denoland-deno/runtime/permissions.rs

// Copyright 2018-2021 the Deno authors. All rights reserved. MIT license.

use crate::colors;
use crate::fs_util::resolve_from_cwd;
use deno_core::error::custom_error;
use deno_core::error::uri_error;
use deno_core::error::AnyError;
#[cfg(test)]
use deno_core::parking_lot::Mutex;
use deno_core::serde::Deserialize;
use deno_core::serde::Serialize;
use deno_core::url;
use deno_core::ModuleSpecifier;
use deno_core::OpState;
use log::debug;
use std::collections::HashSet;
use std::fmt;
use std::hash::Hash;
#[cfg(not(test))]
use std::io;
use std::path::{Path, PathBuf};
#[cfg(test)]
use std::sync::atomic::AtomicBool;
#[cfg(test)]
use std::sync::atomic::Ordering;

const PERMISSION_EMOJI: &str = "⚠️";

/// Tri-state value for storing permission state
#[derive(PartialEq, Debug, Clone, Copy, Deserialize, PartialOrd)]
pub enum PermissionState {
  Granted = 0,
  Prompt = 1,
  Denied = 2,
}

impl PermissionState {
  #[inline(always)]
  fn log_perm_access(name: &str, info: Option<&str>) {
    debug!(
      "{}",
      colors::bold(&format!(
        "{}️  Granted {}",
        PERMISSION_EMOJI,
        Self::fmt_access(name, info)
      ))
    );
  }

  fn fmt_access(name: &str, info: Option<&str>) -> String {
    format!(
      "{} access{}",
      name,
      info.map_or(String::new(), |info| { format!(" to {}", info) }),
    )
  }

  fn error(name: &str, info: Option<&str>) -> AnyError {
    custom_error(
      "PermissionDenied",
      format!(
        "Requires {}, run again with the --allow-{} flag",
        Self::fmt_access(name, info),
        name
      ),
    )
  }

  /// Check the permission state. bool is whether a prompt was issued.
  fn check(
    self,
    name: &str,
    info: Option<&str>,
    prompt: bool,
  ) -> (Result<(), AnyError>, bool) {
    match self {
      PermissionState::Granted => {
        Self::log_perm_access(name, info);
        (Ok(()), false)
      }
      PermissionState::Prompt if prompt => {
        let msg = Self::fmt_access(name, info);
        if permission_prompt(&msg) {
          Self::log_perm_access(name, info);
          (Ok(()), true)
        } else {
          (Err(Self::error(name, info)), true)
        }
      }
      _ => (Err(Self::error(name, info)), false),
    }
  }
}

impl fmt::Display for PermissionState {
  fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
    match self {
      PermissionState::Granted => f.pad("granted"),
      PermissionState::Prompt => f.pad("prompt"),
      PermissionState::Denied => f.pad("denied"),
    }
  }
}

impl Default for PermissionState {
  fn default() -> Self {
    PermissionState::Prompt
  }
}

#[derive(Clone, Debug, Default, PartialEq)]
pub struct UnitPermission {
  pub name: &'static str,
  pub description: &'static str,
  pub state: PermissionState,
  pub prompt: bool,
}

impl UnitPermission {
  pub fn query(&self) -> PermissionState {
    self.state
  }

  pub fn request(&mut self) -> PermissionState {
    if self.state == PermissionState::Prompt {
      if permission_prompt(&format!("access to {}", self.description)) {
        self.state = PermissionState::Granted;
      } else {
        self.state = PermissionState::Denied;
      }
    }
    self.state
  }

  pub fn revoke(&mut self) -> PermissionState {
    if self.state == PermissionState::Granted {
      self.state = PermissionState::Prompt;
    }
    self.state
  }

  pub fn check(&mut self) -> Result<(), AnyError> {
    let (result, prompted) = self.state.check(self.name, None, self.prompt);
    if prompted {
      if result.is_ok() {
        self.state = PermissionState::Granted;
      } else {
        self.state = PermissionState::Denied;
      }
    }
    result
  }
}

#[derive(Clone, Debug, Default, Deserialize, PartialEq)]
pub struct UnaryPermission<T: Eq + Hash> {
  #[serde(skip)]
  pub name: &'static str,
  #[serde(skip)]
  pub description: &'static str,
  pub global_state: PermissionState,
  pub granted_list: HashSet<T>,
  pub denied_list: HashSet<T>,
  #[serde(skip)]
  pub prompt: bool,
}

#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
pub struct ReadDescriptor(pub PathBuf);

#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
pub struct WriteDescriptor(pub PathBuf);

#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
pub struct NetDescriptor(pub String, pub Option<u16>);

impl NetDescriptor {
  fn new<T: AsRef<str>>(host: &&(T, Option<u16>)) -> Self {
    NetDescriptor(host.0.as_ref().to_string(), host.1)
  }

  pub fn from_string(host: String) -> Self {
    let url = url::Url::parse(&format!("http://{}", host)).unwrap();
    let hostname = url.host_str().unwrap().to_string();

    NetDescriptor(hostname, url.port())
  }
}

impl fmt::Display for NetDescriptor {
  fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
    f.write_str(&match self.1 {
      None => self.0.clone(),
      Some(port) => format!("{}:{}", self.0, port),
    })
  }
}

#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
pub struct EnvDescriptor(pub String);

#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
pub struct RunDescriptor(pub String);

#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
pub struct FfiDescriptor(pub String);

impl UnaryPermission<ReadDescriptor> {
  pub fn query(&self, path: Option<&Path>) -> PermissionState {
    let path = path.map(|p| resolve_from_cwd(p).unwrap());
    if self.global_state == PermissionState::Denied
      && match path.as_ref() {
        None => true,
        Some(path) => self
          .denied_list
          .iter()
          .any(|path_| path_.0.starts_with(path)),
      }
    {
      PermissionState::Denied
    } else if self.global_state == PermissionState::Granted
      || match path.as_ref() {
        None => false,
        Some(path) => self
          .granted_list
          .iter()
          .any(|path_| path.starts_with(&path_.0)),
      }
    {
      PermissionState::Granted
    } else {
      PermissionState::Prompt
    }
  }

  pub fn request(&mut self, path: Option<&Path>) -> PermissionState {
    if let Some(path) = path {
      let (resolved_path, display_path) = resolved_and_display_path(path);
      let state = self.query(Some(&resolved_path));
      if state == PermissionState::Prompt {
        if permission_prompt(&format!(
          "read access to \"{}\"",
          display_path.display()
        )) {
          self
            .granted_list
            .retain(|path| !path.0.starts_with(&resolved_path));
          self.granted_list.insert(ReadDescriptor(resolved_path));
          PermissionState::Granted
        } else {
          self
            .denied_list
            .retain(|path| !resolved_path.starts_with(&path.0));
          self.denied_list.insert(ReadDescriptor(resolved_path));
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    } else {
      let state = self.query(None);
      if state == PermissionState::Prompt {
        if permission_prompt("read access") {
          self.granted_list.clear();
          self.global_state = PermissionState::Granted;
          PermissionState::Granted
        } else {
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    }
  }

  pub fn revoke(&mut self, path: Option<&Path>) -> PermissionState {
    if let Some(path) = path {
      let path = resolve_from_cwd(path).unwrap();
      self
        .granted_list
        .retain(|path_| !path_.0.starts_with(&path));
    } else {
      self.granted_list.clear();
      if self.global_state == PermissionState::Granted {
        self.global_state = PermissionState::Prompt;
      }
    }
    self.query(path)
  }

  pub fn check(&mut self, path: &Path) -> Result<(), AnyError> {
    let (resolved_path, display_path) = resolved_and_display_path(path);
    let (result, prompted) = self.query(Some(&resolved_path)).check(
      self.name,
      Some(&format!("\"{}\"", display_path.display())),
      self.prompt,
    );
    if prompted {
      if result.is_ok() {
        self.granted_list.insert(ReadDescriptor(resolved_path));
      } else {
        self.denied_list.insert(ReadDescriptor(resolved_path));
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }

  /// As `check()`, but permission error messages will anonymize the path
  /// by replacing it with the given `display`.
  pub fn check_blind(
    &mut self,
    path: &Path,
    display: &str,
  ) -> Result<(), AnyError> {
    let resolved_path = resolve_from_cwd(path).unwrap();
    let (result, prompted) = self.query(Some(&resolved_path)).check(
      self.name,
      Some(&format!("<{}>", display)),
      self.prompt,
    );
    if prompted {
      if result.is_ok() {
        self.granted_list.insert(ReadDescriptor(resolved_path));
      } else {
        self.denied_list.insert(ReadDescriptor(resolved_path));
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }
}

impl UnaryPermission<WriteDescriptor> {
  pub fn query(&self, path: Option<&Path>) -> PermissionState {
    let path = path.map(|p| resolve_from_cwd(p).unwrap());
    if self.global_state == PermissionState::Denied
      && match path.as_ref() {
        None => true,
        Some(path) => self
          .denied_list
          .iter()
          .any(|path_| path_.0.starts_with(path)),
      }
    {
      PermissionState::Denied
    } else if self.global_state == PermissionState::Granted
      || match path.as_ref() {
        None => false,
        Some(path) => self
          .granted_list
          .iter()
          .any(|path_| path.starts_with(&path_.0)),
      }
    {
      PermissionState::Granted
    } else {
      PermissionState::Prompt
    }
  }

  pub fn request(&mut self, path: Option<&Path>) -> PermissionState {
    if let Some(path) = path {
      let (resolved_path, display_path) = resolved_and_display_path(path);
      let state = self.query(Some(&resolved_path));
      if state == PermissionState::Prompt {
        if permission_prompt(&format!(
          "write access to \"{}\"",
          display_path.display()
        )) {
          self
            .granted_list
            .retain(|path| !path.0.starts_with(&resolved_path));
          self.granted_list.insert(WriteDescriptor(resolved_path));
          PermissionState::Granted
        } else {
          self
            .denied_list
            .retain(|path| !resolved_path.starts_with(&path.0));
          self.denied_list.insert(WriteDescriptor(resolved_path));
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    } else {
      let state = self.query(None);
      if state == PermissionState::Prompt {
        if permission_prompt("write access") {
          self.granted_list.clear();
          self.global_state = PermissionState::Granted;
          PermissionState::Granted
        } else {
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    }
  }

  pub fn revoke(&mut self, path: Option<&Path>) -> PermissionState {
    if let Some(path) = path {
      let path = resolve_from_cwd(path).unwrap();
      self
        .granted_list
        .retain(|path_| !path_.0.starts_with(&path));
    } else {
      self.granted_list.clear();
      if self.global_state == PermissionState::Granted {
        self.global_state = PermissionState::Prompt;
      }
    }
    self.query(path)
  }

  pub fn check(&mut self, path: &Path) -> Result<(), AnyError> {
    let (resolved_path, display_path) = resolved_and_display_path(path);
    let (result, prompted) = self.query(Some(&resolved_path)).check(
      self.name,
      Some(&format!("\"{}\"", display_path.display())),
      self.prompt,
    );
    if prompted {
      if result.is_ok() {
        self.granted_list.insert(WriteDescriptor(resolved_path));
      } else {
        self.denied_list.insert(WriteDescriptor(resolved_path));
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }
}

impl UnaryPermission<NetDescriptor> {
  pub fn query<T: AsRef<str>>(
    &self,
    host: Option<&(T, Option<u16>)>,
  ) -> PermissionState {
    if self.global_state == PermissionState::Denied
      && match host.as_ref() {
        None => true,
        Some(host) => match host.1 {
          None => self
            .denied_list
            .iter()
            .any(|host_| host.0.as_ref() == host_.0),
          Some(_) => self.denied_list.contains(&NetDescriptor::new(host)),
        },
      }
    {
      PermissionState::Denied
    } else if self.global_state == PermissionState::Granted
      || match host.as_ref() {
        None => false,
        Some(host) => {
          self.granted_list.contains(&NetDescriptor::new(&&(
            host.0.as_ref().to_string(),
            None,
          )))
            || self.granted_list.contains(&NetDescriptor::new(host))
        }
      }
    {
      PermissionState::Granted
    } else {
      PermissionState::Prompt
    }
  }

  pub fn request<T: AsRef<str>>(
    &mut self,
    host: Option<&(T, Option<u16>)>,
  ) -> PermissionState {
    if let Some(host) = host {
      let state = self.query(Some(host));
      if state == PermissionState::Prompt {
        let host = NetDescriptor::new(&host);
        if permission_prompt(&format!("network access to \"{}\"", host)) {
          if host.1.is_none() {
            self.granted_list.retain(|h| h.0 != host.0);
          }
          self.granted_list.insert(host);
          PermissionState::Granted
        } else {
          if host.1.is_some() {
            self.denied_list.remove(&host);
          }
          self.denied_list.insert(host);
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    } else {
      let state = self.query::<&str>(None);
      if state == PermissionState::Prompt {
        if permission_prompt("network access") {
          self.granted_list.clear();
          self.global_state = PermissionState::Granted;
          PermissionState::Granted
        } else {
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    }
  }

  pub fn revoke<T: AsRef<str>>(
    &mut self,
    host: Option<&(T, Option<u16>)>,
  ) -> PermissionState {
    if let Some(host) = host {
      self.granted_list.remove(&NetDescriptor::new(&host));
      if host.1.is_none() {
        self.granted_list.retain(|h| h.0 != host.0.as_ref());
      }
    } else {
      self.granted_list.clear();
      if self.global_state == PermissionState::Granted {
        self.global_state = PermissionState::Prompt;
      }
    }
    self.query(host)
  }

  pub fn check<T: AsRef<str>>(
    &mut self,
    host: &(T, Option<u16>),
  ) -> Result<(), AnyError> {
    let new_host = NetDescriptor::new(&host);
    let (result, prompted) = self.query(Some(host)).check(
      self.name,
      Some(&format!("\"{}\"", new_host)),
      self.prompt,
    );
    if prompted {
      if result.is_ok() {
        self.granted_list.insert(new_host);
      } else {
        self.denied_list.insert(new_host);
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }

  pub fn check_url(&mut self, url: &url::Url) -> Result<(), AnyError> {
    let hostname = url
      .host_str()
      .ok_or_else(|| uri_error("Missing host"))?
      .to_string();
    let display_host = match url.port() {
      None => hostname.clone(),
      Some(port) => format!("{}:{}", hostname, port),
    };
    let host = &(&hostname, url.port_or_known_default());
    let (result, prompted) = self.query(Some(host)).check(
      self.name,
      Some(&format!("\"{}\"", display_host)),
      self.prompt,
    );
    if prompted {
      if result.is_ok() {
        self.granted_list.insert(NetDescriptor::new(&host));
      } else {
        self.denied_list.insert(NetDescriptor::new(&host));
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }
}

impl UnaryPermission<EnvDescriptor> {
  pub fn query(&self, env: Option<&str>) -> PermissionState {
    #[cfg(windows)]
    let env = env.map(|env| env.to_uppercase());
    #[cfg(windows)]
    let env = env.as_deref();
    if self.global_state == PermissionState::Denied
      && match env {
        None => true,
        Some(env) => self.denied_list.iter().any(|env_| env_.0 == env),
      }
    {
      PermissionState::Denied
    } else if self.global_state == PermissionState::Granted
      || match env {
        None => false,
        Some(env) => self.granted_list.iter().any(|env_| env_.0 == env),
      }
    {
      PermissionState::Granted
    } else {
      PermissionState::Prompt
    }
  }

  pub fn request(&mut self, env: Option<&str>) -> PermissionState {
    if let Some(env) = env {
      let env = if cfg!(windows) {
        env.to_uppercase()
      } else {
        env.to_string()
      };
      let state = self.query(Some(&env));
      if state == PermissionState::Prompt {
        if permission_prompt(&format!("env access to \"{}\"", env)) {
          self.granted_list.retain(|env_| env_.0 != env);
          self.granted_list.insert(EnvDescriptor(env));
          PermissionState::Granted
        } else {
          self.denied_list.retain(|env_| env_.0 != env);
          self.denied_list.insert(EnvDescriptor(env));
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    } else {
      let state = self.query(None);
      if state == PermissionState::Prompt {
        if permission_prompt("env access") {
          self.granted_list.clear();
          self.global_state = PermissionState::Granted;
          PermissionState::Granted
        } else {
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    }
  }

  pub fn revoke(&mut self, env: Option<&str>) -> PermissionState {
    if let Some(env) = env {
      #[cfg(windows)]
      let env = env.to_uppercase();
      self.granted_list.retain(|env_| env_.0 != env);
    } else {
      self.granted_list.clear();
      if self.global_state == PermissionState::Granted {
        self.global_state = PermissionState::Prompt;
      }
    }
    self.query(env)
  }

  pub fn check(&mut self, env: &str) -> Result<(), AnyError> {
    #[cfg(windows)]
    let env = &env.to_uppercase();
    let (result, prompted) = self.query(Some(env)).check(
      self.name,
      Some(&format!("\"{}\"", env)),
      self.prompt,
    );
    if prompted {
      if result.is_ok() {
        self.granted_list.insert(EnvDescriptor(env.to_string()));
      } else {
        self.denied_list.insert(EnvDescriptor(env.to_string()));
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }

  pub fn check_all(&mut self) -> Result<(), AnyError> {
    let (result, prompted) =
      self.query(None).check(self.name, Some("all"), self.prompt);
    if prompted {
      if result.is_ok() {
        self.global_state = PermissionState::Granted;
      } else {
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }
}

impl UnaryPermission<RunDescriptor> {
  pub fn query(&self, cmd: Option<&str>) -> PermissionState {
    if self.global_state == PermissionState::Denied
      && match cmd {
        None => true,
        Some(cmd) => self.denied_list.iter().any(|cmd_| cmd_.0 == cmd),
      }
    {
      PermissionState::Denied
    } else if self.global_state == PermissionState::Granted
      || match cmd {
        None => false,
        Some(cmd) => self.granted_list.iter().any(|cmd_| cmd_.0 == cmd),
      }
    {
      PermissionState::Granted
    } else {
      PermissionState::Prompt
    }
  }

  pub fn request(&mut self, cmd: Option<&str>) -> PermissionState {
    if let Some(cmd) = cmd {
      let state = self.query(Some(cmd));
      if state == PermissionState::Prompt {
        if permission_prompt(&format!("run access to \"{}\"", cmd)) {
          self.granted_list.retain(|cmd_| cmd_.0 != cmd);
          self.granted_list.insert(RunDescriptor(cmd.to_string()));
          PermissionState::Granted
        } else {
          self.denied_list.retain(|cmd_| cmd_.0 != cmd);
          self.denied_list.insert(RunDescriptor(cmd.to_string()));
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    } else {
      let state = self.query(None);
      if state == PermissionState::Prompt {
        if permission_prompt("run access") {
          self.granted_list.clear();
          self.global_state = PermissionState::Granted;
          PermissionState::Granted
        } else {
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    }
  }

