mirror of https://github.com/denoland/deno.git
Fix permissions for dial and listen (#2373)
This commit is contained in:
parent
00f6fa46b3
commit
7219787894
21
cli/ops.rs
21
cli/ops.rs
|
@ -1625,19 +1625,18 @@ fn op_listen(
|
||||||
data: Option<PinnedBuf>,
|
data: Option<PinnedBuf>,
|
||||||
) -> Box<OpWithError> {
|
) -> Box<OpWithError> {
|
||||||
assert!(data.is_none());
|
assert!(data.is_none());
|
||||||
if let Err(e) = state.check_net("listen") {
|
|
||||||
return odd_future(e);
|
|
||||||
}
|
|
||||||
|
|
||||||
let cmd_id = base.cmd_id();
|
let cmd_id = base.cmd_id();
|
||||||
let inner = base.inner_as_listen().unwrap();
|
let inner = base.inner_as_listen().unwrap();
|
||||||
let network = inner.network().unwrap();
|
let network = inner.network().unwrap();
|
||||||
assert_eq!(network, "tcp");
|
assert_eq!(network, "tcp");
|
||||||
let address = inner.address().unwrap();
|
let address = inner.address().unwrap();
|
||||||
|
|
||||||
|
if let Err(e) = state.check_net(&address) {
|
||||||
|
return odd_future(e);
|
||||||
|
}
|
||||||
|
|
||||||
Box::new(futures::future::result((move || {
|
Box::new(futures::future::result((move || {
|
||||||
let addr = resolve_addr(address).wait()?;
|
let addr = resolve_addr(address).wait()?;
|
||||||
|
|
||||||
let listener = TcpListener::bind(&addr)?;
|
let listener = TcpListener::bind(&addr)?;
|
||||||
let resource = resources::add_tcp_listener(listener);
|
let resource = resources::add_tcp_listener(listener);
|
||||||
|
|
||||||
|
@ -1682,14 +1681,11 @@ fn new_conn(cmd_id: u32, tcp_stream: TcpStream) -> OpResult {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn op_accept(
|
fn op_accept(
|
||||||
state: &ThreadSafeState,
|
_state: &ThreadSafeState,
|
||||||
base: &msg::Base<'_>,
|
base: &msg::Base<'_>,
|
||||||
data: Option<PinnedBuf>,
|
data: Option<PinnedBuf>,
|
||||||
) -> Box<OpWithError> {
|
) -> Box<OpWithError> {
|
||||||
assert!(data.is_none());
|
assert!(data.is_none());
|
||||||
if let Err(e) = state.check_net("accept") {
|
|
||||||
return odd_future(e);
|
|
||||||
}
|
|
||||||
let cmd_id = base.cmd_id();
|
let cmd_id = base.cmd_id();
|
||||||
let inner = base.inner_as_accept().unwrap();
|
let inner = base.inner_as_accept().unwrap();
|
||||||
let server_rid = inner.rid();
|
let server_rid = inner.rid();
|
||||||
|
@ -1713,15 +1709,16 @@ fn op_dial(
|
||||||
data: Option<PinnedBuf>,
|
data: Option<PinnedBuf>,
|
||||||
) -> Box<OpWithError> {
|
) -> Box<OpWithError> {
|
||||||
assert!(data.is_none());
|
assert!(data.is_none());
|
||||||
if let Err(e) = state.check_net("dial") {
|
|
||||||
return odd_future(e);
|
|
||||||
}
|
|
||||||
let cmd_id = base.cmd_id();
|
let cmd_id = base.cmd_id();
|
||||||
let inner = base.inner_as_dial().unwrap();
|
let inner = base.inner_as_dial().unwrap();
|
||||||
let network = inner.network().unwrap();
|
let network = inner.network().unwrap();
|
||||||
assert_eq!(network, "tcp"); // TODO Support others.
|
assert_eq!(network, "tcp"); // TODO Support others.
