foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-24 15:19:26 -05:00
Code Issues Packages 1 Wiki Activity

feat(cli): use NotCapable error for permission errors (#25431)

Browse source 
Closes #7394

---------

Co-authored-by: snek <snek@deno.com>
This commit is contained in:
Luca Casonato 2024-09-10 20:12:24 +02:00 committed by GitHub
parent be5419d479
commit 7bfcb4dd10
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
71 changed files with 207 additions and 206 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
Cargo.lock generated
View file

@ -1405,9 +1405,9 @@ dependencies = [
[[package]] [[package]]
name = "deno_core" name = "deno_core"
version = "0.307.0" version = "0.308.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "154b0902402807a043579102f949e6dd6f3a09d2d5049929fd710fc3192bf109" checksum = "62fc8250fa9da059cc05b18328319a9048c73e4889ca929cc60877a8a1bfc4d4"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"bincode", "bincode",
@ -1887,9 +1887,9 @@ dependencies = [
[[package]] [[package]]
name = "deno_ops" name = "deno_ops"
version = "0.183.0" version = "0.184.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9114f9eb6419839f1ab9668f91c463238945bb974e1998629a703f72b4608daf" checksum = "24a465b7d691ad7cae41e8f51bd954b1e3ffd201b84dc30de2c16cf91034946e"
dependencies = [ dependencies = [
"proc-macro-rules", "proc-macro-rules",
"proc-macro2", "proc-macro2",
@ -6257,9 +6257,9 @@ dependencies = [
[[package]] [[package]]
name = "serde_v8" name = "serde_v8"
version = "0.216.0" version = "0.217.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1733b8192f123beedd2fc7998efeaf2a0b8bfa35c01537f50b690e786db8024c" checksum = "467c0a7bfc67cd918f1f7ab7a5ab70a9e744e466ff428cd728ff2c03bc77874c"
dependencies = [ dependencies = [
"num-bigint", "num-bigint",
"serde", "serde",
@ -7912,9 +7912,9 @@ dependencies = [
[[package]] [[package]]
name = "v8" name = "v8"
version = "0.105.0" version = "0.106.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "692624c4fd58ff50aa6d690c159df18e7881c13970005b9b2bff77dc425fd370" checksum = "a381badc47c6f15acb5fe0b5b40234162349ed9d4e4fd7c83a7f5547c0fc69c5"
dependencies = [ dependencies = [
"bindgen", "bindgen",
"bitflags 2.6.0", "bitflags 2.6.0",

2
Cargo.toml
View file

@ -45,7 +45,7 @@ repository = "https://github.com/denoland/deno"
[workspace.dependencies] [workspace.dependencies]
deno_ast = { version = "=0.42.0", features = ["transpiling"] } deno_ast = { version = "=0.42.0", features = ["transpiling"] }
deno_core = { version = "0.307.0" } deno_core = { version = "0.308.0" }
deno_bench_util = { version = "0.162.0", path = "./bench_util" } deno_bench_util = { version = "0.162.0", path = "./bench_util" }
deno_lockfile = "=0.23.0" deno_lockfile = "=0.23.0"

16
cli/tsc/dts/lib.deno.ns.d.ts vendored
View file

@ -175,8 +175,11 @@ declare namespace Deno {
/** /**
* Raised when the underlying operating system indicates the current user * Raised when the underlying operating system indicates the current user
* which the Deno process is running under does not have the appropriate * which the Deno process is running under does not have the appropriate
* permissions to a file or resource, or the user _did not_ provide required * permissions to a file or resource.
* `--allow-*` flag. *
* Before Deno 2.0, this error was raised when the user _did not_ provide
* required `--allow-*` flag. As of Deno 2.0, that case is now handled by
* the {@link NotCapable} error.
* *
* @category Errors */ * @category Errors */
export class PermissionDenied extends Error {} export class PermissionDenied extends Error {}
@ -314,6 +317,15 @@ declare namespace Deno {
* *
* @category Errors */ * @category Errors */
export class NotADirectory extends Error {} export class NotADirectory extends Error {}
/**
* Raised when trying to perform an operation while the relevant Deno
* permission (like `--allow-read`) has not been granted.
*
* Before Deno 2.0, this condition was covered by the {@link PermissionDenied}
* error.
*
* @category Errors */
export class NotCapable extends Error {}
} }
/** The current process ID of this instance of the Deno CLI. /** The current process ID of this instance of the Deno CLI.