  pub fn revoke(&mut self, cmd: Option<&str>) -> PermissionState {
    if let Some(cmd) = cmd {
      self.granted_list.retain(|cmd_| cmd_.0 != cmd);
    } else {
      self.granted_list.clear();
      if self.global_state == PermissionState::Granted {
        self.global_state = PermissionState::Prompt;
      }
    }
    self.query(cmd)
  }

  pub fn check(&mut self, cmd: &str) -> Result<(), AnyError> {
    let (result, prompted) = self.query(Some(cmd)).check(
      self.name,
      Some(&format!("\"{}\"", cmd)),
      self.prompt,
    );
    if prompted {
      if result.is_ok() {
        self.granted_list.insert(RunDescriptor(cmd.to_string()));
      } else {
        self.denied_list.insert(RunDescriptor(cmd.to_string()));
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }

  pub fn check_all(&mut self) -> Result<(), AnyError> {
    let (result, prompted) =
      self.query(None).check(self.name, Some("all"), self.prompt);
    if prompted {
      if result.is_ok() {
        self.global_state = PermissionState::Granted;
      } else {
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }
}

impl UnaryPermission<FfiDescriptor> {
  pub fn query(&self, lib: Option<&str>) -> PermissionState {
    if self.global_state == PermissionState::Denied
      && match lib {
        None => true,
        Some(lib) => self.denied_list.iter().any(|lib_| lib_.0 == lib),
      }
    {
      PermissionState::Denied
    } else if self.global_state == PermissionState::Granted
      || match lib {
        None => false,
        Some(lib) => self.granted_list.iter().any(|lib_| lib_.0 == lib),
      }
    {
      PermissionState::Granted
    } else {
      PermissionState::Prompt
    }
  }

  pub fn request(&mut self, lib: Option<&str>) -> PermissionState {
    if let Some(lib) = lib {
      let state = self.query(Some(lib));
      if state == PermissionState::Prompt {
        if permission_prompt(&format!("ffi access to \"{}\"", lib)) {
          self.granted_list.retain(|lib_| lib_.0 != lib);
          self.granted_list.insert(FfiDescriptor(lib.to_string()));
          PermissionState::Granted
        } else {
          self.denied_list.retain(|lib_| lib_.0 != lib);
          self.denied_list.insert(FfiDescriptor(lib.to_string()));
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    } else {
      let state = self.query(None);
      if state == PermissionState::Prompt {
        if permission_prompt("ffi access") {
          self.granted_list.clear();
          self.global_state = PermissionState::Granted;
          PermissionState::Granted
        } else {
          self.global_state = PermissionState::Denied;
          PermissionState::Denied
        }
      } else {
        state
      }
    }
  }

  pub fn revoke(&mut self, lib: Option<&str>) -> PermissionState {
    if let Some(lib) = lib {
      self.granted_list.retain(|lib_| lib_.0 != lib);
    } else {
      self.granted_list.clear();
      if self.global_state == PermissionState::Granted {
        self.global_state = PermissionState::Prompt;
      }
    }
    self.query(lib)
  }

  pub fn check(&mut self, lib: &str) -> Result<(), AnyError> {
    let (result, prompted) = self.query(Some(lib)).check(
      self.name,
      Some(&format!("\"{}\"", lib)),
      self.prompt,
    );
    if prompted {
      if result.is_ok() {
        self.granted_list.insert(FfiDescriptor(lib.to_string()));
      } else {
        self.denied_list.insert(FfiDescriptor(lib.to_string()));
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }

  pub fn check_all(&mut self) -> Result<(), AnyError> {
    let (result, prompted) =
      self.query(None).check(self.name, Some("all"), self.prompt);
    if prompted {
      if result.is_ok() {
        self.global_state = PermissionState::Granted;
      } else {
        self.global_state = PermissionState::Denied;
      }
    }
    result
  }
}

#[derive(Clone, Debug, Default, PartialEq)]
pub struct Permissions {
  pub read: UnaryPermission<ReadDescriptor>,
  pub write: UnaryPermission<WriteDescriptor>,
  pub net: UnaryPermission<NetDescriptor>,
  pub env: UnaryPermission<EnvDescriptor>,
  pub run: UnaryPermission<RunDescriptor>,
  pub ffi: UnaryPermission<FfiDescriptor>,
  pub hrtime: UnitPermission,
}

#[derive(Clone, Debug, PartialEq, Default, Serialize, Deserialize)]
pub struct PermissionsOptions {
  pub allow_env: Option<Vec<String>>,
  pub allow_hrtime: bool,
  pub allow_net: Option<Vec<String>>,
  pub allow_ffi: Option<Vec<String>>,
  pub allow_read: Option<Vec<PathBuf>>,
  pub allow_run: Option<Vec<String>>,
  pub allow_write: Option<Vec<PathBuf>>,
  pub prompt: bool,
}

impl Permissions {
  pub fn new_read(
    state: &Option<Vec<PathBuf>>,
    prompt: bool,
  ) -> UnaryPermission<ReadDescriptor> {
    UnaryPermission::<ReadDescriptor> {
      name: "read",
      description: "read the file system",
      global_state: global_state_from_option(state),
      granted_list: resolve_read_allowlist(state),
      denied_list: Default::default(),
      prompt,
    }
  }

  pub fn new_write(
    state: &Option<Vec<PathBuf>>,
    prompt: bool,
  ) -> UnaryPermission<WriteDescriptor> {
    UnaryPermission::<WriteDescriptor> {
      name: "write",
      description: "write to the file system",
      global_state: global_state_from_option(state),
      granted_list: resolve_write_allowlist(state),
      denied_list: Default::default(),
      prompt,
    }
  }

  pub fn new_net(
    state: &Option<Vec<String>>,
    prompt: bool,
  ) -> UnaryPermission<NetDescriptor> {
    UnaryPermission::<NetDescriptor> {
      name: "net",
      description: "network",
      global_state: global_state_from_option(state),
      granted_list: state
        .as_ref()
        .map(|v| {
          v.iter()
            .map(|x| NetDescriptor::from_string(x.clone()))
            .collect()
        })
        .unwrap_or_else(HashSet::new),
      denied_list: Default::default(),
      prompt,
    }
  }

  pub fn new_env(
    state: &Option<Vec<String>>,
    prompt: bool,
  ) -> UnaryPermission<EnvDescriptor> {
    UnaryPermission::<EnvDescriptor> {
      name: "env",
      description: "environment variables",
      global_state: global_state_from_option(state),
      granted_list: state
        .as_ref()
        .map(|v| {
          v.iter()
            .map(|x| {
              EnvDescriptor(if cfg!(windows) {
                x.to_uppercase()
              } else {
                x.clone()
              })
            })
            .collect()
        })
        .unwrap_or_else(HashSet::new),
      denied_list: Default::default(),
      prompt,
    }
  }

  pub fn new_run(
    state: &Option<Vec<String>>,
    prompt: bool,
  ) -> UnaryPermission<RunDescriptor> {
    UnaryPermission::<RunDescriptor> {
      name: "run",
      description: "run a subprocess",
      global_state: global_state_from_option(state),
      granted_list: state
        .as_ref()
        .map(|v| v.iter().map(|x| RunDescriptor(x.clone())).collect())
        .unwrap_or_else(HashSet::new),
      denied_list: Default::default(),
      prompt,
    }
  }

  pub fn new_ffi(
    state: &Option<Vec<String>>,
    prompt: bool,
  ) -> UnaryPermission<FfiDescriptor> {
    UnaryPermission::<FfiDescriptor> {
      name: "ffi",
      description: "load a dynamic library",
      global_state: global_state_from_option(state),
      granted_list: state
        .as_ref()
        .map(|v| v.iter().map(|x| FfiDescriptor(x.clone())).collect())
        .unwrap_or_else(HashSet::new),
      denied_list: Default::default(),
      prompt,
    }
  }

  pub fn new_hrtime(state: bool, prompt: bool) -> UnitPermission {
    unit_permission_from_flag_bool(
      state,
      "hrtime",
      "high precision time",
      prompt,
    )
  }

  pub fn from_options(opts: &PermissionsOptions) -> Self {
    Self {
      read: Permissions::new_read(&opts.allow_read, opts.prompt),
      write: Permissions::new_write(&opts.allow_write, opts.prompt),
      net: Permissions::new_net(&opts.allow_net, opts.prompt),
      env: Permissions::new_env(&opts.allow_env, opts.prompt),
      run: Permissions::new_run(&opts.allow_run, opts.prompt),
      ffi: Permissions::new_ffi(&opts.allow_ffi, opts.prompt),
      hrtime: Permissions::new_hrtime(opts.allow_hrtime, opts.prompt),
    }
  }

  pub fn allow_all() -> Self {
    Self {
      read: Permissions::new_read(&Some(vec![]), false),
      write: Permissions::new_write(&Some(vec![]), false),
      net: Permissions::new_net(&Some(vec![]), false),
      env: Permissions::new_env(&Some(vec![]), false),
      run: Permissions::new_run(&Some(vec![]), false),
      ffi: Permissions::new_ffi(&Some(vec![]), false),
      hrtime: Permissions::new_hrtime(true, false),
    }
  }

  /// A helper function that determines if the module specifier is a local or
  /// remote, and performs a read or net check for the specifier.
  pub fn check_specifier(
    &mut self,
    specifier: &ModuleSpecifier,
  ) -> Result<(), AnyError> {
    match specifier.scheme() {
      "file" => match specifier.to_file_path() {
        Ok(path) => self.read.check(&path),
        Err(_) => Err(uri_error(format!(
          "Invalid file path.\n  Specifier: {}",
          specifier
        ))),
      },
      "data" => Ok(()),
      "blob" => Ok(()),
      _ => self.net.check_url(specifier),
    }
  }
}

impl deno_net::NetPermissions for Permissions {
  fn check_net<T: AsRef<str>>(
    &mut self,
    host: &(T, Option<u16>),
  ) -> Result<(), AnyError> {
    self.net.check(host)
  }

  fn check_read(&mut self, path: &Path) -> Result<(), AnyError> {
    self.read.check(path)
  }

  fn check_write(&mut self, path: &Path) -> Result<(), AnyError> {
    self.write.check(path)
  }
}

impl deno_fetch::FetchPermissions for Permissions {
  fn check_net_url(&mut self, url: &url::Url) -> Result<(), AnyError> {
    self.net.check_url(url)
  }

  fn check_read(&mut self, path: &Path) -> Result<(), AnyError> {
    self.read.check(path)
  }
}

impl deno_timers::TimersPermission for Permissions {
  fn allow_hrtime(&mut self) -> bool {
    self.hrtime.check().is_ok()
  }

  fn check_unstable(&self, state: &OpState, api_name: &'static str) {
    crate::ops::check_unstable(state, api_name);
  }
}

impl deno_websocket::WebSocketPermissions for Permissions {
  fn check_net_url(&mut self, url: &url::Url) -> Result<(), AnyError> {
    self.net.check_url(url)
  }
}

impl deno_ffi::FfiPermissions for Permissions {
  fn check(&mut self, path: &str) -> Result<(), AnyError> {
    self.ffi.check(path)
  }
}

fn unit_permission_from_flag_bool(
  flag: bool,
  name: &'static str,
  description: &'static str,
  prompt: bool,
) -> UnitPermission {
  UnitPermission {
    name,
    description,
    state: if flag {
      PermissionState::Granted
    } else {
      PermissionState::Prompt
    },
    prompt,
  }
}

fn global_state_from_option<T>(flag: &Option<Vec<T>>) -> PermissionState {
  if matches!(flag, Some(v) if v.is_empty()) {
    PermissionState::Granted
  } else {
    PermissionState::Prompt
  }
}

pub fn resolve_read_allowlist(
  allow: &Option<Vec<PathBuf>>,
) -> HashSet<ReadDescriptor> {
  if let Some(v) = allow {
    v.iter()
      .map(|raw_path| {
        ReadDescriptor(resolve_from_cwd(Path::new(&raw_path)).unwrap())
      })
      .collect()
  } else {
    HashSet::new()
  }
}

pub fn resolve_write_allowlist(
  allow: &Option<Vec<PathBuf>>,
) -> HashSet<WriteDescriptor> {
  if let Some(v) = allow {
    v.iter()
      .map(|raw_path| {
        WriteDescriptor(resolve_from_cwd(Path::new(&raw_path)).unwrap())
      })
      .collect()
  } else {
    HashSet::new()
  }
}

/// Arbitrary helper. Resolves the path from CWD, and also gets a path that
/// can be displayed without leaking the CWD when not allowed.
fn resolved_and_display_path(path: &Path) -> (PathBuf, PathBuf) {
  let resolved_path = resolve_from_cwd(path).unwrap();
  let display_path = path.to_path_buf();
  (resolved_path, display_path)
}

/// Shows the permission prompt and returns the answer according to the user input.
/// This loops until the user gives the proper input.
#[cfg(not(test))]
fn permission_prompt(message: &str) -> bool {
  if !atty::is(atty::Stream::Stdin) || !atty::is(atty::Stream::Stderr) {
    return false;
  };
  let opts = "[y/n (y = yes allow, n = no deny)] ";
  let msg = format!(
    "{}  ️Deno requests {}. Allow? {}",
    PERMISSION_EMOJI, message, opts
  );
  // print to stderr so that if deno is > to a file this is still displayed.
  eprint!("{}", colors::bold(&msg));
  loop {
    let mut input = String::new();
    let stdin = io::stdin();
    let result = stdin.read_line(&mut input);
    if result.is_err() {
      return false;
    };
    let ch = match input.chars().next() {
      None => return false,
      Some(v) => v,
    };
    match ch.to_ascii_lowercase() {
      'y' => return true,
      'n' => return false,
      _ => {
        // If we don't get a recognized option try again.
        let msg_again = format!("Unrecognized option '{}' {}", ch, opts);
        eprint!("{}", colors::bold(&msg_again));
      }
    };
  }
}

// When testing, permission prompt returns the value of STUB_PROMPT_VALUE
// which we set from the test functions.
#[cfg(test)]
fn permission_prompt(_message: &str) -> bool {
  STUB_PROMPT_VALUE.load(Ordering::SeqCst)
}

#[cfg(test)]
lazy_static::lazy_static! {
  /// Lock this when you use `set_prompt_result` in a test case.
  static ref PERMISSION_PROMPT_GUARD: Mutex<()> = Mutex::new(());
}

#[cfg(test)]
static STUB_PROMPT_VALUE: AtomicBool = AtomicBool::new(true);

#[cfg(test)]
fn set_prompt_result(value: bool) {
  STUB_PROMPT_VALUE.store(value, Ordering::SeqCst);
}

#[cfg(test)]
mod tests {
  use super::*;
  use deno_core::resolve_url_or_path;

  // Creates vector of strings, Vec<String>
  macro_rules! svec {
      ($($x:expr),*) => (vec![$($x.to_string()),*]);
  }

  #[test]
  fn check_paths() {
    let allowlist = vec![
      PathBuf::from("/a/specific/dir/name"),
      PathBuf::from("/a/specific"),
      PathBuf::from("/b/c"),
    ];

    let mut perms = Permissions::from_options(&PermissionsOptions {
      allow_read: Some(allowlist.clone()),
      allow_write: Some(allowlist),
      ..Default::default()
    });

    // Inside of /a/specific and /a/specific/dir/name
    assert!(perms.read.check(Path::new("/a/specific/dir/name")).is_ok());
    assert!(perms.write.check(Path::new("/a/specific/dir/name")).is_ok());

    // Inside of /a/specific but outside of /a/specific/dir/name
    assert!(perms.read.check(Path::new("/a/specific/dir")).is_ok());
    assert!(perms.write.check(Path::new("/a/specific/dir")).is_ok());

    // Inside of /a/specific and /a/specific/dir/name
    assert!(perms
      .read
      .check(Path::new("/a/specific/dir/name/inner"))
      .is_ok());
    assert!(perms
      .write
      .check(Path::new("/a/specific/dir/name/inner"))
      .is_ok());

    // Inside of /a/specific but outside of /a/specific/dir/name
    assert!(perms.read.check(Path::new("/a/specific/other/dir")).is_ok());
    assert!(perms
      .write
      .check(Path::new("/a/specific/other/dir"))
      .is_ok());

    // Exact match with /b/c
    assert!(perms.read.check(Path::new("/b/c")).is_ok());
    assert!(perms.write.check(Path::new("/b/c")).is_ok());

    // Sub path within /b/c
    assert!(perms.read.check(Path::new("/b/c/sub/path")).is_ok());
    assert!(perms.write.check(Path::new("/b/c/sub/path")).is_ok());

    // Sub path within /b/c, needs normalizing
    assert!(perms
      .read
      .check(Path::new("/b/c/sub/path/../path/."))
      .is_ok());
    assert!(perms
      .write
      .check(Path::new("/b/c/sub/path/../path/."))
      .is_ok());

    // Inside of /b but outside of /b/c
    assert!(perms.read.check(Path::new("/b/e")).is_err());
    assert!(perms.write.check(Path::new("/b/e")).is_err());

    // Inside of /a but outside of /a/specific
    assert!(perms.read.check(Path::new("/a/b")).is_err());
    assert!(perms.write.check(Path::new("/a/b")).is_err());
  }

  #[test]
  fn test_check_net_with_values() {
    let mut perms = Permissions::from_options(&PermissionsOptions {
      allow_net: Some(svec![
        "localhost",
        "deno.land",
        "github.com:3000",
        "127.0.0.1",
        "172.16.0.2:8000",
        "www.github.com:443"
      ]),
      ..Default::default()
    });

    let domain_tests = vec![
      ("localhost", 1234, true),
      ("deno.land", 0, true),
      ("deno.land", 3000, true),
      ("deno.lands", 0, false),
      ("deno.lands", 3000, false),
      ("github.com", 3000, true),
      ("github.com", 0, false),
      ("github.com", 2000, false),
      ("github.net", 3000, false),
      ("127.0.0.1", 0, true),
      ("127.0.0.1", 3000, true),
      ("127.0.0.2", 0, false),
      ("127.0.0.2", 3000, false),
      ("172.16.0.2", 8000, true),
      ("172.16.0.2", 0, false),
      ("172.16.0.2", 6000, false),
      ("172.16.0.1", 8000, false),
      // Just some random hosts that should err
      ("somedomain", 0, false),
      ("192.168.0.1", 0, false),
    ];

    for (host, port, is_ok) in domain_tests {
      assert_eq!(is_ok, perms.net.check(&(host, Some(port))).is_ok());
    }
  }

