrtime];
|
let allow_all = unary_perms.into_iter().all(is_granted_unary);
|
||||||
let allow_all = unary_perms.into_iter().all(is_granted_unary)
|
|
||||||
&& unit_perms.into_iter().all(is_granted_unit);
|
|
||||||
if !allow_all {
|
if !allow_all {
|
||||||
worker_perms.all.revoke();
|
worker_perms.all.revoke();
|
||||||
}
|
}
|
||||||
|
@ -2313,9 +2272,6 @@ pub fn create_child_permissions(
|
||||||
worker_perms.ffi = main_perms
|
worker_perms.ffi = main_perms
|
||||||
.ffi
|
.ffi
|
||||||
.create_child_permissions(child_permissions_arg.ffi)?;
|
.create_child_permissions(child_permissions_arg.ffi)?;
|
||||||
worker_perms.hrtime = main_perms
|
|
||||||
.hrtime
|
|
||||||
.create_child_permissions(child_permissions_arg.hrtime)?;
|
|
||||||
|
|
||||||
Ok(worker_perms)
|
Ok(worker_perms)
|
||||||
}
|
}
|
||||||
|
@ -2747,7 +2703,6 @@ mod tests {
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(),
|
run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(),
|
||||||
all: Permissions::new_all(false),
|
all: Permissions::new_all(false),
|
||||||
hrtime: Permissions::new_hrtime(false, false),
|
|
||||||
};
|
};
|
||||||
let perms3 = Permissions {
|
let perms3 = Permissions {
|
||||||
read: Permissions::new_unary(
|
read: Permissions::new_unary(
|
||||||
|
@ -2775,7 +2730,6 @@ mod tests {
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
run: Permissions::new_unary(&None, &Some(svec!["deno"]), false).unwrap(),
|
run: Permissions::new_unary(&None, &Some(svec!["deno"]), false).unwrap(),
|
||||||
all: Permissions::new_all(false),
|
all: Permissions::new_all(false),
|
||||||
hrtime: Permissions::new_hrtime(false, true),
|
|
||||||
};
|
};
|
||||||
let perms4 = Permissions {
|
let perms4 = Permissions {
|
||||||
read: Permissions::new_unary(
|
read: Permissions::new_unary(
|
||||||
|
@ -2813,7 +2767,6 @@ mod tests {
|
||||||
run: Permissions::new_unary(&Some(vec![]), &Some(svec!["deno"]), false)
|
run: Permissions::new_unary(&Some(vec![]), &Some(svec!["deno"]), false)
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
all: Permissions::new_all(false),
|
all: Permissions::new_all(false),
|
||||||
hrtime: Permissions::new_hrtime(true, true),
|
|
||||||
};
|
};
|
||||||
#[rustfmt::skip]
|
#[rustfmt::skip]
|
||||||
{
|
{
|
||||||
|
@ -2889,10 +2842,6 @@ mod tests {
|
||||||
assert_eq!(perms4.run.query(None), PermissionState::GrantedPartial);
|
assert_eq!(perms4.run.query(None), PermissionState::GrantedPartial);
|
||||||
assert_eq!(perms4.run.query(Some("deno")), PermissionState::Denied);
|
assert_eq!(perms4.run.query(Some("deno")), PermissionState::Denied);
|
||||||
assert_eq!(perms4.run.query(Some("node")), PermissionState::Granted);
|
assert_eq!(perms4.run.query(Some("node")), PermissionState::Granted);
|
||||||
assert_eq!(perms1.hrtime.query(), PermissionState::Granted);
|
|
||||||
assert_eq!(perms2.hrtime.query(), PermissionState::Prompt);
|
|
||||||
assert_eq!(perms3.hrtime.query(), PermissionState::Denied);
|
|
||||||
assert_eq!(perms4.hrtime.query(), PermissionState::Denied);
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2937,10 +2886,6 @@ mod tests {
|
||||||
assert_eq!(perms.run.query(None), PermissionState::Prompt);
|
assert_eq!(perms.run.query(None), PermissionState::Prompt);
|
||||||
prompt_value.set(false);
|
prompt_value.set(false);
|
||||||
assert_eq!(perms.run.request(Some("deno")), PermissionState::Granted);
|
assert_eq!(perms.run.request(Some("deno")), PermissionState::Granted);
|
||||||
prompt_value.set(false);
|
|
||||||
assert_eq!(perms.hrtime.request(), PermissionState::Denied);
|
|
||||||
prompt_value.set(true);
|
|
||||||
assert_eq!(perms.hrtime.request(), PermissionState::Denied);
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2977,7 +2922,6 @@ mod tests {
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(),
|
run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(),
|
||||||
all: Permissions::new_all(false),
|
all: Permissions::new_all(false),
|
||||||
hrtime: Permissions::new_hrtime(false, true),
|
|
||||||
};
|
};
|
||||||
#[rustfmt::skip]
|
#[rustfmt::skip]
|
||||||
{
|
{
|
||||||
|
@ -2996,7 +2940,6 @@ mod tests {
|
||||||
assert_eq!(perms.env.revoke(Some("HOME")), PermissionState::Prompt);
|
assert_eq!(perms.env.revoke(Some("HOME")), PermissionState::Prompt);
|
||||||
assert_eq!(perms.env.revoke(Some("hostname")), PermissionState::Prompt);
|
assert_eq!(perms.env.revoke(Some("hostname")), PermissionState::Prompt);
|
||||||
assert_eq!(perms.run.revoke(Some("deno")), PermissionState::Prompt);
|
assert_eq!(perms.run.revoke(Some("deno")), PermissionState::Prompt);
|
||||||
assert_eq!(perms.hrtime.revoke(), PermissionState::Denied);
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3080,8 +3023,6 @@ mod tests {
|
||||||
prompt_value.set(false);
|
prompt_value.set(false);
|
||||||
assert!(perms.env.check("hostname", None).is_ok());
|
assert!(perms.env.check("hostname", None).is_ok());
|
||||||
assert!(perms.env.check("osRelease", None).is_err());
|
assert!(perms.env.check("osRelease", None).is_err());
|
||||||
|
|
||||||
assert!(perms.hrtime.check().is_err());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
@ -3183,11 +3124,6 @@ mod tests {
|
||||||
assert!(perms.sys.check("osRelease", None).is_ok());
|
assert!(perms.sys.check("osRelease", None).is_ok());
|
||||||
prompt_value.set(false);
|
prompt_value.set(false);
|
||||||
assert!(perms.sys.check("osRelease", None).is_ok());
|
assert!(perms.sys.check("osRelease", None).is_ok());
|
||||||
|
|
||||||
prompt_value.set(false);
|
|
||||||
assert!(perms.hrtime.check().is_err());
|
|
||||||
prompt_value.set(true);
|
|
||||||
assert!(perms.hrtime.check().is_err());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
@ -3278,7 +3214,6 @@ mod tests {
|
||||||
ChildPermissionsArg::inherit(),
|
ChildPermissionsArg::inherit(),
|
||||||
ChildPermissionsArg {
|
ChildPermissionsArg {
|
||||||
env: ChildUnaryPermissionArg::Inherit,
|
env: ChildUnaryPermissionArg::Inherit,
|
||||||
hrtime: ChildUnitPermissionArg::Inherit,
|
|
||||||
net: ChildUnaryPermissionArg::Inherit,
|
net: ChildUnaryPermissionArg::Inherit,
|
||||||
ffi: ChildUnaryPermissionArg::Inherit,
|
ffi: ChildUnaryPermissionArg::Inherit,
|
||||||
read: ChildUnaryPermissionArg::Inherit,
|
read: ChildUnaryPermissionArg::Inherit,
|
||||||
|
@ -3291,7 +3226,6 @@ mod tests {
|
||||||
ChildPermissionsArg::none(),
|
ChildPermissionsArg::none(),
|
||||||
ChildPermissionsArg {
|
ChildPermissionsArg {
|
||||||
env: ChildUnaryPermissionArg::NotGranted,
|
env: ChildUnaryPermissionArg::NotGranted,
|
||||||
hrtime: ChildUnitPermissionArg::NotGranted,
|
|
||||||
net: ChildUnaryPermissionArg::NotGranted,
|
net: ChildUnaryPermissionArg::NotGranted,
|
||||||
ffi: ChildUnaryPermissionArg::NotGranted,
|
ffi: ChildUnaryPermissionArg::NotGranted,
|
||||||
read: ChildUnaryPermissionArg::NotGranted,
|
read: ChildUnaryPermissionArg::NotGranted,
|
||||||
|
@ -3322,26 +3256,6 @@ mod tests {
|
||||||
..ChildPermissionsArg::none()
|
..ChildPermissionsArg::none()
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
assert_eq!(
|
|
||||||
serde_json::from_value::<ChildPermissionsArg>(json!({
|
|
||||||
"hrtime": true,
|
|
||||||
}))
|
|
||||||
.unwrap(),
|
|
||||||
ChildPermissionsArg {
|
|
||||||
hrtime: ChildUnitPermissionArg::Granted,
|
|
||||||
..ChildPermissionsArg::none()
|
|
||||||
}
|
|
||||||
);
|
|
||||||
assert_eq!(
|
|
||||||
serde_json::from_value::<ChildPermissionsArg>(json!({
|
|
||||||
"hrtime": false,
|
|
||||||
}))
|
|
||||||
.unwrap(),
|
|
||||||
ChildPermissionsArg {
|
|
||||||
hrtime: ChildUnitPermissionArg::NotGranted,
|
|
||||||
..ChildPermissionsArg::none()
|
|
||||||
}
|
|
||||||
);
|
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
serde_json::from_value::<ChildPermissionsArg>(json!({
|
serde_json::from_value::<ChildPermissionsArg>(json!({
|
||||||
"env": true,
|
"env": true,
|
||||||
|
@ -3361,7 +3275,6 @@ mod tests {
|
||||||
run: ChildUnaryPermissionArg::Granted,
|
run: ChildUnaryPermissionArg::Granted,
|
||||||
sys: ChildUnaryPermissionArg::Granted,
|
sys: ChildUnaryPermissionArg::Granted,
|
||||||
write: ChildUnaryPermissionArg::Granted,
|
write: ChildUnaryPermissionArg::Granted,
|
||||||
..ChildPermissionsArg::none()
|
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
|
@ -3383,7 +3296,6 @@ mod tests {
|
||||||
run: ChildUnaryPermissionArg::NotGranted,
|
run: ChildUnaryPermissionArg::NotGranted,
|
||||||
sys: ChildUnaryPermissionArg::NotGranted,
|
sys: ChildUnaryPermissionArg::NotGranted,
|
||||||
write: ChildUnaryPermissionArg::NotGranted,
|
write: ChildUnaryPermissionArg::NotGranted,
|
||||||
..ChildPermissionsArg::none()
|
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
|
@ -3421,7 +3333,6 @@ mod tests {
|
||||||
"foo",
|
"foo",
|
||||||
"file:///bar/baz"
|
"file:///bar/baz"
|
||||||
]),
|
]),
|
||||||
..ChildPermissionsArg::none()
|
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -3431,7 +3342,6 @@ mod tests {
|
||||||
set_prompter(Box::new(TestPrompter));
|
set_prompter(Box::new(TestPrompter));
|
||||||
let mut main_perms = Permissions {
|
let mut main_perms = Permissions {
|
||||||
env: Permissions::new_unary(&Some(vec![]), &None, false).unwrap(),
|
env: Permissions::new_unary(&Some(vec![]), &None, false).unwrap(),
|
||||||
hrtime: Permissions::new_hrtime(true, false),
|
|
||||||
net: Permissions::new_unary(&Some(svec!["foo", "bar"]), &None, false)
|
net: Permissions::new_unary(&Some(svec!["foo", "bar"]), &None, false)
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
..Permissions::none_without_prompt()
|
..Permissions::none_without_prompt()
|
||||||
|
@ -3441,7 +3351,6 @@ mod tests {
|
||||||
&mut main_perms.clone(),
|
&mut main_perms.clone(),
|
||||||
ChildPermissionsArg {
|
ChildPermissionsArg {
|
||||||
env: ChildUnaryPermissionArg::Inherit,
|
env: ChildUnaryPermissionArg::Inherit,
|
||||||
hrtime: ChildUnitPermissionArg::NotGranted,
|
|
||||||
net: ChildUnaryPermissionArg::GrantedList(svec!["foo"]),
|
net: ChildUnaryPermissionArg::GrantedList(svec!["foo"]),
|
||||||
ffi: ChildUnaryPermissionArg::NotGranted,
|
ffi: ChildUnaryPermissionArg::NotGranted,
|
||||||
..ChildPermissionsArg::none()
|
..ChildPermissionsArg::none()
|
||||||
|
|
|
@ -153,11 +153,6 @@ itest!(_023_no_ext {
|
||||||
output: "run/023_no_ext.out",
|
output: "run/023_no_ext.out",
|
||||||
});
|
});
|
||||||
|
|
||||||
itest!(_025_hrtime {
|
|
||||||
args: "run --quiet --allow-hrtime --reload run/025_hrtime.ts",
|
|
||||||
output: "run/025_hrtime.ts.out",
|
|
||||||
});
|
|
||||||
|
|
||||||
itest!(_025_reload_js_type_error {
|
itest!(_025_reload_js_type_error {
|
||||||
args: "run --quiet --reload run/025_reload_js_type_error.js",
|
args: "run --quiet --reload run/025_reload_js_type_error.js",
|
||||||
output: "run/025_reload_js_type_error.js.out",
|
output: "run/025_reload_js_type_error.js.out",
|
||||||
|
@ -735,12 +730,12 @@ fn permission_request_long() {
|
||||||
}
|
}
|
||||||
|
|
||||||
itest!(deny_all_permission_args {
|
itest!(deny_all_permission_args {
|
||||||
args: "run --deny-env --deny-read --deny-write --deny-ffi --deny-run --deny-sys --deny-net --deny-hrtime run/deny_all_permission_args.js",
|
args: "run --deny-env --deny-read --deny-write --deny-ffi --deny-run --deny-sys --deny-net run/deny_all_permission_args.js",
|
||||||
output: "run/deny_all_permission_args.out",
|
output: "run/deny_all_permission_args.out",
|
||||||
});
|
});
|
||||||
|
|
||||||
itest!(deny_some_permission_args {
|
itest!(deny_some_permission_args {
|
||||||
args: "run --allow-env --deny-env=FOO --allow-read --deny-read=/foo --allow-write --deny-write=/foo --allow-ffi --deny-ffi=/foo --allow-run --deny-run=foo --allow-sys --deny-sys=hostname --allow-net --deny-net=127.0.0.1 --allow-hrtime --deny-hrtime run/deny_some_permission_args.js",
|
args: "run --allow-env --deny-env=FOO --allow-read --deny-read=/foo --allow-write --deny-write=/foo --allow-ffi --deny-ffi=/foo --allow-run --deny-run=foo --allow-sys --deny-sys=hostname --allow-net --deny-net=127.0.0.1 run/deny_some_permission_args.js",
|
||||||
output: "run/deny_some_permission_args.out",
|
output: "run/deny_some_permission_args.out",
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ Runtime | Deno [WILDLINE] ([WILDLINE])
|
||||||
[WILDLINE]/allow_all.ts
|
[WILDLINE]/allow_all.ts
|
||||||
|
|
||||||
benchmark time/iter (avg) iter/s (min … max) p75 p99 p995
|
benchmark time/iter (avg) iter/s (min … max) p75 p99 p995
|
||||||
-------------- ----------------------------- --------------------- --------------------------
|
------------- ----------------------------- --------------------- --------------------------
|
||||||
read false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
read false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
||||||
read true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
read true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
||||||
write false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
write false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
||||||
|
@ -19,6 +19,4 @@ run false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE
|
||||||
run true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
run true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
||||||
ffi false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
ffi false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
||||||
ffi true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
ffi true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
||||||
hrtime false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
|
||||||
hrtime true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
|
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [
|
||||||
"env",
|
"env",
|
||||||
"run",
|
"run",
|
||||||
"ffi",
|
"ffi",
|
||||||
"hrtime",
|
|
||||||
];
|
];
|
||||||
|
|
||||||
for (const name of permissions) {
|
for (const name of permissions) {
|
||||||
|
|
|
@ -18,6 +18,4 @@ run error: PermissionDenied: Can't escalate parent thread permissions
|
||||||
[WILDCARD]
|
[WILDCARD]
|
||||||
ffi error: PermissionDenied: Can't escalate parent thread permissions
|
ffi error: PermissionDenied: Can't escalate parent thread permissions
|
||||||
[WILDCARD]
|
[WILDCARD]
|
||||||
hrtime error: PermissionDenied: Can't escalate parent thread permissions
|
|
||||||
[WILDCARD]
|
|
||||||
error: Bench failed
|
error: Bench failed
|
||||||
|
|
|
@ -5,7 +5,6 @@ const permissions: Deno.PermissionName[] = [
|
||||||
"env",
|
"env",
|
||||||
"run",
|
"run",
|
||||||
"ffi",
|
"ffi",
|
||||||
"hrtime",
|
|
||||||
];
|
];
|
||||||
|
|
||||||
for (const name of permissions) {
|
for (const name of permissions) {
|
||||||
|
|
|
@ -7,7 +7,6 @@ Deno.bench({
|
||||||
env: true,
|
env: true,
|
||||||
run: true,
|
run: true,
|
||||||
ffi: true,
|
ffi: true,
|
||||||
hrtime: true,
|
|
||||||
},
|
},
|
||||||
ignore: true,
|
ignore: true,
|
||||||
fn() {
|
fn() {
|
||||||
|
|
2
tests/testdata/bench/allow_all.out
vendored
2
tests/testdata/bench/allow_all.out
vendored
|
@ -18,5 +18,3 @@ run false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD
|
||||||
run true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
|
run true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
|
||||||
ffi false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
|
ffi false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
|
||||||
ffi true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
|
ffi true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
|
||||||
hrtime false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
|
|
||||||
hrtime true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
|
|
||||||
|
|
2
tests/testdata/bench/allow_none.out
vendored
2
tests/testdata/bench/allow_none.out
vendored
|
@ -18,6 +18,4 @@ run error: PermissionDenied: Can't escalate parent thread permissions
|
||||||
[WILDCARD]
|
[WILDCARD]
|
||||||
ffi error: PermissionDenied: Can't escalate parent thread permissions
|
ffi error: PermissionDenied: Can't escalate parent thread permissions
|
||||||
[WILDCARD]
|
[WILDCARD]
|
||||||
hrtime error: PermissionDenied: Can't escalate parent thread permissions
|
|
||||||
[WILDCARD]
|
|
||||||
error: Bench failed
|
error: Bench failed
|
||||||
|
|
5
tests/testdata/run/025_hrtime.ts
vendored
5
tests/testdata/run/025_hrtime.ts