6
ext/fs/lib.rs
View file

@ -91,7 +91,7 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
if resolved { if resolved {
self self
.check_special_file(path, api_name) .check_special_file(path, api_name)
.map_err(FsError::PermissionDenied)?; .map_err(FsError::NotCapable)?;
return Ok(Cow::Borrowed(path)); return Ok(Cow::Borrowed(path));
} }
@ -99,11 +99,11 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
let read = read || !write; let read = read || !write;
if read { if read {
FsPermissions::check_read(self, path, api_name) FsPermissions::check_read(self, path, api_name)
.map_err(|_| FsError::PermissionDenied("read"))?; .map_err(|_| FsError::NotCapable("read"))?;
} }
if write { if write {
FsPermissions::check_write(self, path, api_name) FsPermissions::check_write(self, path, api_name)
.map_err(|_| FsError::PermissionDenied("write"))?; .map_err(|_| FsError::NotCapable("write"))?;
} }
Ok(Cow::Borrowed(path)) Ok(Cow::Borrowed(path))
} }

4
ext/fs/ops.rs
View file

@ -60,7 +60,7 @@ fn map_permission_error(
path: &Path, path: &Path,
) -> AnyError { ) -> AnyError {
match error { match error {
FsError::PermissionDenied(err) => { FsError::NotCapable(err) => {
let path = format!("{path:?}"); let path = format!("{path:?}");
let (path, truncated) = if path.len() > 1024 { let (path, truncated) = if path.len() > 1024 {
(&path[0..1024], "...(truncated)") (&path[0..1024], "...(truncated)")
@ -74,7 +74,7 @@ fn map_permission_error(
format!( format!(
"Requires {err} access to {path}{truncated}, run again with the --allow-{err} flag") "Requires {err} access to {path}{truncated}, run again with the --allow-{err} flag")
}; };
custom_error("PermissionDenied", msg) custom_error("NotCapable", msg)
} }
err => Err::<(), _>(err) err => Err::<(), _>(err)
.context_path(operation, path) .context_path(operation, path)

10
ext/io/fs.rs
View file

@ -22,7 +22,7 @@ pub enum FsError {
Io(io::Error), Io(io::Error),
FileBusy, FileBusy,
NotSupported, NotSupported,
PermissionDenied(&'static str), NotCapable(&'static str),
} }
impl FsError { impl FsError {
@ -31,7 +31,7 @@ impl FsError {
Self::Io(err) => err.kind(), Self::Io(err) => err.kind(),
Self::FileBusy => io::ErrorKind::Other, Self::FileBusy => io::ErrorKind::Other,
Self::NotSupported => io::ErrorKind::Other, Self::NotSupported => io::ErrorKind::Other,
Self::PermissionDenied(_) => io::ErrorKind::PermissionDenied, Self::NotCapable(_) => io::ErrorKind::Other,
} }
} }
@ -40,7 +40,7 @@ impl FsError {
FsError::Io(err) => err, FsError::Io(err) => err,
FsError::FileBusy => io::Error::new(self.kind(), "file busy"), FsError::FileBusy => io::Error::new(self.kind(), "file busy"),
FsError::NotSupported => io::Error::new(self.kind(), "not supported"), FsError::NotSupported => io::Error::new(self.kind(), "not supported"),
FsError::PermissionDenied(err) => { FsError::NotCapable(err) => {
io::Error::new(self.kind(), format!("requires {err} access")) io::Error::new(self.kind(), format!("requires {err} access"))
} }
} }
@ -65,8 +65,8 @@ impl From<FsError> for AnyError {
FsError::Io(err) => AnyError::from(err), FsError::Io(err) => AnyError::from(err),
FsError::FileBusy => resource_unavailable(), FsError::FileBusy => resource_unavailable(),
FsError::NotSupported => not_supported(), FsError::NotSupported => not_supported(),
FsError::PermissionDenied(err) => { FsError::NotCapable(err) => {
custom_error("PermissionDenied", format!("permission denied: {err}")) custom_error("NotCapable", format!("permission denied: {err}"))
} }
} }
} }