  #[test]
  fn test_check_net_only_flag() {
    let mut perms = Permissions::from_options(&PermissionsOptions {
      allow_net: Some(svec![]), // this means `--allow-net` is present without values following `=` sign
      ..Default::default()
    });

    let domain_tests = vec![
      ("localhost", 1234),
      ("deno.land", 0),
      ("deno.land", 3000),
      ("deno.lands", 0),
      ("deno.lands", 3000),
      ("github.com", 3000),
      ("github.com", 0),
      ("github.com", 2000),
      ("github.net", 3000),
      ("127.0.0.1", 0),
      ("127.0.0.1", 3000),
      ("127.0.0.2", 0),
      ("127.0.0.2", 3000),
      ("172.16.0.2", 8000),
      ("172.16.0.2", 0),
      ("172.16.0.2", 6000),
      ("172.16.0.1", 8000),
      ("somedomain", 0),
      ("192.168.0.1", 0),
    ];

    for (host, port) in domain_tests {
      assert!(perms.net.check(&(host, Some(port))).is_ok());
    }
  }

  #[test]
  fn test_check_net_no_flag() {
    let mut perms = Permissions::from_options(&PermissionsOptions {
      allow_net: None,
      ..Default::default()
    });

    let domain_tests = vec![
      ("localhost", 1234),
      ("deno.land", 0),
      ("deno.land", 3000),
      ("deno.lands", 0),
      ("deno.lands", 3000),
      ("github.com", 3000),
      ("github.com", 0),
      ("github.com", 2000),
      ("github.net", 3000),
      ("127.0.0.1", 0),
      ("127.0.0.1", 3000),
      ("127.0.0.2", 0),
      ("127.0.0.2", 3000),
      ("172.16.0.2", 8000),
      ("172.16.0.2", 0),
      ("172.16.0.2", 6000),
      ("172.16.0.1", 8000),
      ("somedomain", 0),
      ("192.168.0.1", 0),
    ];

    for (host, port) in domain_tests {
      assert!(!perms.net.check(&(host, Some(port))).is_ok());
    }
  }

  #[test]
  fn test_check_net_url() {
    let mut perms = Permissions::from_options(&PermissionsOptions {
      allow_net: Some(svec![
        "localhost",
        "deno.land",
        "github.com:3000",
        "127.0.0.1",
        "172.16.0.2:8000",
        "www.github.com:443"
      ]),
      ..Default::default()
    });

    let url_tests = vec![
      // Any protocol + port for localhost should be ok, since we don't specify
      ("http://localhost", true),
      ("https://localhost", true),
      ("https://localhost:4443", true),
      ("tcp://localhost:5000", true),
      ("udp://localhost:6000", true),
      // Correct domain + any port and protocol should be ok incorrect shouldn't
      ("https://deno.land/std/example/welcome.ts", true),
      ("https://deno.land:3000/std/example/welcome.ts", true),
      ("https://deno.lands/std/example/welcome.ts", false),
      ("https://deno.lands:3000/std/example/welcome.ts", false),
      // Correct domain + port should be ok all other combinations should err
      ("https://github.com:3000/denoland/deno", true),
      ("https://github.com/denoland/deno", false),
      ("https://github.com:2000/denoland/deno", false),
      ("https://github.net:3000/denoland/deno", false),
      // Correct ipv4 address + any port should be ok others should err
      ("tcp://127.0.0.1", true),
      ("https://127.0.0.1", true),
      ("tcp://127.0.0.1:3000", true),
      ("https://127.0.0.1:3000", true),
      ("tcp://127.0.0.2", false),
      ("https://127.0.0.2", false),
      ("tcp://127.0.0.2:3000", false),
      ("https://127.0.0.2:3000", false),
      // Correct address + port should be ok all other combinations should err
      ("tcp://172.16.0.2:8000", true),
      ("https://172.16.0.2:8000", true),
      ("tcp://172.16.0.2", false),
      ("https://172.16.0.2", false),
      ("tcp://172.16.0.2:6000", false),
      ("https://172.16.0.2:6000", false),
      ("tcp://172.16.0.1:8000", false),
      ("https://172.16.0.1:8000", false),
      // Testing issue #6531 (Network permissions check doesn't account for well-known default ports) so we dont regress
      ("https://www.github.com:443/robots.txt", true),
    ];

    for (url_str, is_ok) in url_tests {
      let u = url::Url::parse(url_str).unwrap();
      assert_eq!(is_ok, perms.net.check_url(&u).is_ok());
    }
  }

  #[test]
  fn check_specifiers() {
    let read_allowlist = if cfg!(target_os = "windows") {
      vec![PathBuf::from("C:\\a")]
    } else {
      vec![PathBuf::from("/a")]
    };
    let mut perms = Permissions::from_options(&PermissionsOptions {
      allow_read: Some(read_allowlist),
      allow_net: Some(svec!["localhost"]),
      ..Default::default()
    });

    let mut fixtures = vec![
      (
        resolve_url_or_path("http://localhost:4545/mod.ts").unwrap(),
        true,
      ),
      (
        resolve_url_or_path("http://deno.land/x/mod.ts").unwrap(),
        false,
      ),
      (
        resolve_url_or_path("data:text/plain,Hello%2C%20Deno!").unwrap(),
        true,
      ),
    ];

    if cfg!(target_os = "windows") {
      fixtures
        .push((resolve_url_or_path("file:///C:/a/mod.ts").unwrap(), true));
      fixtures
        .push((resolve_url_or_path("file:///C:/b/mod.ts").unwrap(), false));
    } else {
      fixtures.push((resolve_url_or_path("file:///a/mod.ts").unwrap(), true));
      fixtures.push((resolve_url_or_path("file:///b/mod.ts").unwrap(), false));
    }

    for (specifier, expected) in fixtures {
      assert_eq!(perms.check_specifier(&specifier).is_ok(), expected);
    }
  }

  #[test]
  fn check_invalid_specifiers() {
    let mut perms = Permissions::allow_all();

    let mut test_cases = vec![];

    if cfg!(target_os = "windows") {
      test_cases.push("file://");
      test_cases.push("file:///");
    } else {
      test_cases.push("file://remotehost/");
    }

    for url in test_cases {
      assert!(perms
        .check_specifier(&resolve_url_or_path(url).unwrap())
        .is_err());
    }
  }

  #[test]
  fn test_query() {
    let perms1 = Permissions::allow_all();
    let perms2 = Permissions {
      read: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_read(&Some(vec![PathBuf::from("/foo")]), false)
      },
      write: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_write(&Some(vec![PathBuf::from("/foo")]), false)
      },
      net: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_net(&Some(svec!["127.0.0.1:8000"]), false)
      },
      env: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_env(&Some(svec!["HOME"]), false)
      },
      run: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_run(&Some(svec!["deno"]), false)
      },
      ffi: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_ffi(&Some(svec!["deno"]), false)
      },
      hrtime: UnitPermission {
        state: PermissionState::Prompt,
        ..Default::default()
      },
    };
    #[rustfmt::skip]
    {
      assert_eq!(perms1.read.query(None), PermissionState::Granted);
      assert_eq!(perms1.read.query(Some(Path::new("/foo"))), PermissionState::Granted);
      assert_eq!(perms2.read.query(None), PermissionState::Prompt);
      assert_eq!(perms2.read.query(Some(Path::new("/foo"))), PermissionState::Granted);
      assert_eq!(perms2.read.query(Some(Path::new("/foo/bar"))), PermissionState::Granted);
      assert_eq!(perms1.write.query(None), PermissionState::Granted);
      assert_eq!(perms1.write.query(Some(Path::new("/foo"))), PermissionState::Granted);
      assert_eq!(perms2.write.query(None), PermissionState::Prompt);
      assert_eq!(perms2.write.query(Some(Path::new("/foo"))), PermissionState::Granted);
      assert_eq!(perms2.write.query(Some(Path::new("/foo/bar"))), PermissionState::Granted);
      assert_eq!(perms1.net.query::<&str>(None), PermissionState::Granted);
      assert_eq!(perms1.net.query(Some(&("127.0.0.1", None))), PermissionState::Granted);
      assert_eq!(perms2.net.query::<&str>(None), PermissionState::Prompt);
      assert_eq!(perms2.net.query(Some(&("127.0.0.1", Some(8000)))), PermissionState::Granted);
      assert_eq!(perms1.env.query(None), PermissionState::Granted);
      assert_eq!(perms1.env.query(Some(&"HOME".to_string())), PermissionState::Granted);
      assert_eq!(perms2.env.query(None), PermissionState::Prompt);
      assert_eq!(perms2.env.query(Some(&"HOME".to_string())), PermissionState::Granted);
      assert_eq!(perms1.run.query(None), PermissionState::Granted);
      assert_eq!(perms1.run.query(Some(&"deno".to_string())), PermissionState::Granted);
      assert_eq!(perms2.run.query(None), PermissionState::Prompt);
      assert_eq!(perms2.run.query(Some(&"deno".to_string())), PermissionState::Granted);
      assert_eq!(perms1.ffi.query(None), PermissionState::Granted);
      assert_eq!(perms1.ffi.query(Some(&"deno".to_string())), PermissionState::Granted);
      assert_eq!(perms2.ffi.query(None), PermissionState::Prompt);
      assert_eq!(perms2.ffi.query(Some(&"deno".to_string())), PermissionState::Granted);
      assert_eq!(perms1.hrtime.query(), PermissionState::Granted);
      assert_eq!(perms2.hrtime.query(), PermissionState::Prompt);
    };
  }

  #[test]
  fn test_request() {
    let mut perms: Permissions = Default::default();
    #[rustfmt::skip]
    {
      let _guard = PERMISSION_PROMPT_GUARD.lock();
      set_prompt_result(true);
      assert_eq!(perms.read.request(Some(Path::new("/foo"))), PermissionState::Granted);
      assert_eq!(perms.read.query(None), PermissionState::Prompt);
      set_prompt_result(false);
      assert_eq!(perms.read.request(Some(Path::new("/foo/bar"))), PermissionState::Granted);
      set_prompt_result(false);
      assert_eq!(perms.write.request(Some(Path::new("/foo"))), PermissionState::Denied);
      assert_eq!(perms.write.query(Some(Path::new("/foo/bar"))), PermissionState::Prompt);
      set_prompt_result(true);
      assert_eq!(perms.write.request(None), PermissionState::Denied);
      set_prompt_result(true);
      assert_eq!(perms.net.request(Some(&("127.0.0.1", None))), PermissionState::Granted);
      set_prompt_result(false);
      assert_eq!(perms.net.request(Some(&("127.0.0.1", Some(8000)))), PermissionState::Granted);
      set_prompt_result(true);
      assert_eq!(perms.env.request(Some(&"HOME".to_string())), PermissionState::Granted);
      assert_eq!(perms.env.query(None), PermissionState::Prompt);
      set_prompt_result(false);
      assert_eq!(perms.env.request(Some(&"HOME".to_string())), PermissionState::Granted);
      set_prompt_result(true);
      assert_eq!(perms.run.request(Some(&"deno".to_string())), PermissionState::Granted);
      assert_eq!(perms.run.query(None), PermissionState::Prompt);
      set_prompt_result(false);
      assert_eq!(perms.run.request(Some(&"deno".to_string())), PermissionState::Granted);
      set_prompt_result(true);
      assert_eq!(perms.ffi.request(Some(&"deno".to_string())), PermissionState::Granted);
      assert_eq!(perms.ffi.query(None), PermissionState::Prompt);
      set_prompt_result(false);
      assert_eq!(perms.ffi.request(Some(&"deno".to_string())), PermissionState::Granted);
      set_prompt_result(false);
      assert_eq!(perms.hrtime.request(), PermissionState::Denied);
      set_prompt_result(true);
      assert_eq!(perms.hrtime.request(), PermissionState::Denied);
    };
  }

  #[test]
  fn test_revoke() {
    let mut perms = Permissions {
      read: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_read(&Some(vec![PathBuf::from("/foo")]), false)
      },
      write: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_write(&Some(vec![PathBuf::from("/foo")]), false)
      },
      net: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_net(&Some(svec!["127.0.0.1"]), false)
      },
      env: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_env(&Some(svec!["HOME"]), false)
      },
      run: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_run(&Some(svec!["deno"]), false)
      },
      ffi: UnaryPermission {
        global_state: PermissionState::Prompt,
        ..Permissions::new_ffi(&Some(svec!["deno"]), false)
      },
      hrtime: UnitPermission {
        state: PermissionState::Denied,
        ..Default::default()
      },
    };
    #[rustfmt::skip]
    {
      assert_eq!(perms.read.revoke(Some(Path::new("/foo/bar"))), PermissionState::Granted);
      assert_eq!(perms.read.revoke(Some(Path::new("/foo"))), PermissionState::Prompt);
      assert_eq!(perms.read.query(Some(Path::new("/foo/bar"))), PermissionState::Prompt);
      assert_eq!(perms.write.revoke(Some(Path::new("/foo/bar"))), PermissionState::Granted);
      assert_eq!(perms.write.revoke(None), PermissionState::Prompt);
      assert_eq!(perms.write.query(Some(Path::new("/foo/bar"))), PermissionState::Prompt);
      assert_eq!(perms.net.revoke(Some(&("127.0.0.1", Some(8000)))), PermissionState::Granted);
      assert_eq!(perms.net.revoke(Some(&("127.0.0.1", None))), PermissionState::Prompt);
      assert_eq!(perms.env.revoke(Some(&"HOME".to_string())), PermissionState::Prompt);
      assert_eq!(perms.run.revoke(Some(&"deno".to_string())), PermissionState::Prompt);
      assert_eq!(perms.ffi.revoke(Some(&"deno".to_string())), PermissionState::Prompt);
      assert_eq!(perms.hrtime.revoke(), PermissionState::Denied);
    };
  }

  #[test]
  fn test_check() {
    let mut perms = Permissions {
      read: Permissions::new_read(&None, true),
      write: Permissions::new_write(&None, true),
      net: Permissions::new_net(&None, true),
      env: Permissions::new_env(&None, true),
      run: Permissions::new_run(&None, true),
      ffi: Permissions::new_ffi(&None, true),
      hrtime: Permissions::new_hrtime(false, true),
    };

    let _guard = PERMISSION_PROMPT_GUARD.lock();

    set_prompt_result(true);
    assert!(perms.read.check(Path::new("/foo")).is_ok());
    set_prompt_result(false);
    assert!(perms.read.check(Path::new("/foo")).is_ok());
    assert!(perms.read.check(Path::new("/bar")).is_err());

    set_prompt_result(true);
    assert!(perms.write.check(Path::new("/foo")).is_ok());
    set_prompt_result(false);
    assert!(perms.write.check(Path::new("/foo")).is_ok());
    assert!(perms.write.check(Path::new("/bar")).is_err());

    set_prompt_result(true);
    assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_ok());
    set_prompt_result(false);
    assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_ok());
    assert!(perms.net.check(&("127.0.0.1", Some(8001))).is_err());
    assert!(perms.net.check(&("127.0.0.1", None)).is_err());
    assert!(perms.net.check(&("deno.land", Some(8000))).is_err());
    assert!(perms.net.check(&("deno.land", None)).is_err());

    set_prompt_result(true);
    assert!(perms.run.check("cat").is_ok());
    set_prompt_result(false);
    assert!(perms.run.check("cat").is_ok());
    assert!(perms.run.check("ls").is_err());

    set_prompt_result(true);
    assert!(perms.env.check("HOME").is_ok());
    set_prompt_result(false);
    assert!(perms.env.check("HOME").is_ok());
    assert!(perms.env.check("PATH").is_err());

    set_prompt_result(true);
    assert!(perms.hrtime.check().is_ok());
    set_prompt_result(false);
    assert!(perms.hrtime.check().is_ok());
  }

  #[test]
  fn test_check_fail() {
    let mut perms = Permissions {
      read: Permissions::new_read(&None, true),
      write: Permissions::new_write(&None, true),
      net: Permissions::new_net(&None, true),
      env: Permissions::new_env(&None, true),
      run: Permissions::new_run(&None, true),
      ffi: Permissions::new_ffi(&None, true),
      hrtime: Permissions::new_hrtime(false, true),
    };

    let _guard = PERMISSION_PROMPT_GUARD.lock();

    set_prompt_result(false);
    assert!(perms.read.check(Path::new("/foo")).is_err());
    set_prompt_result(true);
    assert!(perms.read.check(Path::new("/foo")).is_err());
    assert!(perms.read.check(Path::new("/bar")).is_ok());
    set_prompt_result(false);
    assert!(perms.read.check(Path::new("/bar")).is_ok());

    set_prompt_result(false);
    assert!(perms.write.check(Path::new("/foo")).is_err());
    set_prompt_result(true);
    assert!(perms.write.check(Path::new("/foo")).is_err());
    assert!(perms.write.check(Path::new("/bar")).is_ok());
    set_prompt_result(false);
    assert!(perms.write.check(Path::new("/bar")).is_ok());

    set_prompt_result(false);
    assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_err());
    set_prompt_result(true);
    assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_err());
    assert!(perms.net.check(&("127.0.0.1", Some(8001))).is_ok());
    assert!(perms.net.check(&("deno.land", Some(8000))).is_ok());
    set_prompt_result(false);
    assert!(perms.net.check(&("127.0.0.1", Some(8001))).is_ok());
    assert!(perms.net.check(&("deno.land", Some(8000))).is_ok());

    set_prompt_result(false);
    assert!(perms.run.check("cat").is_err());
    set_prompt_result(true);
    assert!(perms.run.check("cat").is_err());
    assert!(perms.run.check("ls").is_ok());
    set_prompt_result(false);
    assert!(perms.run.check("ls").is_ok());

    set_prompt_result(false);
    assert!(perms.env.check("HOME").is_err());
    set_prompt_result(true);
    assert!(perms.env.check("HOME").is_err());
    assert!(perms.env.check("PATH").is_ok());
    set_prompt_result(false);
    assert!(perms.env.check("PATH").is_ok());

    set_prompt_result(false);
    assert!(perms.hrtime.check().is_err());
    set_prompt_result(true);
    assert!(perms.hrtime.check().is_err());
  }

  #[test]
  #[cfg(windows)]
  fn test_env_windows() {
    let mut perms = Permissions::allow_all();
    perms.env = UnaryPermission {
      global_state: PermissionState::Prompt,
      ..Permissions::new_env(&Some(svec!["HOME"]), false)
    };

    set_prompt_result(true);
    assert!(perms.env.check("HOME").is_ok());
    set_prompt_result(false);
    assert!(perms.env.check("HOME").is_ok());
    assert!(perms.env.check("hOmE").is_ok());

    assert_eq!(
      perms.env.revoke(Some(&"HomE".to_string())),
      PermissionState::Prompt
    );
  }
}
-												update copyright to 2021 (#9081)


											
										
										
											2021-01-10 21:59:07 -05:00
+								// Copyright 2018-2021 the Deno authors. All rights reserved. MIT license.
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
-												Remove ansi_term dependency (#4116)


											
										
										
											2020-02-24 19:30:17 -05:00
+								use crate::colors;
-												refactor(cli): rename fs module to fs_util (#8380)

This commit renames "fs" module in "cli/" to "fs_util". This is purely
cosmetic change; there were a few places which aliased "crate::fs"
to "deno_fs" which was very confusing with "fs" module in ops.
											
										
										
											2020-11-16 14:48:50 -05:00
+								use crate::fs_util::resolve_from_cwd;
-												refactor: use the 'anyhow' crate instead of 'ErrBox' (#7476)

											
										
										
											2020-09-14 12:48:57 -04:00
+								use deno_core::error::custom_error;
 								use deno_core::error::uri_error;
 								use deno_core::error::AnyError;
-												chore: use parking_lot for synchronization primitives to align with tokio (#11289)

parking_lot is already transitively used in tokio via the "full" cargo feature
											
										
										
											2021-07-06 23:48:01 -04:00
+								#[cfg(test)]
 								use deno_core::parking_lot::Mutex;
-												chore(cli/runtime): use re-export serde from deno_core (#9599)


											
										
										
											2021-02-25 15:18:35 -05:00
+								use deno_core::serde::Deserialize;
 								use deno_core::serde::Serialize;
-												Re-export deno_core::url (#7525)

Also re-exports deno_core::futures and deno_core::serde_json but these are not yet used in the CLI.
											
										
										
											2020-09-16 14:28:07 -04:00
+								use deno_core::url;
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								use deno_core::ModuleSpecifier;
-												refactor: move timers to deno_timers op crate (#10179)

Move timers out of runtime/ and into a standalone op crate.
											
										
										
											2021-04-14 15:10:48 -04:00
+								use deno_core::OpState;
-												remove macro_use (#9884)


											
										
										
											2021-03-26 12:34:25 -04:00
+								use log::debug;
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
+								use std::collections::HashSet;
-												More permissions prompt options (#1926)


											
										
										
											2019-03-18 16:46:23 -04:00
+								use std::fmt;
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								use std::hash::Hash;
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								#[cfg(not(test))]
 								use std::io;
-												refactor: Improve path handling in permission checks (#3714)


											
										
										
											2020-01-20 09:45:44 -05:00
+								use std::path::{Path, PathBuf};
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								#[cfg(test)]
 								use std::sync::atomic::AtomicBool;
-												refactor: Elevate DenoPermissions lock to top level (#3398)


											
										
										
											2019-11-24 10:42:30 -05:00
+								#[cfg(test)]
 								use std::sync::atomic::Ordering;
-												More permissions prompt options (#1926)


											
										
										
											2019-03-18 16:46:23 -04:00
-												feat: log permission access (#2518)

Replaces -D/--log-debug flag with --log-level=debug

--log-level=info displays permission access
											
										
										
											2019-06-22 12:02:51 -04:00
+								const PERMISSION_EMOJI: &str = "⚠️";
-												More permissions prompt options (#1926)


											
										
										
											2019-03-18 16:46:23 -04:00
+								/// Tri-state value for storing permission state
-												refactor(runtime/ops/worker_host): simplify worker perms handling (#9835)


											
										
										
											2021-03-19 13:27:41 -04:00
+								#[derive(PartialEq, Debug, Clone, Copy, Deserialize, PartialOrd)]
-												refactor: Elevate DenoPermissions lock to top level (#3398)


											
										
										
											2019-11-24 10:42:30 -05:00
+								pub enum PermissionState {
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  Granted = 0,
 								  Prompt = 1,
 								  Denied = 2,
-												More permissions prompt options (#1926)


											
										
										
											2019-03-18 16:46:23 -04:00
+								}
-												refactor: Elevate DenoPermissions lock to top level (#3398)


											
										
										
											2019-11-24 10:42:30 -05:00
+								impl PermissionState {
-												perf(runtime): optimize PermissionState::check (#9993)


											
										
										
											2021-04-12 07:24:41 -04:00
+								  #[inline(always)]
 								  fn log_perm_access(name: &str, info: Option<&str>) {
 								    debug!(
 								      "{}",
 								      colors::bold(&format!(
 								        "{}️  Granted {}",
 								        PERMISSION_EMOJI,
 								        Self::fmt_access(name, info)
 								      ))
 								    );
 								  }
 								  fn fmt_access(name: &str, info: Option<&str>) -> String {
 								    format!(
 								      "{} access{}",
 								      name,
 								      info.map_or(String::new(), |info| { format!(" to {}", info) }),
 								    )
 								  }
 								  fn error(name: &str, info: Option<&str>) -> AnyError {
 								    custom_error(
 								      "PermissionDenied",
 								      format!(
 								        "Requires {}, run again with the --allow-{} flag",
 								        Self::fmt_access(name, info),
 								        name
 								      ),
 								    )
 								  }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  /// Check the permission state. bool is whether a prompt was issued.
 								  fn check(
 								    self,
 								    name: &str,
 								    info: Option<&str>,
 								    prompt: bool,
 								  ) -> (Result<(), AnyError>, bool) {
-												perf(runtime): optimize PermissionState::check (#9993)


											
										
										
											2021-04-12 07:24:41 -04:00
+								    match self {
 								      PermissionState::Granted => {
 								        Self::log_perm_access(name, info);
 								        (Ok(()), false)
 								      }
 								      PermissionState::Prompt if prompt => {
 								        let msg = Self::fmt_access(name, info);
 								        if permission_prompt(&msg) {
 								          Self::log_perm_access(name, info);
 								          (Ok(()), true)
 								        } else {
 								          (Err(Self::error(name, info)), true)
 								        }
 								      }
 								      _ => (Err(Self::error(name, info)), false),
 								    }
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								  }
 								}
-												refactor: Elevate DenoPermissions lock to top level (#3398)


											
										
										
											2019-11-24 10:42:30 -05:00
+								impl fmt::Display for PermissionState {
-												More permissions prompt options (#1926)


											
										
										
											2019-03-18 16:46:23 -04:00
+								  fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
 								    match self {
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      PermissionState::Granted => f.pad("granted"),
 								      PermissionState::Prompt => f.pad("prompt"),
 								      PermissionState::Denied => f.pad("denied"),
-												More permissions prompt options (#1926)


											
										
										
											2019-03-18 16:46:23 -04:00
+								    }
 								  }
 								}
-												refactor: Elevate DenoPermissions lock to top level (#3398)


											
										
										
											2019-11-24 10:42:30 -05:00
+								impl Default for PermissionState {
-												More permissions prompt options (#1926)


											
										
										
											2019-03-18 16:46:23 -04:00
+								  fn default() -> Self {
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    PermissionState::Prompt
-												More permissions prompt options (#1926)


											
										
										
											2019-03-18 16:46:23 -04:00
+								  }
 								}
-												Ergonomics: Prompt TTY for permission escalation  (#1081)


											
										
										
											2018-10-27 09:11:39 -04:00
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								#[derive(Clone, Debug, Default, PartialEq)]
 								pub struct UnitPermission {
 								  pub name: &'static str,
 								  pub description: &'static str,
 								  pub state: PermissionState,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  pub prompt: bool,
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								}
 								impl UnitPermission {
 								  pub fn query(&self) -> PermissionState {
 								    self.state
 								  }
 								  pub fn request(&mut self) -> PermissionState {
 								    if self.state == PermissionState::Prompt {
 								      if permission_prompt(&format!("access to {}", self.description)) {
 								        self.state = PermissionState::Granted;
 								      } else {
 								        self.state = PermissionState::Denied;
 								      }
 								    }
 								    self.state
 								  }
 								  pub fn revoke(&mut self) -> PermissionState {
 								    if self.state == PermissionState::Granted {
 								      self.state = PermissionState::Prompt;
 								    }
 								    self.state
 								  }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  pub fn check(&mut self) -> Result<(), AnyError> {
 								    let (result, prompted) = self.state.check(self.name, None, self.prompt);
 								    if prompted {
 								      if result.is_ok() {
 								        self.state = PermissionState::Granted;
 								      } else {
 								        self.state = PermissionState::Denied;
 								      }
 								    }
 								    result
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								  }
 								}
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								#[derive(Clone, Debug, Default, Deserialize, PartialEq)]
 								pub struct UnaryPermission<T: Eq + Hash> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  #[serde(skip)]
 								  pub name: &'static str,
 								  #[serde(skip)]
 								  pub description: &'static str,
-												refactor(cli/permissions): Cleanup Flags to Permissions conversion (#8213)


											
										
										
											2020-10-31 18:44:42 -04:00
+								  pub global_state: PermissionState,
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  pub granted_list: HashSet<T>,
 								  pub denied_list: HashSet<T>,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  #[serde(skip)]
 								  pub prompt: bool,
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								}
-												feat(cli): deserialize Permissions from JSON (#5779)


											
										
										
											2020-05-29 07:00:47 -04:00
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								pub struct ReadDescriptor(pub PathBuf);
 								#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
 								pub struct WriteDescriptor(pub PathBuf);
 								#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
 								pub struct NetDescriptor(pub String, pub Option<u16>);
 								impl NetDescriptor {
 								  fn new<T: AsRef<str>>(host: &&(T, Option<u16>)) -> Self {
 								    NetDescriptor(host.0.as_ref().to_string(), host.1)
 								  }
 								  pub fn from_string(host: String) -> Self {
 								    let url = url::Url::parse(&format!("http://{}", host)).unwrap();
 								    let hostname = url.host_str().unwrap().to_string();
 								    NetDescriptor(hostname, url.port())
 								  }
 								}
 								impl fmt::Display for NetDescriptor {
 								  fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
 								    f.write_str(&match self.1 {
 								      None => self.0.clone(),
 								      Some(port) => format!("{}:{}", self.0, port),
 								    })
 								  }
 								}
-												Ergonomics: Prompt TTY for permission escalation  (#1081)


											
										
										
											2018-10-27 09:11:39 -04:00
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
 								pub struct EnvDescriptor(pub String);
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
 								pub struct RunDescriptor(pub String);
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)]
 								pub struct FfiDescriptor(pub String);
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								impl UnaryPermission<ReadDescriptor> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn query(&self, path: Option<&Path>) -> PermissionState {
 								    let path = path.map(|p| resolve_from_cwd(p).unwrap());
 								    if self.global_state == PermissionState::Denied
 								      && match path.as_ref() {
 								        None => true,
 								        Some(path) => self
 								          .denied_list
 								          .iter()
 								          .any(|path_| path_.0.starts_with(path)),
 								      }
 								    {
 								      PermissionState::Denied
 								    } else if self.global_state == PermissionState::Granted
 								      || match path.as_ref() {
 								        None => false,
 								        Some(path) => self
 								          .granted_list
 								          .iter()
 								          .any(|path_| path.starts_with(&path_.0)),
 								      }
 								    {
 								      PermissionState::Granted
 								    } else {
 								      PermissionState::Prompt
 								    }
-												refactor(cli/flags): change allow_read/write/net types from bool to Option<Vec<T>> (#8896)

This PR refactors "cli/flags.rs" and "runtime/permissions.rs" so 
that "allow_read", "allow_write" and "allow_net" themselves
have allowlists, instead of storing them in additional fields.
											
										
										
											2020-12-29 13:34:35 -05:00
+								  }
-												fix(cli/permissions): Fix CWD and exec path leaks (#5642)


											
										
										
											2020-05-29 11:27:43 -04:00
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn request(&mut self, path: Option<&Path>) -> PermissionState {
 								    if let Some(path) = path {
 								      let (resolved_path, display_path) = resolved_and_display_path(path);
 								      let state = self.query(Some(&resolved_path));
 								      if state == PermissionState::Prompt {
 								        if permission_prompt(&format!(
 								          "read access to \"{}\"",
 								          display_path.display()
 								        )) {
 								          self
 								            .granted_list
 								            .retain(|path| !path.0.starts_with(&resolved_path));
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								          self.granted_list.insert(ReadDescriptor(resolved_path));
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								          PermissionState::Granted
 								        } else {
 								          self
 								            .denied_list
 								            .retain(|path| !resolved_path.starts_with(&path.0));
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								          self.denied_list.insert(ReadDescriptor(resolved_path));
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
 								        }
-												refactor(cli/permissions): Cleanup Flags to Permissions conversion (#8213)


											
										
										
											2020-10-31 18:44:42 -04:00
+								      } else {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        state
-												refactor(cli/permissions): Cleanup Flags to Permissions conversion (#8213)


											
										
										
											2020-10-31 18:44:42 -04:00
+								      }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    } else {
 								      let state = self.query(None);
 								      if state == PermissionState::Prompt {
 								        if permission_prompt("read access") {
 								          self.granted_list.clear();
 								          self.global_state = PermissionState::Granted;
 								          PermissionState::Granted
 								        } else {
 								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
 								        }
-												refactor(cli/flags): change allow_read/write/net types from bool to Option<Vec<T>> (#8896)

This PR refactors "cli/flags.rs" and "runtime/permissions.rs" so 
that "allow_read", "allow_write" and "allow_net" themselves
have allowlists, instead of storing them in additional fields.
											
										
										
											2020-12-29 13:34:35 -05:00
+								      } else {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        state
-												refactor(cli/flags): change allow_read/write/net types from bool to Option<Vec<T>> (#8896)

This PR refactors "cli/flags.rs" and "runtime/permissions.rs" so 
that "allow_read", "allow_write" and "allow_net" themselves
have allowlists, instead of storing them in additional fields.
											
										
										
											2020-12-29 13:34:35 -05:00
+								      }
 								    }
-												Ergonomics: Prompt TTY for permission escalation  (#1081)


											
										
										
											2018-10-27 09:11:39 -04:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn revoke(&mut self, path: Option<&Path>) -> PermissionState {
 								    if let Some(path) = path {
 								      let path = resolve_from_cwd(path).unwrap();
 								      self
 								        .granted_list
 								        .retain(|path_| !path_.0.starts_with(&path));
-												fix(cli/permissions): Fix CWD and exec path leaks (#5642)


											
										
										
											2020-05-29 11:27:43 -04:00
+								    } else {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      self.granted_list.clear();
 								      if self.global_state == PermissionState::Granted {
 								        self.global_state = PermissionState::Prompt;
-												fix(cli/permissions): Fix CWD and exec path leaks (#5642)


											
										
										
											2020-05-29 11:27:43 -04:00
+								      }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    }
 								    self.query(path)
-												fix(cli/permissions): Fix CWD and exec path leaks (#5642)


											
										
										
											2020-05-29 11:27:43 -04:00
+								  }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  pub fn check(&mut self, path: &Path) -> Result<(), AnyError> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    let (resolved_path, display_path) = resolved_and_display_path(path);
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let (result, prompted) = self.query(Some(&resolved_path)).check(
 								      self.name,
 								      Some(&format!("\"{}\"", display_path.display())),
 								      self.prompt,
 								    );
 								    if prompted {
 								      if result.is_ok() {
 								        self.granted_list.insert(ReadDescriptor(resolved_path));
 								      } else {
 								        self.denied_list.insert(ReadDescriptor(resolved_path));
 								        self.global_state = PermissionState::Denied;
 								      }
 								    }
 								    result
-												refactor: check permissions in SourceFileFetcher (#5011)

This PR hot-fixes permission escapes in dynamic imports, workers
and runtime compiler APIs.

"permissions" parameter was added to public APIs of SourceFileFetcher
and appropriate permission checks are performed during loading of
local and remote files.
											
										
										
											2020-05-11 07:13:27 -04:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  /// As `check()`, but permission error messages will anonymize the path
 								  /// by replacing it with the given `display`.
 								  pub fn check_blind(
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    &mut self,
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    path: &Path,
 								    display: &str,
 								  ) -> Result<(), AnyError> {
 								    let resolved_path = resolve_from_cwd(path).unwrap();
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let (result, prompted) = self.query(Some(&resolved_path)).check(
 								      self.name,
 								      Some(&format!("<{}>", display)),
 								      self.prompt,
 								    );
 								    if prompted {
 								      if result.is_ok() {
 								        self.granted_list.insert(ReadDescriptor(resolved_path));
 								      } else {
 								        self.denied_list.insert(ReadDescriptor(resolved_path));
 								        self.global_state = PermissionState::Denied;
 								      }
 								    }
 								    result
-												Add --allow-read (#1689)

Co-authored-by: Greg Altman <g.s.altman@gmail.com>

											
										
										
											2019-02-08 15:59:38 -05:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								}
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								impl UnaryPermission<WriteDescriptor> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn query(&self, path: Option<&Path>) -> PermissionState {
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    let path = path.map(|p| resolve_from_cwd(p).unwrap());
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    if self.global_state == PermissionState::Denied
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      && match path.as_ref() {
 								        None => true,
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        Some(path) => self
 								          .denied_list
 								          .iter()
 								          .any(|path_| path_.0.starts_with(path)),
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      }
 								    {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      PermissionState::Denied
 								    } else if self.global_state == PermissionState::Granted
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      || match path.as_ref() {
 								        None => false,
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        Some(path) => self
 								          .granted_list
 								          .iter()
 								          .any(|path_| path.starts_with(&path_.0)),
-												BREAKING(unstable): Use hosts for net allowlists (#8845)

Allowlist checking already uses hosts but for some reason 
requests, revokes and the runtime permissions API use URLs.