|
||||||
let address = inner.address().unwrap();
|
let address = inner.address().unwrap();
|
||||||
|
|
||||||
|
if let Err(e) = state.check_net(&address) {
|
||||||
|
return odd_future(e);
|
||||||
|
}
|
||||||
|
|
||||||
let op =
|
let op =
|
||||||
resolve_addr(address)
|
resolve_addr(address)
|
||||||
.map_err(DenoError::from)
|
.map_err(DenoError::from)
|
||||||
|
|
|
@ -8,6 +8,7 @@ import subprocess
|
||||||
import sys
|
import sys
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
import http_server
|
||||||
from util import build_path, root_path, executable_suffix, green_ok, red_failed
|
from util import build_path, root_path, executable_suffix, green_ok, red_failed
|
||||||
|
|
||||||
PERMISSIONS_PROMPT_TEST_TS = "tools/complex_permissions_test.ts"
|
PERMISSIONS_PROMPT_TEST_TS = "tools/complex_permissions_test.ts"
|
||||||
|
@ -96,15 +97,53 @@ class Prompt(object):
|
||||||
test_type)
|
test_type)
|
||||||
wrap_test(test_name_base + "_no_prefix", self.test_no_prefix,
|
wrap_test(test_name_base + "_no_prefix", self.test_no_prefix,
|
||||||
test_type)
|
test_type)
|
||||||
wrap_test(test_name_base + "_allow_localhost_4545",
|
|
||||||
self.test_allow_localhost_4545)
|
|
||||||
wrap_test(test_name_base + "_allow_deno_land",
|
|
||||||
self.test_allow_deno_land)
|
|
||||||
wrap_test(test_name_base + "_allow_localhost_4545_fail",
|
|
||||||
self.test_allow_localhost_4545_fail)
|
|
||||||
wrap_test(test_name_base + "_allow_localhost",
|
|
||||||
self.test_allow_localhost)
|
|
||||||
|
|
||||||
|
test_name = "net_fetch"
|
||||||
|
test_name_base = "test_" + test_name
|
||||||
|
wrap_test(test_name_base + "_allow_localhost_4545",
|
||||||
|
self.test_allow_localhost_4545, test_name,
|
||||||
|
["http://localhost:4545"])
|
||||||
|
wrap_test(test_name_base + "_allow_deno_land",
|
||||||
|
self.test_allow_deno_land, test_name,
|
||||||
|
["http://localhost:4545"])
|
||||||
|
wrap_test(test_name_base + "_allow_localhost_4545_fail",
|
||||||
|
self.test_allow_localhost_4545_fail, test_name,
|
||||||
|
["http://localhost:4546"])
|
||||||
|
wrap_test(test_name_base + "_allow_localhost",
|
||||||
|
self.test_allow_localhost, test_name, [
|
||||||
|
"http://localhost:4545", "http://localhost:4546",
|
||||||
|
"http://localhost:4547"
|
||||||
|
])
|
||||||
|
|
||||||
|
test_name = "net_dial"
|
||||||
|
test_name_base = "test_" + test_name
|
||||||
|
wrap_test(test_name_base + "_allow_localhost_4545",
|
||||||
|
self.test_allow_localhost_4545, test_name,
|
||||||
|
["localhost:4545"])
|
||||||
|
wrap_test(test_name_base + "_allow_deno_land",
|
||||||
|
self.test_allow_deno_land, test_name, ["localhost:4545"])
|
||||||
|
wrap_test(test_name_base + "_allow_localhost_4545_fail",
|
||||||
|
self.test_allow_localhost_4545_fail, test_name,
|
||||||
|
["localhost:4546"])
|
||||||
|
wrap_test(test_name_base + "_allow_localhost",
|
||||||
|
self.test_allow_localhost, test_name,
|
||||||
|
["localhost:4545", "localhost:4546", "localhost:4547"])
|
||||||
|
|
||||||
|
test_name = "net_listen"
|
||||||
|
test_name_base = "test_" + test_name
|
||||||
|
wrap_test(test_name_base + "_allow_localhost_4555",
|
||||||
|
self.test_allow_localhost_4555, test_name,
|
||||||
|
["localhost:4555"])
|
||||||
|
wrap_test(test_name_base + "_allow_deno_land",
|
||||||
|