4
ext/node/polyfills/_process/process.ts
View file

@ -53,8 +53,8 @@ function denoEnvGet(name: string) {
} catch (e) { } catch (e) {
if ( if (
ObjectPrototypeIsPrototypeOf(TypeErrorPrototype, e) || ObjectPrototypeIsPrototypeOf(TypeErrorPrototype, e) ||
// TODO(iuioiua): Use `PermissionDeniedPrototype` when it's available // TODO(iuioiua): Use `NotCapablePrototype` when it's available
ObjectPrototypeIsPrototypeOf(Deno.errors.PermissionDenied.prototype, e) ObjectPrototypeIsPrototypeOf(Deno.errors.NotCapable.prototype, e)
) { ) {
return undefined; return undefined;
} }

22
ext/node/polyfills/internal_binding/pipe_wrap.ts
View file

@ -160,16 +160,8 @@ export class Pipe extends ConnectionWrap {
} }
}, },
(e) => { (e) => {
// TODO(cmorten): correct mapping of connection error to status code. const code = codeMap.get(e.code ?? "UNKNOWN") ??
let code: number; codeMap.get("UNKNOWN")!;
if (e instanceof Deno.errors.NotFound) {
code = codeMap.get("ENOENT")!;
} else if (e instanceof Deno.errors.PermissionDenied) {
code = codeMap.get("EACCES")!;
} else {
code = codeMap.get("ECONNREFUSED")!;
}
try { try {
this.afterConnect(req, code); this.afterConnect(req, code);
@ -207,16 +199,10 @@ export class Pipe extends ConnectionWrap {
try { try {
listener = Deno.listen(listenOptions); listener = Deno.listen(listenOptions);
} catch (e) { } catch (e) {
if (e instanceof Deno.errors.AddrInUse) { if (e instanceof Deno.errors.NotCapable) {
return codeMap.get("EADDRINUSE")!;
} else if (e instanceof Deno.errors.AddrNotAvailable) {
return codeMap.get("EADDRNOTAVAIL")!;
} else if (e instanceof Deno.errors.PermissionDenied) {
throw e; throw e;
} }
return codeMap.get(e.code ?? "UNKNOWN") ?? codeMap.get("UNKNOWN")!;
// TODO(cmorten): map errors to appropriate error codes.
return codeMap.get("UNKNOWN")!;
} }
const address = listener.addr as Deno.UnixAddr; const address = listener.addr as Deno.UnixAddr;

10
ext/node/polyfills/internal_binding/tcp_wrap.ts
View file

@ -212,16 +212,10 @@ export class TCP extends ConnectionWrap {
try { try {
listener = Deno.listen(listenOptions); listener = Deno.listen(listenOptions);
} catch (e) { } catch (e) {
if (e instanceof Deno.errors.AddrInUse) { if (e instanceof Deno.errors.NotCapable) {
return codeMap.get("EADDRINUSE")!;
} else if (e instanceof Deno.errors.AddrNotAvailable) {
return codeMap.get("EADDRNOTAVAIL")!;
} else if (e instanceof Deno.errors.PermissionDenied) {
throw e; throw e;
} }
return codeMap.get(e.code ?? "UNKNOWN") ?? codeMap.get("UNKNOWN")!;
// TODO(cmorten): map errors to appropriate error codes.
return codeMap.get("UNKNOWN")!;
} }
const address = listener.addr as Deno.NetAddr; const address = listener.addr as Deno.NetAddr;

10
ext/node/polyfills/internal_binding/udp_wrap.ts
View file

@ -337,16 +337,10 @@ export class UDP extends HandleWrap {
try { try {
listener = DenoListenDatagram(listenOptions); listener = DenoListenDatagram(listenOptions);
} catch (e) { } catch (e) {
if (e instanceof Deno.errors.AddrInUse) { if (e instanceof Deno.errors.NotCapable) {
return codeMap.get("EADDRINUSE")!;
} else if (e instanceof Deno.errors.AddrNotAvailable) {
return codeMap.get("EADDRNOTAVAIL")!;
} else if (e instanceof Deno.errors.PermissionDenied) {
throw e; throw e;
} }
return codeMap.get(e.code ?? "UNKNOWN") ?? codeMap.get("UNKNOWN")!;
// TODO(cmorten): map errors to appropriate error codes.
return codeMap.get("UNKNOWN")!;
} }
const address = listener.addr as Deno.NetAddr; const address = listener.addr as Deno.NetAddr;

10
runtime/js/01_errors.js
View file

@ -1,7 +1,7 @@
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
import { core, primordials } from "ext:core/mod.js"; import { core, primordials } from "ext:core/mod.js";
const { BadResource, Interrupted, PermissionDenied } = core; const { BadResource, Interrupted, NotCapable } = core;
const { Error } = primordials; const { Error } = primordials;
class NotFound extends Error { class NotFound extends Error {
@ -116,6 +116,13 @@ class Busy extends Error {
} }
} }
class PermissionDenied extends Error {
constructor(msg) {
super(msg);
this.name = "PermissionDenied";
}
}
class NotSupported extends Error { class NotSupported extends Error {
constructor(msg) { constructor(msg) {
super(msg); super(msg);
@ -176,6 +183,7 @@ const errors = {
IsADirectory, IsADirectory,
NetworkUnreachable, NetworkUnreachable,
NotADirectory, NotADirectory,
NotCapable,
}; };
export { errors }; export { errors };

1
runtime/js/99_main.js
View file

@ -294,6 +294,7 @@ core.registerErrorClass("NotConnected", errors.NotConnected);
core.registerErrorClass("AddrInUse", errors.AddrInUse); core.registerErrorClass("AddrInUse", errors.AddrInUse);
core.registerErrorClass("AddrNotAvailable", errors.AddrNotAvailable); core.registerErrorClass("AddrNotAvailable", errors.AddrNotAvailable);
core.registerErrorClass("BrokenPipe", errors.BrokenPipe); core.registerErrorClass("BrokenPipe", errors.BrokenPipe);
core.registerErrorClass("PermissionDenied", errors.PermissionDenied);
core.registerErrorClass("AlreadyExists", errors.AlreadyExists); core.registerErrorClass("AlreadyExists", errors.AlreadyExists);
core.registerErrorClass("InvalidData", errors.InvalidData); core.registerErrorClass("InvalidData", errors.InvalidData);
core.registerErrorClass("TimedOut", errors.TimedOut); core.registerErrorClass("TimedOut", errors.TimedOut);

2
runtime/ops/process.rs
View file

@ -609,7 +609,7 @@ fn check_run_permission(
// we don't allow users to launch subprocesses with any LD_ or DYLD_* // we don't allow users to launch subprocesses with any LD_ or DYLD_*
// env vars set because this allows executing code (ex. LD_PRELOAD) // env vars set because this allows executing code (ex. LD_PRELOAD)
return Err(deno_core::error::custom_error( return Err(deno_core::error::custom_error(
"PermissionDenied", "NotCapable",
format!( format!(
"Requires --allow-all permissions to spawn subprocess with {} environment variable{}.", "Requires --allow-all permissions to spawn subprocess with {} environment variable{}.",
env_var_names.join(", "), env_var_names.join(", "),

7
runtime/permissions/lib.rs
View file

@ -144,7 +144,7 @@ impl PermissionState {
name name
) )
}; };
custom_error("PermissionDenied", msg) custom_error("NotCapable", msg)
} }
/// Check the permission state. bool is whether a prompt was issued. /// Check the permission state. bool is whether a prompt was issued.
@ -1999,10 +1999,7 @@ fn parse_run_list(
} }
fn escalation_error() -> AnyError { fn escalation_error() -> AnyError {
custom_error( custom_error("NotCapable", "Can't escalate parent thread permissions")
"PermissionDenied",
"Can't escalate parent thread permissions",
)
} }
#[derive(Debug, Eq, PartialEq)] #[derive(Debug, Eq, PartialEq)]

2
tests/integration/compile_tests.rs
View file

@ -367,7 +367,7 @@ fn standalone_runtime_flags() {
.run() .run()
.assert_stdout_matches_text("0.147205063401058\n") .assert_stdout_matches_text("0.147205063401058\n")
.assert_stderr_matches_text( .assert_stderr_matches_text(
"[WILDCARD]PermissionDenied: Requires write access to[WILDCARD]", "[WILDCARD]NotCapable: Requires write access to[WILDCARD]",
) )
.assert_exit_code(1); .assert_exit_code(1);
} }

6
tests/integration/run_tests.rs
View file

@ -3145,7 +3145,7 @@ fn issue9750() {
console.write_line_raw("n"); console.write_line_raw("n");
console.expect_all(&[ console.expect_all(&[
"Denied env access to \"SECRET\".", "Denied env access to \"SECRET\".",
"PermissionDenied: Requires env access to \"SECRET\", run again with the --allow-env flag", "NotCapable: Requires env access to \"SECRET\", run again with the --allow-env flag",
]); ]);
}); });
} }
@ -4051,7 +4051,7 @@ async fn test_resolve_dns() {
let out = String::from_utf8_lossy(&output.stdout); let out = String::from_utf8_lossy(&output.stdout);
assert!(!output.status.success()); assert!(!output.status.success());
assert!(err.starts_with("Check file")); assert!(err.starts_with("Check file"));
assert!(err.contains(r#"error: Uncaught (in promise) PermissionDenied: Requires net access to "127.0.0.1:4553""#)); assert!(err.contains(r#"error: Uncaught (in promise) NotCapable: Requires net access to "127.0.0.1:4553""#));
assert!(out.is_empty()); assert!(out.is_empty());
} }
@ -4072,7 +4072,7 @@ async fn test_resolve_dns() {
let out = String::from_utf8_lossy(&output.stdout); let out = String::from_utf8_lossy(&output.stdout);
assert!(!output.status.success()); assert!(!output.status.success());
assert!(err.starts_with("Check file")); assert!(err.starts_with("Check file"));
assert!(err.contains(r#"error: Uncaught (in promise) PermissionDenied: Requires net access to "127.0.0.1:4553""#)); assert!(err.contains(r#"error: Uncaught (in promise) NotCapable: Requires net access to "127.0.0.1:4553""#));
assert!(out.is_empty()); assert!(out.is_empty());
} }

12
tests/specs/bench/allow_none/allow_none.out
View file

@ -6,16 +6,16 @@ Runtime | Deno [WILDLINE] ([WILDLINE])
benchmark time/iter (avg) iter/s (min … max) p75 p99 p995 benchmark time/iter (avg) iter/s (min … max) p75 p99 p995
----------- ----------------------------- --------------------- -------------------------- ----------- ----------------------------- --------------------- --------------------------
read error: PermissionDenied: Can't escalate parent thread permissions read error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
write error: PermissionDenied: Can't escalate parent thread permissions write error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
net error: PermissionDenied: Can't escalate parent thread permissions net error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
env error: PermissionDenied: Can't escalate parent thread permissions env error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
run error: PermissionDenied: Can't escalate parent thread permissions run error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
ffi error: PermissionDenied: Can't escalate parent thread permissions ffi error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
error: Bench failed error: Bench failed