- BREAKING(lib.deno.unstable.d.ts): Change 
NetPermissionDescriptor::url to NetPermissionDescriptor::host

- fix(runtime/permissions): Don't add whole URLs to the 
allowlist on request

- fix(runtime/permissions): Harden strength semantics:
({ name: "net", host: "127.0.0.1" } is stronger than 
{ name: "net", host: "127.0.0.1:8000" }) for blocklisting

- refactor(runtime/permissions): Use tuples for hosts, make 
the host optional in Permissions::{query_net, request_net, revoke_net}()
											
										
										
											2020-12-30 17:35:28 -05:00
+								      }
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      PermissionState::Granted
 								    } else {
 								      PermissionState::Prompt
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    }
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn request(&mut self, path: Option<&Path>) -> PermissionState {
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    if let Some(path) = path {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      let (resolved_path, display_path) = resolved_and_display_path(path);
 								      let state = self.query(Some(&resolved_path));
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      if state == PermissionState::Prompt {
 								        if permission_prompt(&format!(
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								          "write access to \"{}\"",
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								          display_path.display()
 								        )) {
 								          self
 								            .granted_list
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								            .retain(|path| !path.0.starts_with(&resolved_path));
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								          self.granted_list.insert(WriteDescriptor(resolved_path));
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								          PermissionState::Granted
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        } else {
 								          self
 								            .denied_list
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								            .retain(|path| !resolved_path.starts_with(&path.0));
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								          self.denied_list.insert(WriteDescriptor(resolved_path));
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      } else {
 								        state
-												fix(cli/permissions): Fix CWD and exec path leaks (#5642)


											
										
										
											2020-05-29 11:27:43 -04:00
+								      }
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    } else {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      let state = self.query(None);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      if state == PermissionState::Prompt {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        if permission_prompt("write access") {
 								          self.granted_list.clear();
 								          self.global_state = PermissionState::Granted;
 								          PermissionState::Granted
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        } else {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      } else {
 								        state
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      }
 								    }
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn revoke(&mut self, path: Option<&Path>) -> PermissionState {
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    if let Some(path) = path {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      let path = resolve_from_cwd(path).unwrap();
 								      self
 								        .granted_list
 								        .retain(|path_| !path_.0.starts_with(&path));
 								    } else {
 								      self.granted_list.clear();
 								      if self.global_state == PermissionState::Granted {
 								        self.global_state = PermissionState::Prompt;
 								      }
 								    }
 								    self.query(path)
 								  }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  pub fn check(&mut self, path: &Path) -> Result<(), AnyError> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    let (resolved_path, display_path) = resolved_and_display_path(path);
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let (result, prompted) = self.query(Some(&resolved_path)).check(
 								      self.name,
 								      Some(&format!("\"{}\"", display_path.display())),
 								      self.prompt,
 								    );
 								    if prompted {
 								      if result.is_ok() {
 								        self.granted_list.insert(WriteDescriptor(resolved_path));
 								      } else {
 								        self.denied_list.insert(WriteDescriptor(resolved_path));
 								        self.global_state = PermissionState::Denied;
 								      }
 								    }
 								    result
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  }
 								}
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								impl UnaryPermission<NetDescriptor> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn query<T: AsRef<str>>(
 								    &self,
 								    host: Option<&(T, Option<u16>)>,
 								  ) -> PermissionState {
 								    if self.global_state == PermissionState::Denied
 								      && match host.as_ref() {
 								        None => true,
 								        Some(host) => match host.1 {
 								          None => self
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								            .denied_list
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								            .iter()
 								            .any(|host_| host.0.as_ref() == host_.0),
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								          Some(_) => self.denied_list.contains(&NetDescriptor::new(host)),
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        },
-												fix(cli/permissions): Fix CWD and exec path leaks (#5642)


											
										
										
											2020-05-29 11:27:43 -04:00
+								      }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    {
 								      PermissionState::Denied
 								    } else if self.global_state == PermissionState::Granted
 								      || match host.as_ref() {
 								        None => false,
 								        Some(host) => {
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								          self.granted_list.contains(&NetDescriptor::new(&&(
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								            host.0.as_ref().to_string(),
 								            None,
 								          )))
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								            || self.granted_list.contains(&NetDescriptor::new(host))
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        }
 								      }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    {
 								      PermissionState::Granted
 								    } else {
 								      PermissionState::Prompt
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    }
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn request<T: AsRef<str>>(
-												refactor: Elevate DenoPermissions lock to top level (#3398)


											
										
										
											2019-11-24 10:42:30 -05:00
+								    &mut self,
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    host: Option<&(T, Option<u16>)>,
-												BREAKING(unstable): Use hosts for net allowlists (#8845)

Allowlist checking already uses hosts but for some reason 
requests, revokes and the runtime permissions API use URLs.

- BREAKING(lib.deno.unstable.d.ts): Change 
NetPermissionDescriptor::url to NetPermissionDescriptor::host

- fix(runtime/permissions): Don't add whole URLs to the 
allowlist on request

- fix(runtime/permissions): Harden strength semantics:
({ name: "net", host: "127.0.0.1" } is stronger than 
{ name: "net", host: "127.0.0.1:8000" }) for blocklisting

- refactor(runtime/permissions): Use tuples for hosts, make 
the host optional in Permissions::{query_net, request_net, revoke_net}()
											
										
										
											2020-12-30 17:35:28 -05:00
+								  ) -> PermissionState {
 								    if let Some(host) = host {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      let state = self.query(Some(host));
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      if state == PermissionState::Prompt {
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								        let host = NetDescriptor::new(&host);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        if permission_prompt(&format!("network access to \"{}\"", host)) {
-												BREAKING(unstable): Use hosts for net allowlists (#8845)

Allowlist checking already uses hosts but for some reason 
requests, revokes and the runtime permissions API use URLs.

- BREAKING(lib.deno.unstable.d.ts): Change 
NetPermissionDescriptor::url to NetPermissionDescriptor::host

- fix(runtime/permissions): Don't add whole URLs to the 
allowlist on request

- fix(runtime/permissions): Harden strength semantics:
({ name: "net", host: "127.0.0.1" } is stronger than 
{ name: "net", host: "127.0.0.1:8000" }) for blocklisting

- refactor(runtime/permissions): Use tuples for hosts, make 
the host optional in Permissions::{query_net, request_net, revoke_net}()
											
										
										
											2020-12-30 17:35:28 -05:00
+								          if host.1.is_none() {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								            self.granted_list.retain(|h| h.0 != host.0);
-												BREAKING(unstable): Use hosts for net allowlists (#8845)

Allowlist checking already uses hosts but for some reason 
requests, revokes and the runtime permissions API use URLs.

- BREAKING(lib.deno.unstable.d.ts): Change 
NetPermissionDescriptor::url to NetPermissionDescriptor::host

- fix(runtime/permissions): Don't add whole URLs to the 
allowlist on request

- fix(runtime/permissions): Harden strength semantics:
({ name: "net", host: "127.0.0.1" } is stronger than 
{ name: "net", host: "127.0.0.1:8000" }) for blocklisting

- refactor(runtime/permissions): Use tuples for hosts, make 
the host optional in Permissions::{query_net, request_net, revoke_net}()
											
										
										
											2020-12-30 17:35:28 -05:00
+								          }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								          self.granted_list.insert(host);
 								          PermissionState::Granted
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        } else {
-												BREAKING(unstable): Use hosts for net allowlists (#8845)

Allowlist checking already uses hosts but for some reason 
requests, revokes and the runtime permissions API use URLs.

- BREAKING(lib.deno.unstable.d.ts): Change 
NetPermissionDescriptor::url to NetPermissionDescriptor::host

- fix(runtime/permissions): Don't add whole URLs to the 
allowlist on request

- fix(runtime/permissions): Harden strength semantics:
({ name: "net", host: "127.0.0.1" } is stronger than 
{ name: "net", host: "127.0.0.1:8000" }) for blocklisting

- refactor(runtime/permissions): Use tuples for hosts, make 
the host optional in Permissions::{query_net, request_net, revoke_net}()
											
										
										
											2020-12-30 17:35:28 -05:00
+								          if host.1.is_some() {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								            self.denied_list.remove(&host);
-												BREAKING(unstable): Use hosts for net allowlists (#8845)

Allowlist checking already uses hosts but for some reason 
requests, revokes and the runtime permissions API use URLs.

- BREAKING(lib.deno.unstable.d.ts): Change 
NetPermissionDescriptor::url to NetPermissionDescriptor::host

- fix(runtime/permissions): Don't add whole URLs to the 
allowlist on request

- fix(runtime/permissions): Harden strength semantics:
({ name: "net", host: "127.0.0.1" } is stronger than 
{ name: "net", host: "127.0.0.1:8000" }) for blocklisting

- refactor(runtime/permissions): Use tuples for hosts, make 
the host optional in Permissions::{query_net, request_net, revoke_net}()
											
										
										
											2020-12-30 17:35:28 -05:00
+								          }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								          self.denied_list.insert(host);
 								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      } else {
 								        state
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      }
 								    } else {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      let state = self.query::<&str>(None);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      if state == PermissionState::Prompt {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        if permission_prompt("network access") {
 								          self.granted_list.clear();
 								          self.global_state = PermissionState::Granted;
 								          PermissionState::Granted
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        } else {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      } else {
 								        state
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      }
 								    }
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn revoke<T: AsRef<str>>(
 								    &mut self,
 								    host: Option<&(T, Option<u16>)>,
 								  ) -> PermissionState {
 								    if let Some(host) = host {
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								      self.granted_list.remove(&NetDescriptor::new(&host));
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      if host.1.is_none() {
 								        self.granted_list.retain(|h| h.0 != host.0.as_ref());
 								      }
 								    } else {
 								      self.granted_list.clear();
 								      if self.global_state == PermissionState::Granted {
 								        self.global_state = PermissionState::Prompt;
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      }
 								    }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    self.query(host)
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn check<T: AsRef<str>>(
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    &mut self,
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    host: &(T, Option<u16>),
 								  ) -> Result<(), AnyError> {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let new_host = NetDescriptor::new(&host);
 								    let (result, prompted) = self.query(Some(host)).check(
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      self.name,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      Some(&format!("\"{}\"", new_host)),
 								      self.prompt,
 								    );
 								    if prompted {
 								      if result.is_ok() {
 								        self.granted_list.insert(new_host);
 								      } else {
 								        self.denied_list.insert(new_host);
 								        self.global_state = PermissionState::Denied;
 								      }
 								    }
 								    result
-												feat: log permission access (#2518)

Replaces -D/--log-debug flag with --log-level=debug

--log-level=info displays permission access
											
										
										
											2019-06-22 12:02:51 -04:00
+								  }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  pub fn check_url(&mut self, url: &url::Url) -> Result<(), AnyError> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    let hostname = url
 								      .host_str()
 								      .ok_or_else(|| uri_error("Missing host"))?
 								      .to_string();
 								    let display_host = match url.port() {
 								      None => hostname.clone(),
 								      Some(port) => format!("{}:{}", hostname, port),
 								    };
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let host = &(&hostname, url.port_or_known_default());
 								    let (result, prompted) = self.query(Some(host)).check(
 								      self.name,
 								      Some(&format!("\"{}\"", display_host)),
 								      self.prompt,
 								    );
 								    if prompted {
 								      if result.is_ok() {
 								        self.granted_list.insert(NetDescriptor::new(&host));
 								      } else {
 								        self.denied_list.insert(NetDescriptor::new(&host));
 								        self.global_state = PermissionState::Denied;
 								      }
 								    }
 								    result
-												feat: first pass at native plugins (#3372)


											
										
										
											2019-12-05 15:30:20 -05:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								}
-												feat: first pass at native plugins (#3372)


											
										
										
											2019-12-05 15:30:20 -05:00
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								impl UnaryPermission<EnvDescriptor> {
 								  pub fn query(&self, env: Option<&str>) -> PermissionState {
 								    #[cfg(windows)]
 								    let env = env.map(|env| env.to_uppercase());
 								    #[cfg(windows)]
 								    let env = env.as_deref();
 								    if self.global_state == PermissionState::Denied
 								      && match env {
 								        None => true,
 								        Some(env) => self.denied_list.iter().any(|env_| env_.0 == env),
 								      }
 								    {
 								      PermissionState::Denied
 								    } else if self.global_state == PermissionState::Granted
 								      || match env {
 								        None => false,
 								        Some(env) => self.granted_list.iter().any(|env_| env_.0 == env),
 								      }
 								    {
 								      PermissionState::Granted
 								    } else {
 								      PermissionState::Prompt
 								    }
 								  }
 								  pub fn request(&mut self, env: Option<&str>) -> PermissionState {
 								    if let Some(env) = env {
-												chore(tools): Fix stdout buffer of launched process getting full causing tools/lint.js to hang on Windows (#10888)

Also fix Windows only clippy issues.
											
										
										
											2021-06-07 22:29:47 -04:00
+								      let env = if cfg!(windows) {
 								        env.to_uppercase()
 								      } else {
 								        env.to_string()
 								      };
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      let state = self.query(Some(&env));
 								      if state == PermissionState::Prompt {
 								        if permission_prompt(&format!("env access to \"{}\"", env)) {
 								          self.granted_list.retain(|env_| env_.0 != env);
-												chore(tools): Fix stdout buffer of launched process getting full causing tools/lint.js to hang on Windows (#10888)

Also fix Windows only clippy issues.
											
										
										
											2021-06-07 22:29:47 -04:00
+								          self.granted_list.insert(EnvDescriptor(env));
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								          PermissionState::Granted
 								        } else {
 								          self.denied_list.retain(|env_| env_.0 != env);
-												chore(tools): Fix stdout buffer of launched process getting full causing tools/lint.js to hang on Windows (#10888)

Also fix Windows only clippy issues.
											
										
										
											2021-06-07 22:29:47 -04:00
+								          self.denied_list.insert(EnvDescriptor(env));
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
 								        }
 								      } else {
 								        state
 								      }
 								    } else {
 								      let state = self.query(None);
 								      if state == PermissionState::Prompt {
 								        if permission_prompt("env access") {
 								          self.granted_list.clear();
 								          self.global_state = PermissionState::Granted;
 								          PermissionState::Granted
 								        } else {
 								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
 								        }
 								      } else {
 								        state
 								      }
 								    }
 								  }
 								  pub fn revoke(&mut self, env: Option<&str>) -> PermissionState {
 								    if let Some(env) = env {
 								      #[cfg(windows)]
 								      let env = env.to_uppercase();
 								      self.granted_list.retain(|env_| env_.0 != env);
 								    } else {
 								      self.granted_list.clear();
 								      if self.global_state == PermissionState::Granted {
 								        self.global_state = PermissionState::Prompt;
 								      }
 								    }
 								    self.query(env)
 								  }
 								  pub fn check(&mut self, env: &str) -> Result<(), AnyError> {
 								    #[cfg(windows)]
 								    let env = &env.to_uppercase();
 								    let (result, prompted) = self.query(Some(env)).check(
 								      self.name,
 								      Some(&format!("\"{}\"", env)),
 								      self.prompt,
 								    );
 								    if prompted {
 								      if result.is_ok() {
 								        self.granted_list.insert(EnvDescriptor(env.to_string()));
 								      } else {
 								        self.denied_list.insert(EnvDescriptor(env.to_string()));
 								        self.global_state = PermissionState::Denied;
 								      }
 								    }
 								    result
 								  }
 								  pub fn check_all(&mut self) -> Result<(), AnyError> {
 								    let (result, prompted) =
 								      self.query(None).check(self.name, Some("all"), self.prompt);
 								    if prompted {
 								      if result.is_ok() {
 								        self.global_state = PermissionState::Granted;
 								      } else {
 								        self.global_state = PermissionState::Denied;
 								      }
 								    }
 								    result
 								  }
 								}
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								impl UnaryPermission<RunDescriptor> {
 								  pub fn query(&self, cmd: Option<&str>) -> PermissionState {
 								    if self.global_state == PermissionState::Denied
 								      && match cmd {
 								        None => true,
 								        Some(cmd) => self.denied_list.iter().any(|cmd_| cmd_.0 == cmd),
 								      }
 								    {
 								      PermissionState::Denied
 								    } else if self.global_state == PermissionState::Granted
 								      || match cmd {
 								        None => false,
 								        Some(cmd) => self.granted_list.iter().any(|cmd_| cmd_.0 == cmd),
 								      }
 								    {
 								      PermissionState::Granted
 								    } else {
 								      PermissionState::Prompt
 								    }
 								  }
 								  pub fn request(&mut self, cmd: Option<&str>) -> PermissionState {
 								    if let Some(cmd) = cmd {
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      let state = self.query(Some(cmd));
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								      if state == PermissionState::Prompt {
 								        if permission_prompt(&format!("run access to \"{}\"", cmd)) {
 								          self.granted_list.retain(|cmd_| cmd_.0 != cmd);
 								          self.granted_list.insert(RunDescriptor(cmd.to_string()));
 								          PermissionState::Granted
 								        } else {
 								          self.denied_list.retain(|cmd_| cmd_.0 != cmd);
 								          self.denied_list.insert(RunDescriptor(cmd.to_string()));
 								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
 								        }
 								      } else {
 								        state
 								      }
 								    } else {
 								      let state = self.query(None);
 								      if state == PermissionState::Prompt {
 								        if permission_prompt("run access") {
 								          self.granted_list.clear();
 								          self.global_state = PermissionState::Granted;
 								          PermissionState::Granted
 								        } else {
 								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
 								        }
 								      } else {
 								        state
 								      }
 								    }
 								  }
 								  pub fn revoke(&mut self, cmd: Option<&str>) -> PermissionState {
 								    if let Some(cmd) = cmd {
 								      self.granted_list.retain(|cmd_| cmd_.0 != cmd);
 								    } else {
 								      self.granted_list.clear();
 								      if self.global_state == PermissionState::Granted {
 								        self.global_state = PermissionState::Prompt;
 								      }
 								    }
 								    self.query(cmd)
 								  }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  pub fn check(&mut self, cmd: &str) -> Result<(), AnyError> {
 								    let (result, prompted) = self.query(Some(cmd)).check(
 								      self.name,
 								      Some(&format!("\"{}\"", cmd)),
 								      self.prompt,
 								    );
 								    if prompted {
 								      if result.is_ok() {
 								        self.granted_list.insert(RunDescriptor(cmd.to_string()));
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								      } else {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								        self.denied_list.insert(RunDescriptor(cmd.to_string()));
 								        self.global_state = PermissionState::Denied;
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								      }
 								    }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    result
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								  }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  pub fn check_all(&mut self) -> Result<(), AnyError> {
 								    let (result, prompted) =
 								      self.query(None).check(self.name, Some("all"), self.prompt);
 								    if prompted {
 								      if result.is_ok() {
 								        self.global_state = PermissionState::Granted;
 								      } else {
 								        self.global_state = PermissionState::Denied;
 								      }
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								    }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    result
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								  }
 								}
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								impl UnaryPermission<FfiDescriptor> {
 								  pub fn query(&self, lib: Option<&str>) -> PermissionState {
 								    if self.global_state == PermissionState::Denied
 								      && match lib {
 								        None => true,
 								        Some(lib) => self.denied_list.iter().any(|lib_| lib_.0 == lib),
 								      }
 								    {
 								      PermissionState::Denied
 								    } else if self.global_state == PermissionState::Granted
 								      || match lib {
 								        None => false,
 								        Some(lib) => self.granted_list.iter().any(|lib_| lib_.0 == lib),
 								      }
 								    {
 								      PermissionState::Granted
 								    } else {
 								      PermissionState::Prompt
 								    }
 								  }
 								  pub fn request(&mut self, lib: Option<&str>) -> PermissionState {
 								    if let Some(lib) = lib {
 								      let state = self.query(Some(lib));
 								      if state == PermissionState::Prompt {
 								        if permission_prompt(&format!("ffi access to \"{}\"", lib)) {
 								          self.granted_list.retain(|lib_| lib_.0 != lib);
 								          self.granted_list.insert(FfiDescriptor(lib.to_string()));
 								          PermissionState::Granted
 								        } else {
 								          self.denied_list.retain(|lib_| lib_.0 != lib);
 								          self.denied_list.insert(FfiDescriptor(lib.to_string()));
 								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
 								        }
 								      } else {
 								        state
 								      }
 								    } else {
 								      let state = self.query(None);
 								      if state == PermissionState::Prompt {
 								        if permission_prompt("ffi access") {
 								          self.granted_list.clear();
 								          self.global_state = PermissionState::Granted;
 								          PermissionState::Granted
 								        } else {
 								          self.global_state = PermissionState::Denied;
 								          PermissionState::Denied
 								        }
 								      } else {
 								        state
 								      }
 								    }
 								  }
 								  pub fn revoke(&mut self, lib: Option<&str>) -> PermissionState {
 								    if let Some(lib) = lib {
 								      self.granted_list.retain(|lib_| lib_.0 != lib);
 								    } else {
 								      self.granted_list.clear();
 								      if self.global_state == PermissionState::Granted {
 								        self.global_state = PermissionState::Prompt;
 								      }
 								    }
 								    self.query(lib)
 								  }
 								  pub fn check(&mut self, lib: &str) -> Result<(), AnyError> {
 								    let (result, prompted) = self.query(Some(lib)).check(
 								      self.name,
 								      Some(&format!("\"{}\"", lib)),
 								      self.prompt,
 								    );
 								    if prompted {
 								      if result.is_ok() {
 								        self.granted_list.insert(FfiDescriptor(lib.to_string()));
 								      } else {
 								        self.denied_list.insert(FfiDescriptor(lib.to_string()));
 								        self.global_state = PermissionState::Denied;
 								      }
 								    }
 								    result
 								  }
 								  pub fn check_all(&mut self) -> Result<(), AnyError> {
 								    let (result, prompted) =
 								      self.query(None).check(self.name, Some("all"), self.prompt);
 								    if prompted {
 								      if result.is_ok() {
 								        self.global_state = PermissionState::Granted;
 								      } else {
 								        self.global_state = PermissionState::Denied;
 								      }
 								    }
 								    result
 								  }
 								}
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								#[derive(Clone, Debug, Default, PartialEq)]
 								pub struct Permissions {
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								  pub read: UnaryPermission<ReadDescriptor>,
 								  pub write: UnaryPermission<WriteDescriptor>,
 								  pub net: UnaryPermission<NetDescriptor>,
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								  pub env: UnaryPermission<EnvDescriptor>,
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								  pub run: UnaryPermission<RunDescriptor>,
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								  pub ffi: UnaryPermission<FfiDescriptor>,
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								  pub hrtime: UnitPermission,
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								}
 								#[derive(Clone, Debug, PartialEq, Default, Serialize, Deserialize)]
 								pub struct PermissionsOptions {
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								  pub allow_env: Option<Vec<String>>,
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub allow_hrtime: bool,
 								  pub allow_net: Option<Vec<String>>,
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								  pub allow_ffi: Option<Vec<String>>,
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub allow_read: Option<Vec<PathBuf>>,
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								  pub allow_run: Option<Vec<String>>,
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub allow_write: Option<Vec<PathBuf>>,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  pub prompt: bool,
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								}
 								impl Permissions {
 								  pub fn new_read(
 								    state: &Option<Vec<PathBuf>>,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    prompt: bool,
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								  ) -> UnaryPermission<ReadDescriptor> {
 								    UnaryPermission::<ReadDescriptor> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      name: "read",
 								      description: "read the file system",
 								      global_state: global_state_from_option(state),
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      granted_list: resolve_read_allowlist(state),
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      denied_list: Default::default(),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      prompt,
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    }
 								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn new_write(
 								    state: &Option<Vec<PathBuf>>,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    prompt: bool,
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								  ) -> UnaryPermission<WriteDescriptor> {
 								    UnaryPermission::<WriteDescriptor> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      name: "write",
 								      description: "write to the file system",
 								      global_state: global_state_from_option(state),
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      granted_list: resolve_write_allowlist(state),
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      denied_list: Default::default(),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      prompt,
-												Use web standard Permissions API (#3200)


