1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-23 15:49:44 -05:00

Stricter permissions for Deno.makeTemp* (#4318)

This commit is contained in:
dubiousjim 2020-03-11 15:05:42 -04:00 committed by GitHub
parent 2d1b39bef3
commit 72c408ea9d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 55 additions and 9 deletions

View file

@ -1,6 +1,6 @@
// Copyright 2018-2020 the Deno authors. All rights reserved. MIT license.
use std;
use std::fs::{create_dir, DirBuilder, File, OpenOptions};
use std::fs::{DirBuilder, File, OpenOptions};
use std::io::ErrorKind;
use std::io::Write;
use std::path::{Component, Path, PathBuf};
@ -11,7 +11,7 @@ use rand::Rng;
use walkdir::WalkDir;
#[cfg(unix)]
use std::os::unix::fs::{DirBuilderExt, PermissionsExt};
use std::os::unix::fs::{DirBuilderExt, OpenOptionsExt, PermissionsExt};
#[cfg(unix)]
use nix::unistd::{chown as unix_chown, Gid, Uid};
@ -76,15 +76,17 @@ pub fn make_temp(
loop {
let unique = rng.gen::<u32>();
buf.set_file_name(format!("{}{:08x}{}", prefix_, unique, suffix_));
// TODO: on posix, set mode flags to 0o700.
let r = if is_dir {
create_dir(buf.as_path())
let mut builder = DirBuilder::new();
set_dir_permission(&mut builder, 0o700);
builder.create(buf.as_path())
} else {
OpenOptions::new()
.write(true)
.create_new(true)
.open(buf.as_path())
.map(|_| ())
let mut open_options = OpenOptions::new();
open_options.write(true).create_new(true);
#[cfg(unix)]
open_options.mode(0o600);
open_options.open(buf.as_path())?;
Ok(())
};
match r {
Err(ref e) if e.kind() == ErrorKind::AlreadyExists => continue,

View file

@ -26,6 +26,17 @@ unitTest({ perms: { write: true } }, function makeTempDirSyncSuccess(): void {
assert(err instanceof Deno.errors.NotFound);
});
unitTest(
{ perms: { read: true, write: true } },
function makeTempDirSyncMode(): void {
const path = Deno.makeTempDirSync();
const pathInfo = Deno.statSync(path);
if (Deno.build.os !== "win") {
assertEquals(pathInfo.mode! & 0o777, 0o700 & ~Deno.umask());
}
}
);
unitTest(function makeTempDirSyncPerm(): void {
// makeTempDirSync should require write permissions (for now).
let err;
@ -66,6 +77,17 @@ unitTest(
}
);
unitTest(
{ perms: { read: true, write: true } },
async function makeTempDirMode(): Promise<void> {
const path = await Deno.makeTempDir();
const pathInfo = Deno.statSync(path);
if (Deno.build.os !== "win") {
assertEquals(pathInfo.mode! & 0o777, 0o700 & ~Deno.umask());
}
}
);
unitTest({ perms: { write: true } }, function makeTempFileSyncSuccess(): void {
const file1 = Deno.makeTempFileSync({ prefix: "hello", suffix: "world" });
const file2 = Deno.makeTempFileSync({ prefix: "hello", suffix: "world" });
@ -92,6 +114,17 @@ unitTest({ perms: { write: true } }, function makeTempFileSyncSuccess(): void {
assert(err instanceof Deno.errors.NotFound);
});
unitTest(
{ perms: { read: true, write: true } },
function makeTempFileSyncMode(): void {
const path = Deno.makeTempFileSync();
const pathInfo = Deno.statSync(path);
if (Deno.build.os !== "win") {
assertEquals(pathInfo.mode! & 0o777, 0o600 & ~Deno.umask());
}
}
);
unitTest(function makeTempFileSyncPerm(): void {
// makeTempFileSync should require write permissions (for now).
let err;
@ -132,3 +165,14 @@ unitTest(
assert(err instanceof Deno.errors.NotFound);
}
);
unitTest(
{ perms: { read: true, write: true } },
async function makeTempFileMode(): Promise<void> {
const path = await Deno.makeTempFile();
const pathInfo = Deno.statSync(path);
if (Deno.build.os !== "win") {
assertEquals(pathInfo.mode! & 0o777, 0o600 & ~Deno.umask());
}
}
);