self.test_allow_deno_land, test_name, ["localhost:4545"])
|
||||||
|
wrap_test(test_name_base + "_allow_localhost_4555_fail",
|
||||||
|
self.test_allow_localhost_4555_fail, test_name,
|
||||||
|
["localhost:4556"])
|
||||||
|
wrap_test(test_name_base + "_allow_localhost",
|
||||||
|
self.test_allow_localhost, test_name,
|
||||||
|
["localhost:4555", "localhost:4556", "localhost:4557"])
|
||||||
|
|
||||||
|
# read/write tests
|
||||||
def test_inside_project_dir(self, test_type):
|
def test_inside_project_dir(self, test_type):
|
||||||
code, _stdout, stderr = self.run(
|
code, _stdout, stderr = self.run(
|
||||||
["--no-prompt", "--allow-" + test_type + "=" + root_path],
|
["--no-prompt", "--allow-" + test_type + "=" + root_path],
|
||||||
|
@ -149,40 +188,6 @@ class Prompt(object):
|
||||||
assert not PROMPT_PATTERN in stderr
|
assert not PROMPT_PATTERN in stderr
|
||||||
assert not PERMISSION_DENIED_PATTERN in stderr
|
assert not PERMISSION_DENIED_PATTERN in stderr
|
||||||
|
|
||||||
def test_allow_localhost_4545(self):
|
|
||||||
code, _stdout, stderr = self.run(
|
|
||||||
["--no-prompt", "--allow-net=localhost:4545"],
|
|
||||||
["net", "http://localhost:4545"], b'')
|
|
||||||
assert code == 0
|
|
||||||
assert not PROMPT_PATTERN in stderr
|
|
||||||
assert not PERMISSION_DENIED_PATTERN in stderr
|
|
||||||
|
|
||||||
def test_allow_deno_land(self):
|
|
||||||
code, _stdout, stderr = self.run(
|
|
||||||
["--no-prompt", "--allow-net=deno.land"],
|
|
||||||
["net", "http://localhost:4545"], b'')
|
|
||||||
assert code == 1
|
|
||||||
assert not PROMPT_PATTERN in stderr
|
|
||||||
assert PERMISSION_DENIED_PATTERN in stderr
|
|
||||||
|
|
||||||
def test_allow_localhost_4545_fail(self):
|
|
||||||
code, _stdout, stderr = self.run(
|
|
||||||
["--no-prompt", "--allow-net=localhost:4545"],
|
|
||||||
["net", "http://localhost:4546"], b'')
|
|
||||||
assert code == 1
|
|
||||||
assert not PROMPT_PATTERN in stderr
|
|
||||||
assert PERMISSION_DENIED_PATTERN in stderr
|
|
||||||
|
|
||||||
def test_allow_localhost(self):
|
|
||||||
code, _stdout, stderr = self.run(
|
|
||||||
["--no-prompt", "--allow-net=localhost"], [
|
|
||||||
"net", "http://localhost:4545", "http://localhost:4546",
|
|
||||||
"http://localhost:4547"
|
|
||||||
], b'')
|
|
||||||
assert code == 0
|
|
||||||
assert not PROMPT_PATTERN in stderr
|
|
||||||
assert not PERMISSION_DENIED_PATTERN in stderr
|
|
||||||
|
|
||||||
def test_relative(self, test_type):
|
def test_relative(self, test_type):
|
||||||
# Save and restore curdir
|
# Save and restore curdir
|
||||||
saved_curdir = os.getcwd()
|
saved_curdir = os.getcwd()
|
||||||
|
@ -207,6 +212,53 @@ class Prompt(object):
|
||||||
assert not PERMISSION_DENIED_PATTERN in stderr
|
assert not PERMISSION_DENIED_PATTERN in stderr
|
||||||
os.chdir(saved_curdir)
|
os.chdir(saved_curdir)
|
||||||
|
|
||||||
|
# net tests
|
||||||
|
def test_allow_localhost_4545(self, test_type, hosts):
|
||||||
|
code, _stdout, stderr = self.run(
|
||||||
|
["--no-prompt", "--allow-net=localhost:4545"], [test_type] + hosts,
|
||||||
|
b'')
|
||||||
|
assert code == 0
|
||||||
|
assert not PROMPT_PATTERN in stderr
|
||||||
|
assert not PERMISSION_DENIED_PATTERN in stderr
|
||||||
|
|
||||||
|
def test_allow_localhost_4555(self, test_type, hosts):
|
||||||
|
code, _stdout, stderr = self.run(
|