											
										
										
											2019-10-27 11:22:53 -04:00
+								    }
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn new_net(
 								    state: &Option<Vec<String>>,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    prompt: bool,
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								  ) -> UnaryPermission<NetDescriptor> {
 								    UnaryPermission::<NetDescriptor> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      name: "net",
 								      description: "network",
 								      global_state: global_state_from_option(state),
 								      granted_list: state
 								        .as_ref()
 								        .map(|v| {
 								          v.iter()
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								            .map(|x| NetDescriptor::from_string(x.clone()))
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								            .collect()
 								        })
 								        .unwrap_or_else(HashSet::new),
 								      denied_list: Default::default(),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      prompt,
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    }
 								  }
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								  pub fn new_env(
 								    state: &Option<Vec<String>>,
 								    prompt: bool,
 								  ) -> UnaryPermission<EnvDescriptor> {
 								    UnaryPermission::<EnvDescriptor> {
 								      name: "env",
 								      description: "environment variables",
 								      global_state: global_state_from_option(state),
 								      granted_list: state
 								        .as_ref()
 								        .map(|v| {
 								          v.iter()
 								            .map(|x| {
 								              EnvDescriptor(if cfg!(windows) {
 								                x.to_uppercase()
 								              } else {
 								                x.clone()
 								              })
 								            })
 								            .collect()
 								        })
 								        .unwrap_or_else(HashSet::new),
 								      denied_list: Default::default(),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      prompt,
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								    }
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  }
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								  pub fn new_run(
 								    state: &Option<Vec<String>>,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    prompt: bool,
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								  ) -> UnaryPermission<RunDescriptor> {
 								    UnaryPermission::<RunDescriptor> {
 								      name: "run",
 								      description: "run a subprocess",
 								      global_state: global_state_from_option(state),
 								      granted_list: state
 								        .as_ref()
 								        .map(|v| v.iter().map(|x| RunDescriptor(x.clone())).collect())
 								        .unwrap_or_else(HashSet::new),
 								      denied_list: Default::default(),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      prompt,
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								    }
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  }
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								  pub fn new_ffi(
 								    state: &Option<Vec<String>>,
 								    prompt: bool,
 								  ) -> UnaryPermission<FfiDescriptor> {
 								    UnaryPermission::<FfiDescriptor> {
 								      name: "ffi",
 								      description: "load a dynamic library",
 								      global_state: global_state_from_option(state),
 								      granted_list: state
 								        .as_ref()
 								        .map(|v| v.iter().map(|x| FfiDescriptor(x.clone())).collect())
 								        .unwrap_or_else(HashSet::new),
 								      denied_list: Default::default(),
 								      prompt,
 								    }
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  pub fn new_hrtime(state: bool, prompt: bool) -> UnitPermission {
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								    unit_permission_from_flag_bool(
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      state,
 								      "hrtime",
 								      "high precision time",
 								      prompt,
 								    )
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn from_options(opts: &PermissionsOptions) -> Self {
 								    Self {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      read: Permissions::new_read(&opts.allow_read, opts.prompt),
 								      write: Permissions::new_write(&opts.allow_write, opts.prompt),
 								      net: Permissions::new_net(&opts.allow_net, opts.prompt),
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      env: Permissions::new_env(&opts.allow_env, opts.prompt),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      run: Permissions::new_run(&opts.allow_run, opts.prompt),
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								      ffi: Permissions::new_ffi(&opts.allow_ffi, opts.prompt),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      hrtime: Permissions::new_hrtime(opts.allow_hrtime, opts.prompt),
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    }
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  pub fn allow_all() -> Self {
 								    Self {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      read: Permissions::new_read(&Some(vec![]), false),
 								      write: Permissions::new_write(&Some(vec![]), false),
 								      net: Permissions::new_net(&Some(vec![]), false),
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      env: Permissions::new_env(&Some(vec![]), false),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      run: Permissions::new_run(&Some(vec![]), false),
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								      ffi: Permissions::new_ffi(&Some(vec![]), false),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      hrtime: Permissions::new_hrtime(true, false),
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    }
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  }
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								  /// A helper function that determines if the module specifier is a local or
 								  /// remote, and performs a read or net check for the specifier.
 								  pub fn check_specifier(
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    &mut self,
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								    specifier: &ModuleSpecifier,
 								  ) -> Result<(), AnyError> {
-												Make ModuleSpecifier a type alias, not wrapper struct (#9531)


											
										
										
											2021-02-17 13:47:18 -05:00
+								    match specifier.scheme() {
 								      "file" => match specifier.to_file_path() {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        Ok(path) => self.read.check(&path),
-												fix: panic on invalid file:// module specifier (#8964)


											
										
										
											2021-01-04 04:33:20 -05:00
+								        Err(_) => Err(uri_error(format!(
 								          "Invalid file path.\n  Specifier: {}",
 								          specifier
 								        ))),
-												feat(cli): support data urls (#8866)

Closes: #5059

Co-authored-by: Valentin Anger <syrupthinker@gryphno.de>

											
										
										
											2021-01-05 21:22:38 -05:00
+								      },
 								      "data" => Ok(()),
-												feat: blob URL support (#10045)

This commit adds blob URL support. Blob URLs are stored in a process
global storage, that can be accessed from all workers, and the module
loader. Blob URLs can be created using `URL.createObjectURL` and revoked
using `URL.revokeObjectURL`.

This commit does not add support for `fetch`ing blob URLs. This will be
added in a follow up commit.
											
										
										
											2021-04-07 09:22:14 -04:00
+								      "blob" => Ok(()),
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      _ => self.net.check_url(specifier),
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								    }
 								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								}
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
-												feat: Add "deno_net" extension (#11150)

This commits moves implementation of net related APIs available on "Deno"
namespace to "deno_net" extension.

Following APIs were moved:
- Deno.listen()
- Deno.connect()
- Deno.listenTls()
- Deno.serveHttp()
- Deno.shutdown()
- Deno.resolveDns()
- Deno.listenDatagram()
- Deno.startTls()
- Deno.Conn
- Deno.Listener
- Deno.DatagramConn

											
										
										
											2021-06-28 19:43:03 -04:00
+								impl deno_net::NetPermissions for Permissions {
 								  fn check_net<T: AsRef<str>>(
 								    &mut self,
 								    host: &(T, Option<u16>),
 								  ) -> Result<(), AnyError> {
 								    self.net.check(host)
 								  }
 								  fn check_read(&mut self, path: &Path) -> Result<(), AnyError> {
 								    self.read.check(path)
 								  }
 								  fn check_write(&mut self, path: &Path) -> Result<(), AnyError> {
 								    self.write.check(path)
 								  }
 								}
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								impl deno_fetch::FetchPermissions for Permissions {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  fn check_net_url(&mut self, url: &url::Url) -> Result<(), AnyError> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    self.net.check_url(url)
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  fn check_read(&mut self, path: &Path) -> Result<(), AnyError> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    self.read.check(path)
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								}
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
-												refactor: move timers to deno_timers op crate (#10179)

Move timers out of runtime/ and into a standalone op crate.
											
										
										
											2021-04-14 15:10:48 -04:00
+								impl deno_timers::TimersPermission for Permissions {
 								  fn allow_hrtime(&mut self) -> bool {
 								    self.hrtime.check().is_ok()
 								  }
 								  fn check_unstable(&self, state: &OpState, api_name: &'static str) {
 								    crate::ops::check_unstable(state, api_name);
 								  }
 								}
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								impl deno_websocket::WebSocketPermissions for Permissions {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  fn check_net_url(&mut self, url: &url::Url) -> Result<(), AnyError> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    self.net.check_url(url)
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								}
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								impl deno_ffi::FfiPermissions for Permissions {
 								  fn check(&mut self, path: &str) -> Result<(), AnyError> {
 								    self.ffi.check(path)
 								  }
 								}
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								fn unit_permission_from_flag_bool(
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  flag: bool,
 								  name: &'static str,
 								  description: &'static str,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								  prompt: bool,
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								) -> UnitPermission {
 								  UnitPermission {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    name,
 								    description,
 								    state: if flag {
 								      PermissionState::Granted
 								    } else {
 								      PermissionState::Prompt
 								    },
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    prompt,
-												Allow high precision performance.now() (#1977)


											
										
										
											2019-04-08 16:22:40 -04:00
+								  }
-												More permissions prompt options (#1926)


											
										
										
											2019-03-18 16:46:23 -04:00
+								}
-												Allow inspection and revocation of permissions (#1875)



											
										
										
											2019-03-04 11:04:19 -05:00
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								fn global_state_from_option<T>(flag: &Option<Vec<T>>) -> PermissionState {
 								  if matches!(flag, Some(v) if v.is_empty()) {
 								    PermissionState::Granted
 								  } else {
 								    PermissionState::Prompt
-												refactor: remove CliState, use OpState, add CliModuleLoader (#7588)

- remove "CliState.workers" and "CliState.next_worker_id", instead
store them on "OpState" using type aliases.
- remove "CliState.global_timer" and "CliState.start_time", instead
store them on "OpState" using type aliases.
- remove "CliState.is_internal", instead pass it to Worker::new
- move "CliState::permissions" to "OpState"
- move "CliState::main_module" to "OpState"
- move "CliState::global_state" to "OpState"
- move "CliState::check_unstable()" to "GlobalState"
- change "cli_state()" to "global_state()"
- change "deno_core::ModuleLoader" trait to pass "OpState" to callbacks
- rename "CliState" to "CliModuleLoader"
											
										
										
											2020-09-19 19:17:35 -04:00
+								  }
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								}
-												refactor: remove CliState, use OpState, add CliModuleLoader (#7588)

- remove "CliState.workers" and "CliState.next_worker_id", instead
store them on "OpState" using type aliases.
- remove "CliState.global_timer" and "CliState.start_time", instead
store them on "OpState" using type aliases.
- remove "CliState.is_internal", instead pass it to Worker::new
- move "CliState::permissions" to "OpState"
- move "CliState::main_module" to "OpState"
- move "CliState::global_state" to "OpState"
- move "CliState::check_unstable()" to "GlobalState"
- change "cli_state()" to "global_state()"
- change "deno_core::ModuleLoader" trait to pass "OpState" to callbacks
- rename "CliState" to "CliModuleLoader"
											
										
										
											2020-09-19 19:17:35 -04:00
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								pub fn resolve_read_allowlist(
 								  allow: &Option<Vec<PathBuf>>,
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								) -> HashSet<ReadDescriptor> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  if let Some(v) = allow {
 								    v.iter()
 								      .map(|raw_path| {
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								        ReadDescriptor(resolve_from_cwd(Path::new(&raw_path)).unwrap())
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      })
 								      .collect()
 								  } else {
 								    HashSet::new()
-												refactor: remove CliState, use OpState, add CliModuleLoader (#7588)

- remove "CliState.workers" and "CliState.next_worker_id", instead
store them on "OpState" using type aliases.
- remove "CliState.global_timer" and "CliState.start_time", instead
store them on "OpState" using type aliases.
- remove "CliState.is_internal", instead pass it to Worker::new
- move "CliState::permissions" to "OpState"
- move "CliState::main_module" to "OpState"
- move "CliState::global_state" to "OpState"
- move "CliState::check_unstable()" to "GlobalState"
- change "cli_state()" to "global_state()"
- change "deno_core::ModuleLoader" trait to pass "OpState" to callbacks
- rename "CliState" to "CliModuleLoader"
											
										
										
											2020-09-19 19:17:35 -04:00
+								  }
 								}
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								pub fn resolve_write_allowlist(
 								  allow: &Option<Vec<PathBuf>>,
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								) -> HashSet<WriteDescriptor> {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								  if let Some(v) = allow {
 								    v.iter()
 								      .map(|raw_path| {
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								        WriteDescriptor(resolve_from_cwd(Path::new(&raw_path)).unwrap())
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      })
 								      .collect()
 								  } else {
 								    HashSet::new()
-												refactor: move WebSocket API to an op_crate (#9026)


											
										
										
											2021-01-06 10:57:28 -05:00
+								  }
 								}
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								/// Arbitrary helper. Resolves the path from CWD, and also gets a path that
 								/// can be displayed without leaking the CWD when not allowed.
 								fn resolved_and_display_path(path: &Path) -> (PathBuf, PathBuf) {
 								  let resolved_path = resolve_from_cwd(path).unwrap();
 								  let display_path = path.to_path_buf();
 								  (resolved_path, display_path)
 								}
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								/// Shows the permission prompt and returns the answer according to the user input.
 								/// This loops until the user gives the proper input.
 								#[cfg(not(test))]
 								fn permission_prompt(message: &str) -> bool {
 								  if !atty::is(atty::Stream::Stdin) || !atty::is(atty::Stream::Stderr) {
 								    return false;
 								  };
-												Switch grant/deny prompt to yes/no (#10547)


											
										
										
											2021-05-10 07:11:34 -04:00
+								  let opts = "[y/n (y = yes allow, n = no deny)] ";
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								  let msg = format!(
-												Switch grant/deny prompt to yes/no (#10547)


											
										
										
											2021-05-10 07:11:34 -04:00
+								    "{}  ️Deno requests {}. Allow? {}",
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    PERMISSION_EMOJI, message, opts
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								  );
 								  // print to stderr so that if deno is > to a file this is still displayed.
-												refactor: util functions take slices instead of heap values (#6547)


											
										
										
											2020-06-29 08:17:37 -04:00
+								  eprint!("{}", colors::bold(&msg));
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								  loop {
 								    let mut input = String::new();
 								    let stdin = io::stdin();
 								    let result = stdin.read_line(&mut input);
 								    if result.is_err() {
 								      return false;
 								    };
-												fix(permissions): don't panic when no input is given (#9894)

Fixes #9633 

Co-authored-by: Kitson Kelly <me@kitsonkelly.com>
											
										
										
											2021-04-02 16:49:51 -04:00
+								    let ch = match input.chars().next() {
 								      None => return false,
 								      Some(v) => v,
 								    };
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								    match ch.to_ascii_lowercase() {
-												Switch grant/deny prompt to yes/no (#10547)


											
										
										
											2021-05-10 07:11:34 -04:00
+								      'y' => return true,
 								      'n' => return false,
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								      _ => {
 								        // If we don't get a recognized option try again.
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								        let msg_again = format!("Unrecognized option '{}' {}", ch, opts);
-												refactor: util functions take slices instead of heap values (#6547)


											
										
										
											2020-06-29 08:17:37 -04:00
+								        eprint!("{}", colors::bold(&msg_again));
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								      }
 								    };
 								  }
 								}
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								// When testing, permission prompt returns the value of STUB_PROMPT_VALUE
 								// which we set from the test functions.
 								#[cfg(test)]
 								fn permission_prompt(_message: &str) -> bool {
 								  STUB_PROMPT_VALUE.load(Ordering::SeqCst)
 								}
-												fix: add mutex guard for permission_prompt tests (#4105)

This PR introduces the mutex guard for the test cases which depends on the 
permission prompt mocking utility. permission_request test cases depend on 
the mocked (dummy) value of the permission_prompt result. The value is stored 
at static STUB_PROMPT_VALUE: AtomicBool and these test cases share this 
value. So we should lock at the start of these test cases.