vendored
|
@ -1,5 +0,0 @@
|
||||||
globalThis.onload = async () => {
|
|
||||||
console.log(performance.now() % 2 !== 0);
|
|
||||||
await Deno.permissions.revoke({ name: "hrtime" });
|
|
||||||
console.log(performance.now() % 2 === 0);
|
|
||||||
};
|
|
2
tests/testdata/run/025_hrtime.ts.out
vendored
2
tests/testdata/run/025_hrtime.ts.out
vendored
|
@ -1,2 +0,0 @@
|
||||||
true
|
|
||||||
true
|
|
|
@ -5,4 +5,3 @@ console.log(Deno.permissions.querySync({ name: "ffi" }));
|
||||||
console.log(Deno.permissions.querySync({ name: "run" }));
|
console.log(Deno.permissions.querySync({ name: "run" }));
|
||||||
console.log(Deno.permissions.querySync({ name: "sys" }));
|
console.log(Deno.permissions.querySync({ name: "sys" }));
|
||||||
console.log(Deno.permissions.querySync({ name: "net" }));
|
console.log(Deno.permissions.querySync({ name: "net" }));
|
||||||
console.log(Deno.permissions.querySync({ name: "hrtime" }));
|
|
||||||
|
|
|
@ -5,4 +5,3 @@ PermissionStatus { state: "denied", onchange: null }
|
||||||
PermissionStatus { state: "denied", onchange: null }
|
PermissionStatus { state: "denied", onchange: null }
|
||||||
PermissionStatus { state: "denied", onchange: null }
|
PermissionStatus { state: "denied", onchange: null }
|
||||||
PermissionStatus { state: "denied", onchange: null }
|
PermissionStatus { state: "denied", onchange: null }
|
||||||
PermissionStatus { state: "denied", onchange: null }
|
|
||||||
|
|
|
@ -19,4 +19,3 @@ console.log(Deno.permissions.querySync({ name: "sys", kind: "loadavg" }));
|
||||||
console.log(Deno.permissions.querySync({ name: "net" }));
|
console.log(Deno.permissions.querySync({ name: "net" }));
|
||||||
console.log(Deno.permissions.querySync({ name: "net", host: "127.0.0.1" }));
|
console.log(Deno.permissions.querySync({ name: "net", host: "127.0.0.1" }));
|
||||||
console.log(Deno.permissions.querySync({ name: "net", host: "192.168.0.1" }));
|
console.log(Deno.permissions.querySync({ name: "net", host: "192.168.0.1" }));
|
||||||
console.log(Deno.permissions.querySync({ name: "hrtime" }));
|
|
||||||
|
|
|
@ -19,4 +19,3 @@ PermissionStatus { state: "granted", onchange: null }
|
||||||
PermissionStatus { state: "granted", onchange: null, partial: true }
|
PermissionStatus { state: "granted", onchange: null, partial: true }
|
||||||
PermissionStatus { state: "denied", onchange: null }
|
PermissionStatus { state: "denied", onchange: null }
|
||||||
PermissionStatus { state: "granted", onchange: null }
|
PermissionStatus { state: "granted", onchange: null }
|
||||||
PermissionStatus { state: "denied", onchange: null }
|
|
||||||
|
|
6
tests/testdata/test/allow_all.out
vendored
6
tests/testdata/test/allow_all.out
vendored
|
@ -1,5 +1,5 @@
|
||||||
[WILDCARD]
|
[WILDCARD]
|
||||||
running 14 tests from [WILDCARD]
|
running 12 tests from [WILDCARD]
|
||||||
read false ... ok [WILDCARD]
|
read false ... ok [WILDCARD]
|
||||||
read true ... ok [WILDCARD]
|
read true ... ok [WILDCARD]
|
||||||
write false ... ok [WILDCARD]
|
write false ... ok [WILDCARD]
|
||||||
|
@ -12,7 +12,5 @@ run false ... ok [WILDCARD]
|
||||||
run true ... ok [WILDCARD]
|
run true ... ok [WILDCARD]
|
||||||
ffi false ... ok [WILDCARD]
|
ffi false ... ok [WILDCARD]
|
||||||
ffi true ... ok [WILDCARD]
|
ffi true ... ok [WILDCARD]
|
||||||
hrtime false ... ok [WILDCARD]
|
|
||||||
hrtime true ... ok [WILDCARD]
|
|
||||||
|
|
||||||
ok | 14 passed | 0 failed [WILDCARD]
|
ok | 12 passed | 0 failed [WILDCARD]
|
||||||
|
|
1
tests/testdata/test/allow_all.ts
vendored
1
tests/testdata/test/allow_all.ts
vendored
|
@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [
|
||||||
"env",
|
"env",
|
||||||
"run",
|
"run",
|
||||||
"ffi",
|
"ffi",
|
||||||
"hrtime",
|
|
||||||
];
|
];
|
||||||
|
|
||||||
for (const name of permissions) {
|
for (const name of permissions) {
|
||||||
|
|
10
tests/testdata/test/allow_none.out
vendored
10
tests/testdata/test/allow_none.out
vendored
|
@ -1,12 +1,11 @@
|
||||||
[WILDCARD]
|
[WILDCARD]
|
||||||
running 7 tests from [WILDCARD]
|
running 6 tests from [WILDCARD]
|
||||||
read ... FAILED [WILDCARD]
|
read ... FAILED [WILDCARD]
|
||||||
write ... FAILED [WILDCARD]
|
write ... FAILED [WILDCARD]
|
||||||
net ... FAILED [WILDCARD]
|
net ... FAILED [WILDCARD]
|
||||||
env ... FAILED [WILDCARD]
|
env ... FAILED [WILDCARD]
|
||||||
run ... FAILED [WILDCARD]
|
run ... FAILED [WILDCARD]
|
||||||
ffi ... FAILED [WILDCARD]
|
ffi ... FAILED [WILDCARD]
|
||||||
hrtime ... FAILED [WILDCARD]
|
|
||||||
|
|
||||||
ERRORS
|
ERRORS
|
||||||
|
|
||||||
|
@ -32,10 +31,6 @@ error: PermissionDenied: Can't escalate parent thread permissions
|
||||||
|
|
||||||
ffi => ./test/allow_none.ts:[WILDCARD]
|
ffi => ./test/allow_none.ts:[WILDCARD]
|
||||||
error: PermissionDenied: Can't escalate parent thread permissions
|
error: PermissionDenied: Can't escalate parent thread permissions
|
||||||
[WILDCARD]
|
|
||||||
|
|
||||||
hrtime => ./test/allow_none.ts:[WILDCARD]
|
|
||||||
error: PermissionDenied: Can't escalate parent thread permissions
|
|
||||||
[WILDCARD]
|
[WILDCARD]
|
||||||
|
|
||||||
FAILURES
|
FAILURES
|
||||||
|
@ -46,6 +41,5 @@ net => ./test/allow_none.ts:[WILDCARD]
|
||||||
env => ./test/allow_none.ts:[WILDCARD]
|
env => ./test/allow_none.ts:[WILDCARD]
|
||||||
run => ./test/allow_none.ts:[WILDCARD]
|
run => ./test/allow_none.ts:[WILDCARD]
|
||||||
ffi => ./test/allow_none.ts:[WILDCARD]
|
ffi => ./test/allow_none.ts:[WILDCARD]
|
||||||
hrtime => ./test/allow_none.ts:[WILDCARD]
|
|
||||||
|
|
||||||
FAILED | 0 passed | 7 failed [WILDCARD]
|
FAILED | 0 passed | 6 failed [WILDCARD]
|
||||||
|
|
1
tests/testdata/test/allow_none.ts
vendored
1
tests/testdata/test/allow_none.ts
vendored
|
@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [
|
||||||
"env",
|
"env",
|
||||||
"run",
|
"run",
|
||||||
"ffi",
|
"ffi",
|
||||||
"hrtime",
|
|
||||||
];
|
];
|
||||||
|
|
||||||
for (const name of permissions) {
|
for (const name of permissions) {
|
||||||
|
|
1
tests/testdata/test/ignore_permissions.ts
vendored
1
tests/testdata/test/ignore_permissions.ts
vendored
|
@ -7,7 +7,6 @@ Deno.test({
|
||||||
env: true,
|
env: true,
|
||||||
run: true,
|
run: true,
|
||||||
ffi: true,
|
ffi: true,
|
||||||
hrtime: true,
|
|
||||||
},
|
},
|
||||||
ignore: true,
|
ignore: true,
|
||||||
fn() {
|
fn() {
|
||||||
|
|
|
@ -1,12 +1,10 @@
|
||||||
self.onmessage = async () => {
|
self.onmessage = async () => {
|
||||||
const hrtime = await Deno.permissions.query({ name: "hrtime" });
|
|
||||||
const net = await Deno.permissions.query({ name: "net" });
|
const net = await Deno.permissions.query({ name: "net" });
|
||||||
const ffi = await Deno.permissions.query({ name: "ffi" });
|
const ffi = await Deno.permissions.query({ name: "ffi" });
|
||||||
const read = await Deno.permissions.query({ name: "read" });
|
const read = await Deno.permissions.query({ name: "read" });
|
||||||
const run = await Deno.permissions.query({ name: "run" });
|
const run = await Deno.permissions.query({ name: "run" });
|
||||||
const write = await Deno.permissions.query({ name: "write" });
|
const write = await Deno.permissions.query({ name: "write" });
|
||||||
self.postMessage(
|
self.postMessage(
|
||||||
hrtime.state === "prompt" &&
|
|
||||||
net.state === "prompt" &&
|
net.state === "prompt" &&
|
||||||
ffi.state === "prompt" &&
|
ffi.state === "prompt" &&
|
||||||
read.state === "prompt" &&
|
read.state === "prompt" &&
|
||||||
|
|
2
tests/testdata/workers/permission_echo.js
vendored
2
tests/testdata/workers/permission_echo.js
vendored
|
@ -1,7 +1,6 @@
|
||||||
self.onmessage = async () => {
|
self.onmessage = async () => {
|
||||||
const env = await Deno.permissions.query({ name: "env" });
|
const env = await Deno.permissions.query({ name: "env" });
|
||||||
const ffi = await Deno.permissions.query({ name: "ffi" });
|
const ffi = await Deno.permissions.query({ name: "ffi" });
|
||||||
const hrtime = await Deno.permissions.query({ name: "hrtime" });
|
|
||||||
const net = await Deno.permissions.query({ name: "net" });
|
const net = await Deno.permissions.query({ name: "net" });
|
||||||
const read = await Deno.permissions.query({ name: "read" });
|
const read = await Deno.permissions.query({ name: "read" });
|
||||||
const run = await Deno.permissions.query({ name: "run" });
|
const run = await Deno.permissions.query({ name: "run" });
|
||||||
|
@ -9,7 +8,6 @@ self.onmessage = async () => {
|
||||||
self.postMessage({
|
self.postMessage({
|
||||||
env: env.state,
|
env: env.state,
|
||||||
ffi: ffi.state,
|
ffi: ffi.state,
|
||||||
hrtime: hrtime.state,
|
|
||||||
net: net.state,
|
net: net.state,
|
||||||
read: read.state,
|
read: read.state,
|
||||||
run: run.state,
|
run: run.state,
|
||||||
|
|
|
@ -3,7 +3,6 @@ postMessage({
|
||||||
envGlobal: (await Deno.permissions.query({ name: "env" })).state,
|
envGlobal: (await Deno.permissions.query({ name: "env" })).state,
|
||||||
envFoo: (await Deno.permissions.query({ name: "env", variable: "foo" })).state,
|
envFoo: (await Deno.permissions.query({ name: "env", variable: "foo" })).state,
|
||||||
envAbsent: (await Deno.permissions.query({ name: "env", variable: "absent" })).state,
|
envAbsent: (await Deno.permissions.query({ name: "env", variable: "absent" })).state,
|
||||||
hrtime: (await Deno.permissions.query({ name: "hrtime" })).state,
|
|
||||||
netGlobal: (await Deno.permissions.query({ name: "net" })).state,
|
netGlobal: (await Deno.permissions.query({ name: "net" })).state,
|
||||||
netFoo: (await Deno.permissions.query({ name: "net", host: "foo" })).state,
|
netFoo: (await Deno.permissions.query({ name: "net", host: "foo" })).state,
|
||||||
netFoo8000: (await Deno.permissions.query({ name: "net", host: "foo:8000" })).state,
|
netFoo8000: (await Deno.permissions.query({ name: "net", host: "foo:8000" })).state,
|
||||||
|
|
|
@ -782,14 +782,14 @@ Deno.test({ permissions: { read: true } }, function fsFileIsTerminal() {
|
||||||
});
|
});
|
||||||
|
|
||||||
Deno.test(
|
Deno.test(
|
||||||
{ permissions: { read: true, run: true, hrtime: true } },
|
{ permissions: { read: true, run: true } },
|
||||||
async function fsFileLockFileSync() {
|
async function fsFileLockFileSync() {
|
||||||
await runFlockTests({ sync: true });
|
await runFlockTests({ sync: true });
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
|
|
||||||
Deno.test(
|
Deno.test(
|
||||||
{ permissions: { read: true, run: true, hrtime: true } },
|
{ permissions: { read: true, run: true } },
|
||||||
async function fsFileLockFileAsync() {
|
async function fsFileLockFileAsync() {
|
||||||
await runFlockTests({ sync: false });
|
await runFlockTests({ sync: false });
|
||||||
},
|
},
|
||||||
|
|
|
@ -7,7 +7,7 @@ import {
|
||||||
assertThrows,
|
assertThrows,
|
||||||
} from "./test_util.ts";
|
} from "./test_util.ts";
|
||||||
|
|
||||||
Deno.test({ permissions: { hrtime: false } }, async function performanceNow() {
|
Deno.test({ permissions: {} }, async function performanceNow() {
|
||||||
const { promise, resolve } = Promise.withResolvers<void>();
|
const { promise, resolve } = Promise.withResolvers<void>();
|
||||||
const start = performance.now();
|
const start = performance.now();
|
||||||
let totalTime = 0;
|
let totalTime = 0;
|
||||||
|
|
|
@ -70,7 +70,7 @@ Deno.test(function permissionSysInvalidKindSync() {
|
||||||
});
|
});
|
||||||
|
|
||||||
Deno.test(async function permissionQueryReturnsEventTarget() {
|
Deno.test(async function permissionQueryReturnsEventTarget() {
|
||||||
const status = await Deno.permissions.query({ name: "hrtime" });
|
const status = await Deno.permissions.query({ name: "read", path: "." });
|
||||||
assert(["granted", "denied", "prompt"].includes(status.state));
|
assert(["granted", "denied", "prompt"].includes(status.state));
|
||||||
let called = false;
|
let called = false;
|
||||||
status.addEventListener("change", () => {
|
status.addEventListener("change", () => {
|
||||||
|
@ -78,11 +78,13 @@ Deno.test(async function permissionQueryReturnsEventTarget() {
|
||||||
});
|
});
|
||||||
status.dispatchEvent(new Event("change"));
|
status.dispatchEvent(new Event("change"));
|
||||||
assert(called);
|
assert(called);
|
||||||
assert(status === (await Deno.permissions.query({ name: "hrtime" })));
|
assert(
|
||||||
|
status === (await Deno.permissions.query({ name: "read", path: "." })),
|
||||||
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
Deno.test(function permissionQueryReturnsEventTargetSync() {
|
Deno.test(function permissionQueryReturnsEventTargetSync() {
|
||||||
const status = Deno.permissions.querySync({ name: "hrtime" });
|
const status = Deno.permissions.querySync({ name: "read", path: "." });
|
||||||
assert(["granted", "denied", "prompt"].includes(status.state));
|
assert(["granted", "denied", "prompt"].includes(status.state));
|
||||||
let called = false;
|
let called = false;
|
||||||
status.addEventListener("change", () => {
|
status.addEventListener("change", () => {
|
||||||
|
@ -90,7 +92,7 @@ Deno.test(function permissionQueryReturnsEventTargetSync() {
|
||||||
});
|
});
|
||||||
status.dispatchEvent(new Event("change"));
|
status.dispatchEvent(new Event("change"));
|
||||||
assert(called);
|
assert(called);
|
||||||
assert(status === Deno.permissions.querySync({ name: "hrtime" }));
|
assert(status === Deno.permissions.querySync({ name: "read", path: "." }));
|
||||||
});
|
});
|
||||||
|
|
||||||
Deno.test(async function permissionQueryForReadReturnsSameStatus() {
|
Deno.test(async function permissionQueryForReadReturnsSameStatus() {
|
||||||
|
|
|
@ -451,7 +451,6 @@ Deno.test("Worker limit children permissions granularly", async function () {
|
||||||
deno: {
|
deno: {
|
||||||
permissions: {
|
permissions: {
|
||||||
env: ["foo"],
|
env: ["foo"],
|
||||||
hrtime: true,
|
|
||||||
net: ["foo", "bar:8000"],
|
net: ["foo", "bar:8000"],
|
||||||
ffi: [new URL("foo", workerUrl), "bar"],
|
ffi: [new URL("foo", workerUrl), "bar"],
|
||||||
read: [new URL("foo", workerUrl), "bar"],
|
read: [new URL("foo", workerUrl), "bar"],
|
||||||
|
@ -468,7 +467,6 @@ Deno.test("Worker limit children permissions granularly", async function () {
|
||||||
envGlobal: "prompt",
|
envGlobal: "prompt",
|
||||||
envFoo: "granted",
|
envFoo: "granted",
|
||||||
envAbsent: "prompt",
|
envAbsent: "prompt",
|
||||||
hrtime: "granted",
|
|
||||||
netGlobal: "prompt",
|
netGlobal: "prompt",
|
||||||
netFoo: "granted",
|
netFoo: "granted",
|
||||||
netFoo8000: "granted",
|
netFoo8000: "granted",
|
||||||
|
@ -508,7 +506,6 @@ Deno.test("Nested worker limit children permissions", async function () {
|
||||||
envGlobal: "prompt",
|
envGlobal: "prompt",
|
||||||
envFoo: "prompt",
|
envFoo: "prompt",
|
||||||
envAbsent: "prompt",
|
envAbsent: "prompt",
|
||||||
hrtime: "prompt",
|
|
||||||
netGlobal: "prompt",
|
netGlobal: "prompt",
|
||||||
netFoo: "prompt",
|
netFoo: "prompt",
|
||||||
netFoo8000: "prompt",
|
netFoo8000: "prompt",
|
||||||
|
@ -586,7 +583,6 @@ Deno.test("Worker permissions are not inherited with empty permission object", a
|
||||||
worker.postMessage(null);
|
worker.postMessage(null);
|
||||||
assertEquals(await promise, {
|
assertEquals(await promise, {
|
||||||
env: "prompt",
|
env: "prompt",
|
||||||
hrtime: "prompt",
|
|
||||||
net: "prompt",
|
net: "prompt",
|
||||||
ffi: "prompt",
|
ffi: "prompt",
|
||||||
read: "prompt",
|
read: "prompt",
|
||||||
|
@ -611,7 +607,6 @@ Deno.test("Worker permissions are not inherited with single specified permission
|
||||||
worker.postMessage(null);
|
worker.postMessage(null);
|
||||||
assertEquals(await promise, {
|
assertEquals(await promise, {
|
||||||
env: "prompt",
|
env: "prompt",
|
||||||
hrtime: "prompt",
|
|
||||||
net: "granted",
|
net: "granted",
|
||||||
ffi: "prompt",
|
ffi: "prompt",
|
||||||
read: "prompt",
|
read: "prompt",
|
||||||
|
|
|
@ -221,7 +221,7 @@ async function ensureNoNewITests() {
|
||||||
"pm_tests.rs": 0,
|
"pm_tests.rs": 0,
|
||||||
"publish_tests.rs": 0,
|
"publish_tests.rs": 0,
|
||||||
"repl_tests.rs": 0,
|
"repl_tests.rs": 0,
|
||||||
"run_tests.rs": 352,
|
"run_tests.rs": 351,
|
||||||
"shared_library_tests.rs": 0,
|
"shared_library_tests.rs": 0,
|
||||||
"task_tests.rs": 30,
|
"task_tests.rs": 30,
|
||||||
"test_tests.rs": 75,
|
"test_tests.rs": 75,
|
||||||
|
|
Loading…
Add table
Reference in a new issue