||||||
|
["--no-prompt", "--allow-net=localhost:4555"], [test_type] + hosts,
|
||||||
|
b'')
|
||||||
|
assert code == 0
|
||||||
|
assert not PROMPT_PATTERN in stderr
|
||||||
|
assert not PERMISSION_DENIED_PATTERN in stderr
|
||||||
|
|
||||||
|
def test_allow_deno_land(self, test_type, hosts):
|
||||||
|
code, _stdout, stderr = self.run(
|
||||||
|
["--no-prompt", "--allow-net=deno.land"], [test_type] + hosts, b'')
|
||||||
|
assert code == 1
|
||||||
|
assert not PROMPT_PATTERN in stderr
|
||||||
|
assert PERMISSION_DENIED_PATTERN in stderr
|
||||||
|
|
||||||
|
def test_allow_localhost_4545_fail(self, test_type, hosts):
|
||||||
|
code, _stdout, stderr = self.run(
|
||||||
|
["--no-prompt", "--allow-net=localhost:4545"], [test_type] + hosts,
|
||||||
|
b'')
|
||||||
|
assert code == 1
|
||||||
|
assert not PROMPT_PATTERN in stderr
|
||||||
|
assert PERMISSION_DENIED_PATTERN in stderr
|
||||||
|
|
||||||
|
def test_allow_localhost_4555_fail(self, test_type, hosts):
|
||||||
|
code, _stdout, stderr = self.run(
|
||||||
|
["--no-prompt", "--allow-net=localhost:4555"], [test_type] + hosts,
|
||||||
|
b'')
|
||||||
|
assert code == 1
|
||||||
|
assert not PROMPT_PATTERN in stderr
|
||||||
|
assert PERMISSION_DENIED_PATTERN in stderr
|
||||||
|
|
||||||
|
def test_allow_localhost(self, test_type, hosts):
|
||||||
|
code, _stdout, stderr = self.run(
|
||||||
|
["--no-prompt", "--allow-net=localhost"], [test_type] + hosts, b'')
|
||||||
|
assert code == 0
|
||||||
|
assert not PROMPT_PATTERN in stderr
|
||||||
|
assert not PERMISSION_DENIED_PATTERN in stderr
|
||||||
|
|
||||||
|
|
||||||
def complex_permissions_test(deno_exe):
|
def complex_permissions_test(deno_exe):
|
||||||
p = Prompt(deno_exe, ["read", "write", "net"])
|
p = Prompt(deno_exe, ["read", "write", "net"])
|
||||||
|
@ -216,6 +268,7 @@ def complex_permissions_test(deno_exe):
|
||||||
def main():
|
def main():
|
||||||
print "Permissions prompt tests"
|
print "Permissions prompt tests"
|
||||||
deno_exe = os.path.join(build_path(), "deno" + executable_suffix)
|
deno_exe = os.path.join(build_path(), "deno" + executable_suffix)
|
||||||
|
http_server.spawn()
|
||||||
complex_permissions_test(deno_exe)
|
complex_permissions_test(deno_exe)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -11,8 +11,23 @@ const test: (args: string[]) => void = {
|
||||||
(file): any => writeFileSync(file, new Uint8Array(), { append: true })
|
(file): any => writeFileSync(file, new Uint8Array(), { append: true })
|
||||||
);
|
);
|
||||||
},
|
},
|
||||||
net: (hosts: string[]): void => {
|
net_fetch: (hosts: string[]): void => {
|
||||||
hosts.forEach((host): any => fetch(host));
|
hosts.forEach((host): any => fetch(host));
|
||||||
|
},
|
||||||
|
net_listen: (hosts: string[]): void => {
|
||||||
|
hosts.forEach(
|
||||||
|
(host): any => {
|
||||||
|
const listener = Deno.listen("tcp", host);
|
||||||
|
listener.close();
|
||||||
|
}
|
||||||
|
);
|
||||||
|
},
|
||||||
|
net_dial: async (hosts: string[]): Promise<void> => {
|
||||||
|
for (const host of hosts) {
|
||||||
|
console.log("host in dial:", host);
|
||||||
|
const listener = await Deno.dial("tcp", host);
|
||||||
|
listener.close();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}[name];
|
}[name];
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue