fix(runtime): improve permission descriptor validation (#14676)

This commit improves the permission descriptor validation by explicitly checking for object types and using optional chaining when creating error messages in case the descriptor is not an object. Fixes: https://github.com/denoland/deno/issues/14675
2025-01-11 00:21:05 -05:00 · 2022-05-19 17:45:09 -04:00 · 2022-05-19 17:45:09 -04:00 · 0a96cb62a8
commit 0a96cb62a8
parent 4daf1bb81a
2 changed files with 22 additions and 4 deletions
--- a/cli/tests/unit/permissions_test.ts
+++ b/cli/tests/unit/permissions_test.ts
@ -71,3 +71,18 @@ Deno.test(async function permissionURL() {
    command: new URL(".", import.meta.url),
  });
 });
+
+Deno.test(async function permissionDescriptorValidation() {
+  for (const value of [undefined, null, {}]) {
+    for (const method of ["query", "request", "revoke"]) {
+      await assertRejects(
+        async () => {
+          // deno-lint-ignore no-explicit-any
+          await (Deno.permissions as any)[method](value as any);
+        },
+        TypeError,
+        '"undefined" is not a valid permission name',
+      );
+    }
+  }
+});
--- a/runtime/js/10_permissions.js
+++ b/runtime/js/10_permissions.js
@ -149,7 +149,7 @@
   * @returns {desc is Deno.PermissionDescriptor}
   */
  function isValidDescriptor(desc) {
-    return desc && desc !== null &&
+    return typeof desc === "object" && desc !== null &&
      ArrayPrototypeIncludes(permissionNames, desc.name);
  }

@ -164,7 +164,8 @@
      if (!isValidDescriptor(desc)) {
        return PromiseReject(
          new TypeError(
-            `The provided value "${desc.name}" is not a valid permission name.`,
+            `The provided value "${desc
+              ?.name}" is not a valid permission name.`,
          ),
        );
      }
@ -185,7 +186,8 @@
      if (!isValidDescriptor(desc)) {
        return PromiseReject(
          new TypeError(
-            `The provided value "${desc.name}" is not a valid permission name.`,
+            `The provided value "${desc
+              ?.name}" is not a valid permission name.`,
          ),
        );
      }
@ -204,7 +206,8 @@
      if (!isValidDescriptor(desc)) {
        return PromiseReject(
          new TypeError(
-            `The provided value "${desc.name}" is not a valid permission name.`,
+            `The provided value "${desc
+              ?.name}" is not a valid permission name.`,
          ),
        );
      }