Browse Source

Fix permissions for dial and listen (#2373)

tags/v0.6.0
Bartek Iwańczuk 1 month ago
parent
commit
7219787894
3 changed files with 116 additions and 51 deletions
  1. 9
    12
      cli/ops.rs
  2. 91
    38
      tools/complex_permissions_test.py
  3. 16
    1
      tools/complex_permissions_test.ts

+ 9
- 12
cli/ops.rs View File

@@ -1625,19 +1625,18 @@ fn op_listen(
1625 1625
   data: Option<PinnedBuf>,
1626 1626
 ) -> Box<OpWithError> {
1627 1627
   assert!(data.is_none());
1628
-  if let Err(e) = state.check_net("listen") {
1629
-    return odd_future(e);
1630
-  }
1631
-
1632 1628
   let cmd_id = base.cmd_id();
1633 1629
   let inner = base.inner_as_listen().unwrap();
1634 1630
   let network = inner.network().unwrap();
1635 1631
   assert_eq!(network, "tcp");
1636 1632
   let address = inner.address().unwrap();
1637 1633
 
1634
+  if let Err(e) = state.check_net(&address) {
1635
+    return odd_future(e);
1636
+  }
1637
+
1638 1638
   Box::new(futures::future::result((move || {
1639 1639
     let addr = resolve_addr(address).wait()?;
1640
-
1641 1640
     let listener = TcpListener::bind(&addr)?;
1642 1641
     let resource = resources::add_tcp_listener(listener);
1643 1642
 
@@ -1682,14 +1681,11 @@ fn new_conn(cmd_id: u32, tcp_stream: TcpStream) -> OpResult {
1682 1681
 }
1683 1682
 
1684 1683
 fn op_accept(
1685
-  state: &ThreadSafeState,
1684
+  _state: &ThreadSafeState,
1686 1685
   base: &msg::Base<'_>,
1687 1686
   data: Option<PinnedBuf>,
1688 1687
 ) -> Box<OpWithError> {
1689 1688
   assert!(data.is_none());
1690
-  if let Err(e) = state.check_net("accept") {
1691
-    return odd_future(e);
1692
-  }
1693 1689
   let cmd_id = base.cmd_id();
1694 1690
   let inner = base.inner_as_accept().unwrap();
1695 1691
   let server_rid = inner.rid();
@@ -1713,15 +1709,16 @@ fn op_dial(
1713 1709
   data: Option<PinnedBuf>,
1714 1710
 ) -> Box<OpWithError> {
1715 1711
   assert!(data.is_none());
1716
-  if let Err(e) = state.check_net("dial") {
1717
-    return odd_future(e);
1718
-  }
1719 1712
   let cmd_id = base.cmd_id();
1720 1713
   let inner = base.inner_as_dial().unwrap();
1721 1714
   let network = inner.network().unwrap();
1722 1715
   assert_eq!(network, "tcp"); // TODO Support others.
1723 1716
   let address = inner.address().unwrap();
1724 1717
 
1718
+  if let Err(e) = state.check_net(&address) {
1719
+    return odd_future(e);
1720
+  }
1721
+
1725 1722
   let op =
1726 1723
     resolve_addr(address)
1727 1724
       .map_err(DenoError::from)

+ 91
- 38
tools/complex_permissions_test.py View File

@@ -8,6 +8,7 @@ import subprocess
8 8
 import sys
9 9
 import time
10 10
 
11
+import http_server
11 12
 from util import build_path, root_path, executable_suffix, green_ok, red_failed
12 13
 
13 14
 PERMISSIONS_PROMPT_TEST_TS = "tools/complex_permissions_test.ts"
@@ -96,15 +97,53 @@ class Prompt(object):
96 97
                       test_type)
97 98
             wrap_test(test_name_base + "_no_prefix", self.test_no_prefix,
98 99
                       test_type)
100
+
101
+        test_name = "net_fetch"
102
+        test_name_base = "test_" + test_name
103
+        wrap_test(test_name_base + "_allow_localhost_4545",
104
+                  self.test_allow_localhost_4545, test_name,
105
+                  ["http://localhost:4545"])
106
+        wrap_test(test_name_base + "_allow_deno_land",
107
+                  self.test_allow_deno_land, test_name,
108
+                  ["http://localhost:4545"])
109
+        wrap_test(test_name_base + "_allow_localhost_4545_fail",
110
+                  self.test_allow_localhost_4545_fail, test_name,
111
+                  ["http://localhost:4546"])
112
+        wrap_test(test_name_base + "_allow_localhost",
113
+                  self.test_allow_localhost, test_name, [
114
+                      "http://localhost:4545", "http://localhost:4546",
115
+                      "http://localhost:4547"
116
+                  ])
117
+
118
+        test_name = "net_dial"
119
+        test_name_base = "test_" + test_name
99 120
         wrap_test(test_name_base + "_allow_localhost_4545",
100
-                  self.test_allow_localhost_4545)
121
+                  self.test_allow_localhost_4545, test_name,
122
+                  ["localhost:4545"])
101 123
         wrap_test(test_name_base + "_allow_deno_land",
102
-                  self.test_allow_deno_land)
124
+                  self.test_allow_deno_land, test_name, ["localhost:4545"])
103 125
         wrap_test(test_name_base + "_allow_localhost_4545_fail",
104
-                  self.test_allow_localhost_4545_fail)
126
+                  self.test_allow_localhost_4545_fail, test_name,
127
+                  ["localhost:4546"])
105 128
         wrap_test(test_name_base + "_allow_localhost",
106
-                  self.test_allow_localhost)
129
+                  self.test_allow_localhost, test_name,
130
+                  ["localhost:4545", "localhost:4546", "localhost:4547"])
107 131
 
132
+        test_name = "net_listen"
133
+        test_name_base = "test_" + test_name
134
+        wrap_test(test_name_base + "_allow_localhost_4555",
135
+                  self.test_allow_localhost_4555, test_name,
136
+                  ["localhost:4555"])
137
+        wrap_test(test_name_base + "_allow_deno_land",
138
+                  self.test_allow_deno_land, test_name, ["localhost:4545"])
139
+        wrap_test(test_name_base + "_allow_localhost_4555_fail",
140
+                  self.test_allow_localhost_4555_fail, test_name,
141
+                  ["localhost:4556"])
142
+        wrap_test(test_name_base + "_allow_localhost",
143
+                  self.test_allow_localhost, test_name,
144
+                  ["localhost:4555", "localhost:4556", "localhost:4557"])
145
+
146
+    # read/write tests
108 147
     def test_inside_project_dir(self, test_type):
109 148
         code, _stdout, stderr = self.run(
110 149
             ["--no-prompt", "--allow-" + test_type + "=" + root_path],
@@ -149,40 +188,6 @@ class Prompt(object):
149 188
         assert not PROMPT_PATTERN in stderr
150 189
         assert not PERMISSION_DENIED_PATTERN in stderr
151 190
 
152
-    def test_allow_localhost_4545(self):
153
-        code, _stdout, stderr = self.run(
154
-            ["--no-prompt", "--allow-net=localhost:4545"],
155
-            ["net", "http://localhost:4545"], b'')
156
-        assert code == 0
157
-        assert not PROMPT_PATTERN in stderr
158
-        assert not PERMISSION_DENIED_PATTERN in stderr
159
-
160
-    def test_allow_deno_land(self):
161
-        code, _stdout, stderr = self.run(
162
-            ["--no-prompt", "--allow-net=deno.land"],
163
-            ["net", "http://localhost:4545"], b'')
164
-        assert code == 1
165
-        assert not PROMPT_PATTERN in stderr
166
-        assert PERMISSION_DENIED_PATTERN in stderr
167
-
168
-    def test_allow_localhost_4545_fail(self):
169
-        code, _stdout, stderr = self.run(
170
-            ["--no-prompt", "--allow-net=localhost:4545"],
171
-            ["net", "http://localhost:4546"], b'')
172
-        assert code == 1
173
-        assert not PROMPT_PATTERN in stderr
174
-        assert PERMISSION_DENIED_PATTERN in stderr
175
-
176
-    def test_allow_localhost(self):
177
-        code, _stdout, stderr = self.run(
178
-            ["--no-prompt", "--allow-net=localhost"], [
179
-                "net", "http://localhost:4545", "http://localhost:4546",
180
-                "http://localhost:4547"
181
-            ], b'')
182
-        assert code == 0
183
-        assert not PROMPT_PATTERN in stderr
184
-        assert not PERMISSION_DENIED_PATTERN in stderr
185
-
186 191
     def test_relative(self, test_type):
187 192
         # Save and restore curdir
188 193
         saved_curdir = os.getcwd()
@@ -207,6 +212,53 @@ class Prompt(object):
207 212
         assert not PERMISSION_DENIED_PATTERN in stderr
208 213
         os.chdir(saved_curdir)
209 214
 
215
+    # net tests
216
+    def test_allow_localhost_4545(self, test_type, hosts):
217
+        code, _stdout, stderr = self.run(
218
+            ["--no-prompt", "--allow-net=localhost:4545"], [test_type] + hosts,
219
+            b'')
220
+        assert code == 0
221
+        assert not PROMPT_PATTERN in stderr
222
+        assert not PERMISSION_DENIED_PATTERN in stderr
223
+
224
+    def test_allow_localhost_4555(self, test_type, hosts):
225
+        code, _stdout, stderr = self.run(
226
+            ["--no-prompt", "--allow-net=localhost:4555"], [test_type] + hosts,
227
+            b'')
228
+        assert code == 0
229
+        assert not PROMPT_PATTERN in stderr
230
+        assert not PERMISSION_DENIED_PATTERN in stderr
231
+
232
+    def test_allow_deno_land(self, test_type, hosts):
233
+        code, _stdout, stderr = self.run(
234
+            ["--no-prompt", "--allow-net=deno.land"], [test_type] + hosts, b'')
235
+        assert code == 1
236
+        assert not PROMPT_PATTERN in stderr
237
+        assert PERMISSION_DENIED_PATTERN in stderr
238
+
239
+    def test_allow_localhost_4545_fail(self, test_type, hosts):
240
+        code, _stdout, stderr = self.run(
241
+            ["--no-prompt", "--allow-net=localhost:4545"], [test_type] + hosts,
242
+            b'')
243
+        assert code == 1
244
+        assert not PROMPT_PATTERN in stderr
245
+        assert PERMISSION_DENIED_PATTERN in stderr
246
+
247
+    def test_allow_localhost_4555_fail(self, test_type, hosts):
248
+        code, _stdout, stderr = self.run(
249
+            ["--no-prompt", "--allow-net=localhost:4555"], [test_type] + hosts,
250
+            b'')
251
+        assert code == 1
252
+        assert not PROMPT_PATTERN in stderr
253
+        assert PERMISSION_DENIED_PATTERN in stderr
254
+
255
+    def test_allow_localhost(self, test_type, hosts):
256
+        code, _stdout, stderr = self.run(
257
+            ["--no-prompt", "--allow-net=localhost"], [test_type] + hosts, b'')
258
+        assert code == 0
259
+        assert not PROMPT_PATTERN in stderr
260
+        assert not PERMISSION_DENIED_PATTERN in stderr
261
+
210 262
 
211 263
 def complex_permissions_test(deno_exe):
212 264
     p = Prompt(deno_exe, ["read", "write", "net"])
@@ -216,6 +268,7 @@ def complex_permissions_test(deno_exe):
216 268
 def main():
217 269
     print "Permissions prompt tests"
218 270
     deno_exe = os.path.join(build_path(), "deno" + executable_suffix)
271
+    http_server.spawn()
219 272
     complex_permissions_test(deno_exe)
220 273
 
221 274
 

+ 16
- 1
tools/complex_permissions_test.ts View File

@@ -11,8 +11,23 @@ const test: (args: string[]) => void = {
11 11
       (file): any => writeFileSync(file, new Uint8Array(), { append: true })
12 12
     );
13 13
   },
14
-  net: (hosts: string[]): void => {
14
+  net_fetch: (hosts: string[]): void => {
15 15
     hosts.forEach((host): any => fetch(host));
16
+  },
17
+  net_listen: (hosts: string[]): void => {
18
+    hosts.forEach(
19
+      (host): any => {
20
+        const listener = Deno.listen("tcp", host);
21
+        listener.close();
22
+      }
23
+    );
24
+  },
25
+  net_dial: async (hosts: string[]): Promise<void> => {
26
+    for (const host of hosts) {
27
+      console.log("host in dial:", host);
28
+      const listener = await Deno.dial("tcp", host);
29
+      listener.close();
30
+    }
16 31
   }
17 32
 }[name];
18 33
 

Loading…
Cancel
Save