New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(cli/permissions): Fix CWD and exec path leaks #5642
Conversation
48e0137
to
c969196
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @nayeemrmn - sorry for the slow review - I just now saw this patch. I wish I had gotten it in v1.0.2!
@nayeemrmn Gosh - sorry for the slow review again. This looks good to me. Could you please draft a commit message that I can use when squashing this? |
Commit message:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Fixes #5627.
Fixes #5742.
Fixes #5786.
permissions.check_read_blind(path, display)
forDeno.cwd()
andDeno.execPath()
. It allows you to get errors like:PermissionDenied: read access to <CWD>, run again with the --allow-read flag
PermissionDenied: read access to <exec_path>, run again with the --allow-read flag
deno run --unstable temp.ts
:⚠️ Deno requests read access to "../abc". Grant? [g/d (g = grant, d = deny)]
deno run --unstable --allow-read=. temp.ts
:⚠️ Deno requests read access to "/mnt/c/Users/Nayeem/projects/abc". Grant? [g/d (g = grant, d = deny)]
Deno.realPath()
, check if the CWD is allowed when a relative path is given.