1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-28 16:20:57 -05:00

Enforce env permission on homeDir() and execPath (#2714)

This commit is contained in:
Kevin (Kun) "Kassimo" Qian 2019-08-03 18:34:13 -07:00 committed by Ryan Dahl
parent c6861b537e
commit 52c13fb3ed
4 changed files with 40 additions and 10 deletions

View file

@ -354,12 +354,17 @@ fn op_start(
let cwd_off = let cwd_off =
builder.create_string(deno_fs::normalize_path(cwd_path.as_ref()).as_ref()); builder.create_string(deno_fs::normalize_path(cwd_path.as_ref()).as_ref());
let current_exe = std::env::current_exe().unwrap(); // Use permissions.allows_env() to bypass env request prompt.
// Now apply URL parser to current exe to get fully resolved path, otherwise we might get let exec_path = if state.permissions.allows_env() {
// `./` and `../` bits in `exec_path` let current_exe = std::env::current_exe().unwrap();
let exe_url = Url::from_file_path(current_exe).unwrap(); // Now apply URL parser to current exe to get fully resolved path, otherwise we might get
let exec_path = // `./` and `../` bits in `exec_path`
builder.create_string(exe_url.to_file_path().unwrap().to_str().unwrap()); let exe_url = Url::from_file_path(current_exe).unwrap();
exe_url.to_file_path().unwrap().to_str().unwrap().to_owned()
} else {
"".to_owned()
};
let exec_path = builder.create_string(&exec_path);
let v8_version = version::v8(); let v8_version = version::v8();
let v8_version_off = builder.create_string(v8_version); let v8_version_off = builder.create_string(v8_version);
@ -1751,13 +1756,15 @@ fn op_metrics(
} }
fn op_home_dir( fn op_home_dir(
_state: &ThreadSafeState, state: &ThreadSafeState,
base: &msg::Base<'_>, base: &msg::Base<'_>,
data: Option<PinnedBuf>, data: Option<PinnedBuf>,
) -> CliOpResult { ) -> CliOpResult {
assert!(data.is_none()); assert!(data.is_none());
let cmd_id = base.cmd_id(); let cmd_id = base.cmd_id();
state.check_env()?;
let builder = &mut FlatBufferBuilder::new(); let builder = &mut FlatBufferBuilder::new();
let path = dirs::home_dir() let path = dirs::home_dir()
.unwrap_or_default() .unwrap_or_default()

View file

@ -39,6 +39,26 @@ test(function osIsTTYSmoke(): void {
console.log(Deno.isTTY()); console.log(Deno.isTTY());
}); });
test(function homeDir(): void { testPerm({ env: true }, function homeDir(): void {
assertNotEquals(Deno.homeDir(), ""); assertNotEquals(Deno.homeDir(), "");
}); });
testPerm({ env: false }, function homeDirPerm(): void {
let caughtError = false;
try {
Deno.homeDir();
} catch (err) {
caughtError = true;
assertEquals(err.kind, Deno.ErrorKind.PermissionDenied);
assertEquals(err.name, "PermissionDenied");
}
assert(caughtError);
});
testPerm({ env: true }, function execPath(): void {
assertNotEquals(Deno.execPath, "");
});
testPerm({ env: false }, function execPathPerm(): void {
assertEquals(Deno.execPath, "");
});

View file

@ -55,7 +55,10 @@ class TestTarget(DenoTestCase):
assert result.out.strip() == "noColor false" assert result.out.strip() == "noColor false"
def test_exec_path(self): def test_exec_path(self):
cmd = [self.deno_exe, "run", "--allow-run", "tests/exec_path.ts"] cmd = [
self.deno_exe, "run", "--allow-run", "--allow-env",
"tests/exec_path.ts"
]
result = run_output(cmd, quiet=True) result = run_output(cmd, quiet=True)
print "exec_path", result.code print "exec_path", result.code
print result.out print result.out

View file

@ -10,7 +10,7 @@ from test_util import DenoTestCase, run_tests
class JsUnitTests(DenoTestCase): class JsUnitTests(DenoTestCase):
def test_unit_test_runner(self): def test_unit_test_runner(self):
cmd = [ cmd = [
self.deno_exe, "run", "--reload", "--allow-run", self.deno_exe, "run", "--reload", "--allow-run", "--allow-env",
"js/unit_test_runner.ts" "js/unit_test_runner.ts"
] ]
process = subprocess.Popen( process = subprocess.Popen(