Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Permissions whitelist #2129

Merged
merged 20 commits into from May 8, 2019
Merged
Changes from 9 commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

@@ -297,36 +297,14 @@ impl DenoDir {
referrer: &str,
) -> Result<Url, url::ParseError> {
let specifier = self.src_file_to_url(specifier);
let mut referrer = self.src_file_to_url(referrer);
let referrer = self.src_file_to_url(referrer);

debug!(
"resolve_module specifier {} referrer {}",
specifier, referrer
);

if referrer.starts_with('.') {
let cwd = std::env::current_dir().unwrap();
let referrer_path = cwd.join(referrer);
referrer = referrer_path.to_str().unwrap().to_string() + "/";
}

let j = if is_remote(&specifier)
|| (Path::new(&specifier).is_absolute() && !is_remote(&referrer))
{
parse_local_or_remote(&specifier)?
} else if referrer.ends_with('/') {
let r = Url::from_directory_path(&referrer);
// TODO(ry) Properly handle error.
if r.is_err() {
error!("Url::from_directory_path error {}", referrer);
}
let base = r.unwrap();
base.join(specifier.as_ref())?
} else {
let base = parse_local_or_remote(&referrer)?;
base.join(specifier.as_ref())?
};
Ok(j)
resolve_file_url(specifier, referrer)
}

/// Returns (module name, local filename)
@@ -883,6 +861,35 @@ fn save_source_code_headers(
}
}

pub fn resolve_file_url(
specifier: String,
mut referrer: String,
) -> Result<Url, url::ParseError> {
if referrer.starts_with('.') {
let cwd = std::env::current_dir().unwrap();
let referrer_path = cwd.join(referrer);
referrer = referrer_path.to_str().unwrap().to_string() + "/";
}

let j = if is_remote(&specifier)
|| (Path::new(&specifier).is_absolute() && !is_remote(&referrer))
{
parse_local_or_remote(&specifier)?
} else if referrer.ends_with('/') {
let r = Url::from_directory_path(&referrer);
// TODO(ry) Properly handle error.
if r.is_err() {
error!("Url::from_directory_path error {}", referrer);
}
let base = r.unwrap();
base.join(specifier.as_ref())?
} else {
let base = parse_local_or_remote(&referrer)?;
base.join(specifier.as_ref())?
};
Ok(j)
}

#[cfg(test)]
mod tests {
use super::*;
@@ -17,8 +17,11 @@ pub struct DenoFlags {
/// the path passed on the command line, otherwise `None`.
pub config_path: Option<String>,
pub allow_read: bool,
pub read_whitelist: Vec<String>,
pub allow_write: bool,
pub write_whitelist: Vec<String>,
pub allow_net: bool,
pub net_whitelist: Vec<String>,
pub allow_env: bool,
pub allow_run: bool,
pub allow_high_precision: bool,
@@ -42,14 +45,26 @@ pub fn create_cli_app<'a, 'b>() -> App<'a, 'b> {
.arg(
Arg::with_name("allow-read")
.long("allow-read")
.min_values(0)
.takes_value(true)
.use_delimiter(true)
.require_equals(true)
.help("Allow file system read access"),
).arg(
Arg::with_name("allow-write")
.long("allow-write")
.min_values(0)
.takes_value(true)
.use_delimiter(true)
.require_equals(true)
.help("Allow file system write access"),
).arg(
Arg::with_name("allow-net")
.long("allow-net")
.min_values(0)
.takes_value(true)
.use_delimiter(true)
.require_equals(true)
.help("Allow network access"),
).arg(
Arg::with_name("allow-env")
@@ -215,13 +230,28 @@ pub fn parse_flags(matches: ArgMatches) -> DenoFlags {
}
flags.config_path = matches.value_of("config").map(ToOwned::to_owned);
if matches.is_present("allow-read") {
flags.allow_read = true;
if matches.value_of("allow-read").is_some() {
let read_wl = matches.values_of("allow-read").unwrap();
flags.read_whitelist = read_wl.map(|s| s.to_string()).collect();
} else {
flags.allow_read = true;
}
}
if matches.is_present("allow-write") {
flags.allow_write = true;
if matches.value_of("allow-write").is_some() {
let write_wl = matches.values_of("allow-write").unwrap();
flags.write_whitelist = write_wl.map(|s| s.to_string()).collect();
} else {
flags.allow_write = true;
}
}
if matches.is_present("allow-net") {
flags.allow_net = true;
if matches.value_of("allow-net").is_some() {
let net_wl = matches.values_of("allow-net").unwrap();
flags.net_whitelist = net_wl.map(|s| s.to_string()).collect();
} else {
flags.allow_net = true;
}
}
if matches.is_present("allow-env") {
flags.allow_env = true;
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.