Before this change cargo test permission failed 6 times out of 20. After this 
change, 0 times out of 20 (on my mac).
											
										
										
											2020-02-24 09:13:03 -05:00
+								#[cfg(test)]
-												remove macro_use (#9884)


											
										
										
											2021-03-26 12:34:25 -04:00
+								lazy_static::lazy_static! {
-												fix: add mutex guard for permission_prompt tests (#4105)

This PR introduces the mutex guard for the test cases which depends on the 
permission prompt mocking utility. permission_request test cases depend on 
the mocked (dummy) value of the permission_prompt result. The value is stored 
at static STUB_PROMPT_VALUE: AtomicBool and these test cases share this 
value. So we should lock at the start of these test cases.

Before this change cargo test permission failed 6 times out of 20. After this 
change, 0 times out of 20 (on my mac).
											
										
										
											2020-02-24 09:13:03 -05:00
+								  /// Lock this when you use `set_prompt_result` in a test case.
 								  static ref PERMISSION_PROMPT_GUARD: Mutex<()> = Mutex::new(());
 								}
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
+								#[cfg(test)]
 								static STUB_PROMPT_VALUE: AtomicBool = AtomicBool::new(true);
 								#[cfg(test)]
 								fn set_prompt_result(value: bool) {
 								  STUB_PROMPT_VALUE.store(value, Ordering::SeqCst);
 								}
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
+								#[cfg(test)]
 								mod tests {
 								  use super::*;
-												Make ModuleSpecifier a type alias, not wrapper struct (#9531)


											
										
										
											2021-02-17 13:47:18 -05:00
+								  use deno_core::resolve_url_or_path;
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
 								  // Creates vector of strings, Vec<String>
 								  macro_rules! svec {
 								      ($($x:expr),*) => (vec![$($x.to_string()),*]);
 								  }
 								  #[test]
 								  fn check_paths() {
-												Move to allowlist and blocklist (#6282)


											
										
										
											2020-06-13 13:09:39 -04:00
+								    let allowlist = vec![
-												refactor: Use PathBuf for paths in flag parsing and whitelists (#3955)

* Use PathBuf for DenoSubcommand::Bundle's out_file
* Use PathBuf for DenoSubcommand::Format's files
* Use PathBuf for DenoSubcommand::Install's dir
* Use PathBuf for read/write whitelists

											
										
										
											2020-02-11 04:29:36 -05:00
+								      PathBuf::from("/a/specific/dir/name"),
 								      PathBuf::from("/a/specific"),
 								      PathBuf::from("/b/c"),
 								    ];
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let mut perms = Permissions::from_options(&PermissionsOptions {
-												refactor(cli/flags): change allow_read/write/net types from bool to Option<Vec<T>> (#8896)

This PR refactors "cli/flags.rs" and "runtime/permissions.rs" so 
that "allow_read", "allow_write" and "allow_net" themselves
have allowlists, instead of storing them in additional fields.
											
										
										
											2020-12-29 13:34:35 -05:00
+								      allow_read: Some(allowlist.clone()),
 								      allow_write: Some(allowlist),
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
+								      ..Default::default()
 								    });
 								    // Inside of /a/specific and /a/specific/dir/name
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    assert!(perms.read.check(Path::new("/a/specific/dir/name")).is_ok());
 								    assert!(perms.write.check(Path::new("/a/specific/dir/name")).is_ok());
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
 								    // Inside of /a/specific but outside of /a/specific/dir/name
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    assert!(perms.read.check(Path::new("/a/specific/dir")).is_ok());
 								    assert!(perms.write.check(Path::new("/a/specific/dir")).is_ok());
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
 								    // Inside of /a/specific and /a/specific/dir/name
-												refactor: Improve path handling in permission checks (#3714)


											
										
										
											2020-01-20 09:45:44 -05:00
+								    assert!(perms
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      .read
 								      .check(Path::new("/a/specific/dir/name/inner"))
-												refactor: Improve path handling in permission checks (#3714)


											
										
										
											2020-01-20 09:45:44 -05:00
+								      .is_ok());
 								    assert!(perms
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      .write
 								      .check(Path::new("/a/specific/dir/name/inner"))
-												refactor: Improve path handling in permission checks (#3714)


											
										
										
											2020-01-20 09:45:44 -05:00
+								      .is_ok());
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
 								    // Inside of /a/specific but outside of /a/specific/dir/name
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    assert!(perms.read.check(Path::new("/a/specific/other/dir")).is_ok());
-												refactor: Improve path handling in permission checks (#3714)


											
										
										
											2020-01-20 09:45:44 -05:00
+								    assert!(perms
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      .write
 								      .check(Path::new("/a/specific/other/dir"))
-												refactor: Improve path handling in permission checks (#3714)


											
										
										
											2020-01-20 09:45:44 -05:00
+								      .is_ok());
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
 								    // Exact match with /b/c
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    assert!(perms.read.check(Path::new("/b/c")).is_ok());
 								    assert!(perms.write.check(Path::new("/b/c")).is_ok());
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
 								    // Sub path within /b/c
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    assert!(perms.read.check(Path::new("/b/c/sub/path")).is_ok());
 								    assert!(perms.write.check(Path::new("/b/c/sub/path")).is_ok());
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
-												fix(cli/permissions): Fix CWD and exec path leaks (#5642)


											
										
										
											2020-05-29 11:27:43 -04:00
+								    // Sub path within /b/c, needs normalizing
 								    assert!(perms
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      .read
 								      .check(Path::new("/b/c/sub/path/../path/."))
-												fix(cli/permissions): Fix CWD and exec path leaks (#5642)


											
										
										
											2020-05-29 11:27:43 -04:00
+								      .is_ok());
 								    assert!(perms
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      .write
 								      .check(Path::new("/b/c/sub/path/../path/."))
-												fix(cli/permissions): Fix CWD and exec path leaks (#5642)


											
										
										
											2020-05-29 11:27:43 -04:00
+								      .is_ok());
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
+								    // Inside of /b but outside of /b/c
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    assert!(perms.read.check(Path::new("/b/e")).is_err());
 								    assert!(perms.write.check(Path::new("/b/e")).is_err());
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
 								    // Inside of /a but outside of /a/specific
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    assert!(perms.read.check(Path::new("/a/b")).is_err());
 								    assert!(perms.write.check(Path::new("/a/b")).is_err());
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
+								  }
 								  #[test]
-												feat(unstable): add Deno.resolveDns API (#8790)


											
										
										
											2021-01-19 09:39:04 -05:00
+								  fn test_check_net_with_values() {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let mut perms = Permissions::from_options(&PermissionsOptions {
-												refactor(cli/flags): change allow_read/write/net types from bool to Option<Vec<T>> (#8896)

This PR refactors "cli/flags.rs" and "runtime/permissions.rs" so 
that "allow_read", "allow_write" and "allow_net" themselves
have allowlists, instead of storing them in additional fields.
											
										
										
											2020-12-29 13:34:35 -05:00
+								      allow_net: Some(svec![
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
+								        "localhost",
 								        "deno.land",
 								        "github.com:3000",
 								        "127.0.0.1",
-												fix: net permissions didn't account for default ports (#6606)


											
										
										
											2020-07-02 10:16:41 -04:00
+								        "172.16.0.2:8000",
 								        "www.github.com:443"
-												refactor(cli/flags): change allow_read/write/net types from bool to Option<Vec<T>> (#8896)

This PR refactors "cli/flags.rs" and "runtime/permissions.rs" so 
that "allow_read", "allow_write" and "allow_net" themselves
have allowlists, instead of storing them in additional fields.
											
										
										
											2020-12-29 13:34:35 -05:00
+								      ]),
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
+								      ..Default::default()
 								    });
-												simplify check_net test

											
										
										
											2019-06-24 19:30:11 -04:00
+								    let domain_tests = vec![
-												refactor DenoPermissions.check_net & resolve_addr (#3182)


											
										
										
											2019-10-23 10:19:27 -04:00
+								      ("localhost", 1234, true),
 								      ("deno.land", 0, true),
 								      ("deno.land", 3000, true),
 								      ("deno.lands", 0, false),
 								      ("deno.lands", 3000, false),
 								      ("github.com", 3000, true),
 								      ("github.com", 0, false),
 								      ("github.com", 2000, false),
 								      ("github.net", 3000, false),
 								      ("127.0.0.1", 0, true),
 								      ("127.0.0.1", 3000, true),
 								      ("127.0.0.2", 0, false),
 								      ("127.0.0.2", 3000, false),
 								      ("172.16.0.2", 8000, true),
 								      ("172.16.0.2", 0, false),
 								      ("172.16.0.2", 6000, false),
 								      ("172.16.0.1", 8000, false),
-												simplify check_net test

											
										
										
											2019-06-24 19:30:11 -04:00
+								      // Just some random hosts that should err
-												refactor DenoPermissions.check_net & resolve_addr (#3182)


											
										
										
											2019-10-23 10:19:27 -04:00
+								      ("somedomain", 0, false),
 								      ("192.168.0.1", 0, false),
-												simplify check_net test

											
										
										
											2019-06-24 19:30:11 -04:00
+								    ];
-												feat(unstable): add Deno.resolveDns API (#8790)


											
										
										
											2021-01-19 09:39:04 -05:00
+								    for (host, port, is_ok) in domain_tests {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(is_ok, perms.net.check(&(host, Some(port))).is_ok());
-												feat(unstable): add Deno.resolveDns API (#8790)


											
										
										
											2021-01-19 09:39:04 -05:00
+								    }
 								  }
 								  #[test]
 								  fn test_check_net_only_flag() {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let mut perms = Permissions::from_options(&PermissionsOptions {
-												feat(unstable): add Deno.resolveDns API (#8790)


											
										
										
											2021-01-19 09:39:04 -05:00
+								      allow_net: Some(svec![]), // this means `--allow-net` is present without values following `=` sign
 								      ..Default::default()
 								    });
 								    let domain_tests = vec![
 								      ("localhost", 1234),
 								      ("deno.land", 0),
 								      ("deno.land", 3000),
 								      ("deno.lands", 0),
 								      ("deno.lands", 3000),
 								      ("github.com", 3000),
 								      ("github.com", 0),
 								      ("github.com", 2000),
 								      ("github.net", 3000),
 								      ("127.0.0.1", 0),
 								      ("127.0.0.1", 3000),
 								      ("127.0.0.2", 0),
 								      ("127.0.0.2", 3000),
 								      ("172.16.0.2", 8000),
 								      ("172.16.0.2", 0),
 								      ("172.16.0.2", 6000),
 								      ("172.16.0.1", 8000),
 								      ("somedomain", 0),
 								      ("192.168.0.1", 0),
 								    ];
 								    for (host, port) in domain_tests {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert!(perms.net.check(&(host, Some(port))).is_ok());
-												feat(unstable): add Deno.resolveDns API (#8790)


											
										
										
											2021-01-19 09:39:04 -05:00
+								    }
 								  }
 								  #[test]
 								  fn test_check_net_no_flag() {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let mut perms = Permissions::from_options(&PermissionsOptions {
-												feat(unstable): add Deno.resolveDns API (#8790)


											
										
										
											2021-01-19 09:39:04 -05:00
+								      allow_net: None,
 								      ..Default::default()
 								    });
 								    let domain_tests = vec![
 								      ("localhost", 1234),
 								      ("deno.land", 0),
 								      ("deno.land", 3000),
 								      ("deno.lands", 0),
 								      ("deno.lands", 3000),
 								      ("github.com", 3000),
 								      ("github.com", 0),
 								      ("github.com", 2000),
 								      ("github.net", 3000),
 								      ("127.0.0.1", 0),
 								      ("127.0.0.1", 3000),
 								      ("127.0.0.2", 0),
 								      ("127.0.0.2", 3000),
 								      ("172.16.0.2", 8000),
 								      ("172.16.0.2", 0),
 								      ("172.16.0.2", 6000),
 								      ("172.16.0.1", 8000),
 								      ("somedomain", 0),
 								      ("192.168.0.1", 0),
 								    ];
 								    for (host, port) in domain_tests {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert!(!perms.net.check(&(host, Some(port))).is_ok());
-												feat(unstable): add Deno.resolveDns API (#8790)


											
										
										
											2021-01-19 09:39:04 -05:00
+								    }
 								  }
 								  #[test]
 								  fn test_check_net_url() {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let mut perms = Permissions::from_options(&PermissionsOptions {
-												feat(unstable): add Deno.resolveDns API (#8790)


											
										
										
											2021-01-19 09:39:04 -05:00
+								      allow_net: Some(svec![
 								        "localhost",
 								        "deno.land",
 								        "github.com:3000",
 								        "127.0.0.1",
 								        "172.16.0.2:8000",
 								        "www.github.com:443"
 								      ]),
 								      ..Default::default()
 								    });
-												simplify check_net test

											
										
										
											2019-06-24 19:30:11 -04:00
+								    let url_tests = vec![
 								      // Any protocol + port for localhost should be ok, since we don't specify
 								      ("http://localhost", true),
 								      ("https://localhost", true),
 								      ("https://localhost:4443", true),
 								      ("tcp://localhost:5000", true),
 								      ("udp://localhost:6000", true),
 								      // Correct domain + any port and protocol should be ok incorrect shouldn't
 								      ("https://deno.land/std/example/welcome.ts", true),
 								      ("https://deno.land:3000/std/example/welcome.ts", true),
 								      ("https://deno.lands/std/example/welcome.ts", false),
 								      ("https://deno.lands:3000/std/example/welcome.ts", false),
 								      // Correct domain + port should be ok all other combinations should err
 								      ("https://github.com:3000/denoland/deno", true),
 								      ("https://github.com/denoland/deno", false),
 								      ("https://github.com:2000/denoland/deno", false),
 								      ("https://github.net:3000/denoland/deno", false),
 								      // Correct ipv4 address + any port should be ok others should err
 								      ("tcp://127.0.0.1", true),
 								      ("https://127.0.0.1", true),
 								      ("tcp://127.0.0.1:3000", true),
 								      ("https://127.0.0.1:3000", true),
 								      ("tcp://127.0.0.2", false),
 								      ("https://127.0.0.2", false),
 								      ("tcp://127.0.0.2:3000", false),
 								      ("https://127.0.0.2:3000", false),
 								      // Correct address + port should be ok all other combinations should err
 								      ("tcp://172.16.0.2:8000", true),
 								      ("https://172.16.0.2:8000", true),
 								      ("tcp://172.16.0.2", false),
 								      ("https://172.16.0.2", false),
 								      ("tcp://172.16.0.2:6000", false),
 								      ("https://172.16.0.2:6000", false),
 								      ("tcp://172.16.0.1:8000", false),
 								      ("https://172.16.0.1:8000", false),
-												fix: net permissions didn't account for default ports (#6606)


											
										
										
											2020-07-02 10:16:41 -04:00
+								      // Testing issue #6531 (Network permissions check doesn't account for well-known default ports) so we dont regress
 								      ("https://www.github.com:443/robots.txt", true),
-												simplify check_net test

											
										
										
											2019-06-24 19:30:11 -04:00
+								    ];
-												feat(unstable): add Deno.resolveDns API (#8790)


											
										
										
											2021-01-19 09:39:04 -05:00
+								    for (url_str, is_ok) in url_tests {
-												simplify check_net test

											
										
										
											2019-06-24 19:30:11 -04:00
+								      let u = url::Url::parse(url_str).unwrap();
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(is_ok, perms.net.check_url(&u).is_ok());
-												simplify check_net test

											
										
										
											2019-06-24 19:30:11 -04:00
+								    }
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
+								  }
-												Add permissions.request (#3296)


											
										
										
											2019-11-11 10:33:29 -05:00
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								  #[test]
 								  fn check_specifiers() {
 								    let read_allowlist = if cfg!(target_os = "windows") {
 								      vec![PathBuf::from("C:\\a")]
 								    } else {
 								      vec![PathBuf::from("/a")]
 								    };
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let mut perms = Permissions::from_options(&PermissionsOptions {
-												refactor(cli/flags): change allow_read/write/net types from bool to Option<Vec<T>> (#8896)

This PR refactors "cli/flags.rs" and "runtime/permissions.rs" so 
that "allow_read", "allow_write" and "allow_net" themselves
have allowlists, instead of storing them in additional fields.
											
										
										
											2020-12-29 13:34:35 -05:00
+								      allow_read: Some(read_allowlist),
 								      allow_net: Some(svec!["localhost"]),
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								      ..Default::default()
 								    });
 								    let mut fixtures = vec![
 								      (
-												Make ModuleSpecifier a type alias, not wrapper struct (#9531)


											
										
										
											2021-02-17 13:47:18 -05:00
+								        resolve_url_or_path("http://localhost:4545/mod.ts").unwrap(),
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								        true,
 								      ),
 								      (
-												Make ModuleSpecifier a type alias, not wrapper struct (#9531)


											
										
										
											2021-02-17 13:47:18 -05:00
+								        resolve_url_or_path("http://deno.land/x/mod.ts").unwrap(),
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								        false,
 								      ),
-												feat(cli): support data urls (#8866)

Closes: #5059

Co-authored-by: Valentin Anger <syrupthinker@gryphno.de>

											
										
										
											2021-01-05 21:22:38 -05:00
+								      (
-												Make ModuleSpecifier a type alias, not wrapper struct (#9531)


											
										
										
											2021-02-17 13:47:18 -05:00
+								        resolve_url_or_path("data:text/plain,Hello%2C%20Deno!").unwrap(),
-												feat(cli): support data urls (#8866)

Closes: #5059

Co-authored-by: Valentin Anger <syrupthinker@gryphno.de>

											
										
										
											2021-01-05 21:22:38 -05:00
+								        true,
 								      ),
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								    ];
 								    if cfg!(target_os = "windows") {
-												Make ModuleSpecifier a type alias, not wrapper struct (#9531)


											
										
										
											2021-02-17 13:47:18 -05:00
+								      fixtures
 								        .push((resolve_url_or_path("file:///C:/a/mod.ts").unwrap(), true));
 								      fixtures
 								        .push((resolve_url_or_path("file:///C:/b/mod.ts").unwrap(), false));
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								    } else {
-												Make ModuleSpecifier a type alias, not wrapper struct (#9531)


											
										
										
											2021-02-17 13:47:18 -05:00
+								      fixtures.push((resolve_url_or_path("file:///a/mod.ts").unwrap(), true));
 								      fixtures.push((resolve_url_or_path("file:///b/mod.ts").unwrap(), false));
-												fix(cli): restore permission check on workers (#8123)

Fixes #8120 
											
										
										
											2020-10-26 15:56:00 -04:00
+								    }
 								    for (specifier, expected) in fixtures {
 								      assert_eq!(perms.check_specifier(&specifier).is_ok(), expected);
 								    }
 								  }
-												fix: panic on invalid file:// module specifier (#8964)


											
										
										
											2021-01-04 04:33:20 -05:00
+								  #[test]
 								  fn check_invalid_specifiers() {
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    let mut perms = Permissions::allow_all();
-												fix: panic on invalid file:// module specifier (#8964)


											
										
										
											2021-01-04 04:33:20 -05:00
 								    let mut test_cases = vec![];
 								    if cfg!(target_os = "windows") {
 								      test_cases.push("file://");
 								      test_cases.push("file:///");
 								    } else {
 								      test_cases.push("file://remotehost/");
 								    }
 								    for url in test_cases {
 								      assert!(perms
-												Make ModuleSpecifier a type alias, not wrapper struct (#9531)


											
										
										
											2021-02-17 13:47:18 -05:00
+								        .check_specifier(&resolve_url_or_path(url).unwrap())
-												fix: panic on invalid file:// module specifier (#8964)


											
										
										
											2021-01-04 04:33:20 -05:00
+								        .is_err());
 								    }
 								  }
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								  #[test]
 								  fn test_query() {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    let perms1 = Permissions::allow_all();
 								    let perms2 = Permissions {
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      read: UnaryPermission {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        global_state: PermissionState::Prompt,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								        ..Permissions::new_read(&Some(vec![PathBuf::from("/foo")]), false)
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      },
 								      write: UnaryPermission {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        global_state: PermissionState::Prompt,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								        ..Permissions::new_write(&Some(vec![PathBuf::from("/foo")]), false)
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      },
 								      net: UnaryPermission {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        global_state: PermissionState::Prompt,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								        ..Permissions::new_net(&Some(svec!["127.0.0.1:8000"]), false)
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      },
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      env: UnaryPermission {
 								        global_state: PermissionState::Prompt,
 								        ..Permissions::new_env(&Some(svec!["HOME"]), false)
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      },
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								      run: UnaryPermission {
 								        global_state: PermissionState::Prompt,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								        ..Permissions::new_run(&Some(svec!["deno"]), false)
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      },
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								      ffi: UnaryPermission {
 								        global_state: PermissionState::Prompt,
 								        ..Permissions::new_ffi(&Some(svec!["deno"]), false)
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      },
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								      hrtime: UnitPermission {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        state: PermissionState::Prompt,
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        ..Default::default()
 								      },
 								    };
 								    #[rustfmt::skip]
 								    {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms1.read.query(None), PermissionState::Granted);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      assert_eq!(perms1.read.query(Some(Path::new("/foo"))), PermissionState::Granted);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms2.read.query(None), PermissionState::Prompt);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      assert_eq!(perms2.read.query(Some(Path::new("/foo"))), PermissionState::Granted);
 								      assert_eq!(perms2.read.query(Some(Path::new("/foo/bar"))), PermissionState::Granted);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms1.write.query(None), PermissionState::Granted);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      assert_eq!(perms1.write.query(Some(Path::new("/foo"))), PermissionState::Granted);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms2.write.query(None), PermissionState::Prompt);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      assert_eq!(perms2.write.query(Some(Path::new("/foo"))), PermissionState::Granted);
 								      assert_eq!(perms2.write.query(Some(Path::new("/foo/bar"))), PermissionState::Granted);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms1.net.query::<&str>(None), PermissionState::Granted);
 								      assert_eq!(perms1.net.query(Some(&("127.0.0.1", None))), PermissionState::Granted);
 								      assert_eq!(perms2.net.query::<&str>(None), PermissionState::Prompt);
 								      assert_eq!(perms2.net.query(Some(&("127.0.0.1", Some(8000)))), PermissionState::Granted);
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      assert_eq!(perms1.env.query(None), PermissionState::Granted);
 								      assert_eq!(perms1.env.query(Some(&"HOME".to_string())), PermissionState::Granted);
 								      assert_eq!(perms2.env.query(None), PermissionState::Prompt);
 								      assert_eq!(perms2.env.query(Some(&"HOME".to_string())), PermissionState::Granted);
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								      assert_eq!(perms1.run.query(None), PermissionState::Granted);
 								      assert_eq!(perms1.run.query(Some(&"deno".to_string())), PermissionState::Granted);
 								      assert_eq!(perms2.run.query(None), PermissionState::Prompt);
 								      assert_eq!(perms2.run.query(Some(&"deno".to_string())), PermissionState::Granted);
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								      assert_eq!(perms1.ffi.query(None), PermissionState::Granted);
 								      assert_eq!(perms1.ffi.query(Some(&"deno".to_string())), PermissionState::Granted);
 								      assert_eq!(perms2.ffi.query(None), PermissionState::Prompt);
 								      assert_eq!(perms2.ffi.query(Some(&"deno".to_string())), PermissionState::Granted);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms1.hrtime.query(), PermissionState::Granted);
 								      assert_eq!(perms2.hrtime.query(), PermissionState::Prompt);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    };
 								  }
 								  #[test]
 								  fn test_request() {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								    let mut perms: Permissions = Default::default();
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    #[rustfmt::skip]
 								    {
-												chore: use parking_lot for synchronization primitives to align with tokio (#11289)

parking_lot is already transitively used in tokio via the "full" cargo feature
											
										
										
											2021-07-06 23:48:01 -04:00
+								      let _guard = PERMISSION_PROMPT_GUARD.lock();
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(true);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      assert_eq!(perms.read.request(Some(Path::new("/foo"))), PermissionState::Granted);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms.read.query(None), PermissionState::Prompt);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(false);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      assert_eq!(perms.read.request(Some(Path::new("/foo/bar"))), PermissionState::Granted);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(false);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      assert_eq!(perms.write.request(Some(Path::new("/foo"))), PermissionState::Denied);
 								      assert_eq!(perms.write.query(Some(Path::new("/foo/bar"))), PermissionState::Prompt);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(true);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms.write.request(None), PermissionState::Denied);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(true);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms.net.request(Some(&("127.0.0.1", None))), PermissionState::Granted);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(false);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms.net.request(Some(&("127.0.0.1", Some(8000)))), PermissionState::Granted);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(true);
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      assert_eq!(perms.env.request(Some(&"HOME".to_string())), PermissionState::Granted);
 								      assert_eq!(perms.env.query(None), PermissionState::Prompt);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(false);
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      assert_eq!(perms.env.request(Some(&"HOME".to_string())), PermissionState::Granted);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(true);
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								      assert_eq!(perms.run.request(Some(&"deno".to_string())), PermissionState::Granted);
 								      assert_eq!(perms.run.query(None), PermissionState::Prompt);
 								      set_prompt_result(false);
 								      assert_eq!(perms.run.request(Some(&"deno".to_string())), PermissionState::Granted);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(true);
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								      assert_eq!(perms.ffi.request(Some(&"deno".to_string())), PermissionState::Granted);
 								      assert_eq!(perms.ffi.query(None), PermissionState::Prompt);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(false);
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								      assert_eq!(perms.ffi.request(Some(&"deno".to_string())), PermissionState::Granted);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(false);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms.hrtime.request(), PermissionState::Denied);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      set_prompt_result(true);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms.hrtime.request(), PermissionState::Denied);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    };
 								  }
 								  #[test]
 								  fn test_revoke() {
 								    let mut perms = Permissions {
 								      read: UnaryPermission {
-												refactor(cli/permissions): Cleanup Flags to Permissions conversion (#8213)


											
										
										
											2020-10-31 18:44:42 -04:00
+								        global_state: PermissionState::Prompt,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								        ..Permissions::new_read(&Some(vec![PathBuf::from("/foo")]), false)
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      },
 								      write: UnaryPermission {
-												refactor(cli/permissions): Cleanup Flags to Permissions conversion (#8213)


											
										
										
											2020-10-31 18:44:42 -04:00
+								        global_state: PermissionState::Prompt,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								        ..Permissions::new_write(&Some(vec![PathBuf::from("/foo")]), false)
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								      },
 								      net: UnaryPermission {
-												BREAKING(unstable): Use hosts for net allowlists (#8845)

Allowlist checking already uses hosts but for some reason 
requests, revokes and the runtime permissions API use URLs.

- BREAKING(lib.deno.unstable.d.ts): Change 
NetPermissionDescriptor::url to NetPermissionDescriptor::host

- fix(runtime/permissions): Don't add whole URLs to the 
allowlist on request

- fix(runtime/permissions): Harden strength semantics:
({ name: "net", host: "127.0.0.1" } is stronger than 
{ name: "net", host: "127.0.0.1:8000" }) for blocklisting

- refactor(runtime/permissions): Use tuples for hosts, make 
the host optional in Permissions::{query_net, request_net, revoke_net}()
											
										
										
											2020-12-30 17:35:28 -05:00
+								        global_state: PermissionState::Prompt,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								        ..Permissions::new_net(&Some(svec!["127.0.0.1"]), false)
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      },
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      env: UnaryPermission {
 								        global_state: PermissionState::Prompt,
 								        ..Permissions::new_env(&Some(svec!["HOME"]), false)
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      },
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								      run: UnaryPermission {
 								        global_state: PermissionState::Prompt,
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								        ..Permissions::new_run(&Some(svec!["deno"]), false)
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      },
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								      ffi: UnaryPermission {
 								        global_state: PermissionState::Prompt,
 								        ..Permissions::new_ffi(&Some(svec!["deno"]), false)
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      },
-												refactor(runtime/permissions): Rename permission structs (#9841)


											
										
										
											2021-03-21 08:49:58 -04:00
+								      hrtime: UnitPermission {
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								        state: PermissionState::Denied,
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								        ..Default::default()
 								      },
 								    };
 								    #[rustfmt::skip]
 								    {
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      assert_eq!(perms.read.revoke(Some(Path::new("/foo/bar"))), PermissionState::Granted);
 								      assert_eq!(perms.read.revoke(Some(Path::new("/foo"))), PermissionState::Prompt);
 								      assert_eq!(perms.read.query(Some(Path::new("/foo/bar"))), PermissionState::Prompt);
 								      assert_eq!(perms.write.revoke(Some(Path::new("/foo/bar"))), PermissionState::Granted);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms.write.revoke(None), PermissionState::Prompt);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								      assert_eq!(perms.write.query(Some(Path::new("/foo/bar"))), PermissionState::Prompt);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms.net.revoke(Some(&("127.0.0.1", Some(8000)))), PermissionState::Granted);
 								      assert_eq!(perms.net.revoke(Some(&("127.0.0.1", None))), PermissionState::Prompt);
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      assert_eq!(perms.env.revoke(Some(&"HOME".to_string())), PermissionState::Prompt);
-												feat(permissions): allow run permission to take values (#9833)

This commit adds allowlist support to `--allow-run` flag.

Additionally `Deno.permissions.query()` allows to query for specific
programs within allowlist.
											
										
										
											2021-04-09 18:12:00 -04:00
+								      assert_eq!(perms.run.revoke(Some(&"deno".to_string())), PermissionState::Prompt);
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								      assert_eq!(perms.ffi.revoke(Some(&"deno".to_string())), PermissionState::Prompt);
-												refactor: clean up permission handling (#9367)


											
										
										
											2021-03-17 17:45:12 -04:00
+								      assert_eq!(perms.hrtime.revoke(), PermissionState::Denied);
-												refactor: permissions (#7074)


											
										
										
											2020-08-18 16:29:32 -04:00
+								    };
-												Add "fork" method on DenoPermissions, PermissionState (#5693)


											
										
										
											2020-06-06 10:56:21 -04:00
+								  }
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
 								  #[test]
 								  fn test_check() {
 								    let mut perms = Permissions {
 								      read: Permissions::new_read(&None, true),
 								      write: Permissions::new_write(&None, true),
 								      net: Permissions::new_net(&None, true),
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      env: Permissions::new_env(&None, true),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      run: Permissions::new_run(&None, true),
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								      ffi: Permissions::new_ffi(&None, true),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      hrtime: Permissions::new_hrtime(false, true),
 								    };
-												chore: use parking_lot for synchronization primitives to align with tokio (#11289)

parking_lot is already transitively used in tokio via the "full" cargo feature
											
										
										
											2021-07-06 23:48:01 -04:00
+								    let _guard = PERMISSION_PROMPT_GUARD.lock();
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
 								    set_prompt_result(true);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								    assert!(perms.read.check(Path::new("/foo")).is_ok());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    set_prompt_result(false);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								    assert!(perms.read.check(Path::new("/foo")).is_ok());
 								    assert!(perms.read.check(Path::new("/bar")).is_err());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
 								    set_prompt_result(true);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								    assert!(perms.write.check(Path::new("/foo")).is_ok());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    set_prompt_result(false);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								    assert!(perms.write.check(Path::new("/foo")).is_ok());
 								    assert!(perms.write.check(Path::new("/bar")).is_err());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
 								    set_prompt_result(true);
 								    assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_ok());
 								    set_prompt_result(false);
 								    assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_ok());
 								    assert!(perms.net.check(&("127.0.0.1", Some(8001))).is_err());
 								    assert!(perms.net.check(&("127.0.0.1", None)).is_err());
 								    assert!(perms.net.check(&("deno.land", Some(8000))).is_err());
 								    assert!(perms.net.check(&("deno.land", None)).is_err());
 								    set_prompt_result(true);
 								    assert!(perms.run.check("cat").is_ok());
 								    set_prompt_result(false);
 								    assert!(perms.run.check("cat").is_ok());
 								    assert!(perms.run.check("ls").is_err());
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								    set_prompt_result(true);
 								    assert!(perms.env.check("HOME").is_ok());
 								    set_prompt_result(false);
 								    assert!(perms.env.check("HOME").is_ok());
 								    assert!(perms.env.check("PATH").is_err());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    set_prompt_result(true);
 								    assert!(perms.hrtime.check().is_ok());
 								    set_prompt_result(false);
 								    assert!(perms.hrtime.check().is_ok());
 								  }
 								  #[test]
 								  fn test_check_fail() {
 								    let mut perms = Permissions {
 								      read: Permissions::new_read(&None, true),
 								      write: Permissions::new_write(&None, true),
 								      net: Permissions::new_net(&None, true),
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								      env: Permissions::new_env(&None, true),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      run: Permissions::new_run(&None, true),
-												feat: ffi to replace plugins (#11152)

This commit removes implementation of "native plugins" and replaces
it with FFI API.

Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
											
										
										
											2021-08-06 17:28:10 -04:00
+								      ffi: Permissions::new_ffi(&None, true),
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								      hrtime: Permissions::new_hrtime(false, true),
 								    };
-												chore: use parking_lot for synchronization primitives to align with tokio (#11289)

parking_lot is already transitively used in tokio via the "full" cargo feature
											
										
										
											2021-07-06 23:48:01 -04:00
+								    let _guard = PERMISSION_PROMPT_GUARD.lock();
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
 								    set_prompt_result(false);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								    assert!(perms.read.check(Path::new("/foo")).is_err());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    set_prompt_result(true);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								    assert!(perms.read.check(Path::new("/foo")).is_err());
 								    assert!(perms.read.check(Path::new("/bar")).is_ok());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    set_prompt_result(false);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								    assert!(perms.read.check(Path::new("/bar")).is_ok());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
 								    set_prompt_result(false);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								    assert!(perms.write.check(Path::new("/foo")).is_err());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    set_prompt_result(true);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								    assert!(perms.write.check(Path::new("/foo")).is_err());
 								    assert!(perms.write.check(Path::new("/bar")).is_ok());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    set_prompt_result(false);
-												chore: upgrade Rust to 1.54.0 (#11554)


											
										
										
											2021-07-30 09:03:41 -04:00
+								    assert!(perms.write.check(Path::new("/bar")).is_ok());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
 								    set_prompt_result(false);
 								    assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_err());
 								    set_prompt_result(true);
 								    assert!(perms.net.check(&("127.0.0.1", Some(8000))).is_err());
 								    assert!(perms.net.check(&("127.0.0.1", Some(8001))).is_ok());
 								    assert!(perms.net.check(&("deno.land", Some(8000))).is_ok());
 								    set_prompt_result(false);
 								    assert!(perms.net.check(&("127.0.0.1", Some(8001))).is_ok());
 								    assert!(perms.net.check(&("deno.land", Some(8000))).is_ok());
 								    set_prompt_result(false);
 								    assert!(perms.run.check("cat").is_err());
 								    set_prompt_result(true);
 								    assert!(perms.run.check("cat").is_err());
 								    assert!(perms.run.check("ls").is_ok());
 								    set_prompt_result(false);
 								    assert!(perms.run.check("ls").is_ok());
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
+								    set_prompt_result(false);
 								    assert!(perms.env.check("HOME").is_err());
 								    set_prompt_result(true);
 								    assert!(perms.env.check("HOME").is_err());
 								    assert!(perms.env.check("PATH").is_ok());
 								    set_prompt_result(false);
 								    assert!(perms.env.check("PATH").is_ok());
-												feat(runtime/permissions): prompt fallback (#9376)

Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
											
										
										
											2021-04-11 22:15:43 -04:00
+								    set_prompt_result(false);
 								    assert!(perms.hrtime.check().is_err());
 								    set_prompt_result(true);
 								    assert!(perms.hrtime.check().is_err());
 								  }
-												feat(permissions): allow env permission to take values (#9825)


											
										
										
											2021-04-13 07:25:21 -04:00
 								  #[test]
 								  #[cfg(windows)]
 								  fn test_env_windows() {
 								    let mut perms = Permissions::allow_all();
 								    perms.env = UnaryPermission {
 								      global_state: PermissionState::Prompt,
 								      ..Permissions::new_env(&Some(svec!["HOME"]), false)
 								    };
 								    set_prompt_result(true);
 								    assert!(perms.env.check("HOME").is_ok());
 								    set_prompt_result(false);
 								    assert!(perms.env.check("HOME").is_ok());
 								    assert!(perms.env.check("hOmE").is_ok());
 								    assert_eq!(
 								      perms.env.revoke(Some(&"HomE".to_string())),
 								      PermissionState::Prompt
 								    );
 								  }
-												First pass at permissions whitelist (#2129)


											
										
										
											2019-05-08 19:20:30 -04:00
+								}