diff --git a/cli/ops.rs b/cli/ops.rs index 9b5bc0079e..2960f3d9d7 100644 --- a/cli/ops.rs +++ b/cli/ops.rs @@ -1625,19 +1625,18 @@ fn op_listen( data: Option, ) -> Box { assert!(data.is_none()); - if let Err(e) = state.check_net("listen") { - return odd_future(e); - } - let cmd_id = base.cmd_id(); let inner = base.inner_as_listen().unwrap(); let network = inner.network().unwrap(); assert_eq!(network, "tcp"); let address = inner.address().unwrap(); + if let Err(e) = state.check_net(&address) { + return odd_future(e); + } + Box::new(futures::future::result((move || { let addr = resolve_addr(address).wait()?; - let listener = TcpListener::bind(&addr)?; let resource = resources::add_tcp_listener(listener); @@ -1682,14 +1681,11 @@ fn new_conn(cmd_id: u32, tcp_stream: TcpStream) -> OpResult { } fn op_accept( - state: &ThreadSafeState, + _state: &ThreadSafeState, base: &msg::Base<'_>, data: Option, ) -> Box { assert!(data.is_none()); - if let Err(e) = state.check_net("accept") { - return odd_future(e); - } let cmd_id = base.cmd_id(); let inner = base.inner_as_accept().unwrap(); let server_rid = inner.rid(); @@ -1713,15 +1709,16 @@ fn op_dial( data: Option, ) -> Box { assert!(data.is_none()); - if let Err(e) = state.check_net("dial") { - return odd_future(e); - } let cmd_id = base.cmd_id(); let inner = base.inner_as_dial().unwrap(); let network = inner.network().unwrap(); assert_eq!(network, "tcp"); // TODO Support others. let address = inner.address().unwrap(); + if let Err(e) = state.check_net(&address) { + return odd_future(e); + } + let op = resolve_addr(address) .map_err(DenoError::from) diff --git a/tools/complex_permissions_test.py b/tools/complex_permissions_test.py index 8fdc99d8b2..a338654fe3 100755 --- a/tools/complex_permissions_test.py +++ b/tools/complex_permissions_test.py @@ -8,6 +8,7 @@ import subprocess import sys import time +import http_server from util import build_path, root_path, executable_suffix, green_ok, red_failed PERMISSIONS_PROMPT_TEST_TS = "tools/complex_permissions_test.ts" @@ -96,15 +97,53 @@ class Prompt(object): test_type) wrap_test(test_name_base + "_no_prefix", self.test_no_prefix, test_type) - wrap_test(test_name_base + "_allow_localhost_4545", - self.test_allow_localhost_4545) - wrap_test(test_name_base + "_allow_deno_land", - self.test_allow_deno_land) - wrap_test(test_name_base + "_allow_localhost_4545_fail", - self.test_allow_localhost_4545_fail) - wrap_test(test_name_base + "_allow_localhost", - self.test_allow_localhost) + test_name = "net_fetch" + test_name_base = "test_" + test_name + wrap_test(test_name_base + "_allow_localhost_4545", + self.test_allow_localhost_4545, test_name, + ["http://localhost:4545"]) + wrap_test(test_name_base + "_allow_deno_land", + self.test_allow_deno_land, test_name, + ["http://localhost:4545"]) + wrap_test(test_name_base + "_allow_localhost_4545_fail", + self.test_allow_localhost_4545_fail, test_name, + ["http://localhost:4546"]) + wrap_test(test_name_base + "_allow_localhost", + self.test_allow_localhost, test_name, [ + "http://localhost:4545", "http://localhost:4546", + "http://localhost:4547" + ]) + + test_name = "net_dial" + test_name_base = "test_" + test_name + wrap_test(test_name_base + "_allow_localhost_4545", + self.test_allow_localhost_4545, test_name, + ["localhost:4545"]) + wrap_test(test_name_base + "_allow_deno_land", + self.test_allow_deno_land, test_name, ["localhost:4545"]) + wrap_test(test_name_base + "_allow_localhost_4545_fail", + self.test_allow_localhost_4545_fail, test_name, + ["localhost:4546"]) + wrap_test(test_name_base + "_allow_localhost", + self.test_allow_localhost, test_name, + ["localhost:4545", "localhost:4546", "localhost:4547"]) + + test_name = "net_listen" + test_name_base = "test_" + test_name + wrap_test(test_name_base + "_allow_localhost_4555", + self.test_allow_localhost_4555, test_name, + ["localhost:4555"]) + wrap_test(test_name_base + "_allow_deno_land", + self.test_allow_deno_land, test_name, ["localhost:4545"]) + wrap_test(test_name_base + "_allow_localhost_4555_fail", + self.test_allow_localhost_4555_fail, test_name, + ["localhost:4556"]) + wrap_test(test_name_base + "_allow_localhost", + self.test_allow_localhost, test_name, + ["localhost:4555", "localhost:4556", "localhost:4557"]) + + # read/write tests def test_inside_project_dir(self, test_type): code, _stdout, stderr = self.run( ["--no-prompt", "--allow-" + test_type + "=" + root_path], @@ -149,40 +188,6 @@ class Prompt(object): assert not PROMPT_PATTERN in stderr assert not PERMISSION_DENIED_PATTERN in stderr - def test_allow_localhost_4545(self): - code, _stdout, stderr = self.run( - ["--no-prompt", "--allow-net=localhost:4545"], - ["net", "http://localhost:4545"], b'') - assert code == 0 - assert not PROMPT_PATTERN in stderr - assert not PERMISSION_DENIED_PATTERN in stderr - - def test_allow_deno_land(self): - code, _stdout, stderr = self.run( - ["--no-prompt", "--allow-net=deno.land"], - ["net", "http://localhost:4545"], b'') - assert code == 1 - assert not PROMPT_PATTERN in stderr - assert PERMISSION_DENIED_PATTERN in stderr - - def test_allow_localhost_4545_fail(self): - code, _stdout, stderr = self.run( - ["--no-prompt", "--allow-net=localhost:4545"], - ["net", "http://localhost:4546"], b'') - assert code == 1 - assert not PROMPT_PATTERN in stderr - assert PERMISSION_DENIED_PATTERN in stderr - - def test_allow_localhost(self): - code, _stdout, stderr = self.run( - ["--no-prompt", "--allow-net=localhost"], [ - "net", "http://localhost:4545", "http://localhost:4546", - "http://localhost:4547" - ], b'') - assert code == 0 - assert not PROMPT_PATTERN in stderr - assert not PERMISSION_DENIED_PATTERN in stderr - def test_relative(self, test_type): # Save and restore curdir saved_curdir = os.getcwd() @@ -207,6 +212,53 @@ class Prompt(object): assert not PERMISSION_DENIED_PATTERN in stderr os.chdir(saved_curdir) + # net tests + def test_allow_localhost_4545(self, test_type, hosts): + code, _stdout, stderr = self.run( + ["--no-prompt", "--allow-net=localhost:4545"], [test_type] + hosts, + b'') + assert code == 0 + assert not PROMPT_PATTERN in stderr + assert not PERMISSION_DENIED_PATTERN in stderr + + def test_allow_localhost_4555(self, test_type, hosts): + code, _stdout, stderr = self.run( + ["--no-prompt", "--allow-net=localhost:4555"], [test_type] + hosts, + b'') + assert code == 0 + assert not PROMPT_PATTERN in stderr + assert not PERMISSION_DENIED_PATTERN in stderr + + def test_allow_deno_land(self, test_type, hosts): + code, _stdout, stderr = self.run( + ["--no-prompt", "--allow-net=deno.land"], [test_type] + hosts, b'') + assert code == 1 + assert not PROMPT_PATTERN in stderr + assert PERMISSION_DENIED_PATTERN in stderr + + def test_allow_localhost_4545_fail(self, test_type, hosts): + code, _stdout, stderr = self.run( + ["--no-prompt", "--allow-net=localhost:4545"], [test_type] + hosts, + b'') + assert code == 1 + assert not PROMPT_PATTERN in stderr + assert PERMISSION_DENIED_PATTERN in stderr + + def test_allow_localhost_4555_fail(self, test_type, hosts): + code, _stdout, stderr = self.run( + ["--no-prompt", "--allow-net=localhost:4555"], [test_type] + hosts, + b'') + assert code == 1 + assert not PROMPT_PATTERN in stderr + assert PERMISSION_DENIED_PATTERN in stderr + + def test_allow_localhost(self, test_type, hosts): + code, _stdout, stderr = self.run( + ["--no-prompt", "--allow-net=localhost"], [test_type] + hosts, b'') + assert code == 0 + assert not PROMPT_PATTERN in stderr + assert not PERMISSION_DENIED_PATTERN in stderr + def complex_permissions_test(deno_exe): p = Prompt(deno_exe, ["read", "write", "net"]) @@ -216,6 +268,7 @@ def complex_permissions_test(deno_exe): def main(): print "Permissions prompt tests" deno_exe = os.path.join(build_path(), "deno" + executable_suffix) + http_server.spawn() complex_permissions_test(deno_exe) diff --git a/tools/complex_permissions_test.ts b/tools/complex_permissions_test.ts index 72377ff93a..da3ca53143 100644 --- a/tools/complex_permissions_test.ts +++ b/tools/complex_permissions_test.ts @@ -11,8 +11,23 @@ const test: (args: string[]) => void = { (file): any => writeFileSync(file, new Uint8Array(), { append: true }) ); }, - net: (hosts: string[]): void => { + net_fetch: (hosts: string[]): void => { hosts.forEach((host): any => fetch(host)); + }, + net_listen: (hosts: string[]): void => { + hosts.forEach( + (host): any => { + const listener = Deno.listen("tcp", host); + listener.close(); + } + ); + }, + net_dial: async (hosts: string[]): Promise => { + for (const host of hosts) { + console.log("host in dial:", host); + const listener = await Deno.dial("tcp", host); + listener.close(); + } } }[name];