2
tests/specs/bench/no_prompt_by_default/no_prompt_by_default.out
View file

@ -5,6 +5,6 @@ Runtime | Deno [WILDCARD] ([WILDCARD])
benchmark time/iter (avg) iter/s (min … max) p75 p99 p995 benchmark time/iter (avg) iter/s (min … max) p75 p99 p995
----------- ----------------------------- --------------------- -------------------------- ----------- ----------------------------- --------------------- --------------------------
no prompt error: PermissionDenied: Requires read access to "./some_file.txt", run again with the --allow-read flag no prompt error: NotCapable: Requires read access to "./some_file.txt", run again with the --allow-read flag
[WILDCARD] [WILDCARD]
error: Bench failed error: Bench failed

2
tests/specs/bench/no_prompt_with_denied_perms/no_prompt_with_denied_perms.out
View file

@ -5,6 +5,6 @@ Runtime | Deno [WILDCARD] ([WILDCARD])
benchmark time/iter (avg) iter/s (min … max) p75 p99 p995 benchmark time/iter (avg) iter/s (min … max) p75 p99 p995
----------- ----------------------------- --------------------- -------------------------- ----------- ----------------------------- --------------------- --------------------------
no prompt error: PermissionDenied: Requires read access to "./some_file.txt", run again with the --allow-read flag no prompt error: NotCapable: Requires read access to "./some_file.txt", run again with the --allow-read flag
[WILDCARD] [WILDCARD]
error: Bench failed error: Bench failed

2
tests/specs/compile/permissions_denied/main.out
View file

@ -1,2 +1,2 @@
error: Uncaught (in promise) PermissionDenied: Requires run access to "deno", specify the required permissions during compilation using `deno compile --allow-run` error: Uncaught (in promise) NotCapable: Requires run access to "deno", specify the required permissions during compilation using `deno compile --allow-run`
[WILDCARD] [WILDCARD]

8
tests/specs/permission/path_not_permitted/main.out
View file

@ -1,11 +1,11 @@
Running... Running...
PermissionDenied: Requires run access to "deno", run again with the --allow-run flag NotCapable: Requires run access to "deno", run again with the --allow-run flag
[WILDCARD] [WILDCARD]
at file:///[WILDLINE]/sub.ts:15:5 { at file:///[WILDLINE]/sub.ts:15:5 {
name: "PermissionDenied" name: "NotCapable"
} }
PermissionDenied: Requires run access to "deno", run again with the --allow-run flag NotCapable: Requires run access to "deno", run again with the --allow-run flag
[WILDCARD] [WILDCARD]
at file:///[WILDLINE]/sub.ts:23:22 { at file:///[WILDLINE]/sub.ts:23:22 {
name: "PermissionDenied" name: "NotCapable"
} }

8
tests/specs/permission/special/main.js
View file

@ -7,10 +7,10 @@ const testCases = [
[["darwin", "linux"], null, "/etc/passwd"], [["darwin", "linux"], null, "/etc/passwd"],
[["windows"], null, "\\\\.\\nul"], [["windows"], null, "\\\\.\\nul"],
// Denied, requires `--allow-all` // Denied, requires `--allow-all`
[["darwin", "linux"], /PermissionDenied/, "/dev/ptmx"], [["darwin", "linux"], /NotCapable/, "/dev/ptmx"],
[["linux"], /PermissionDenied/, "/proc/self/environ"], [["linux"], /NotCapable/, "/proc/self/environ"],
[["linux"], /PermissionDenied/, "/proc/self/mem"], [["linux"], /NotCapable/, "/proc/self/mem"],
[["windows"], /PermissionDenied/, "\\\\.\\PhysicalDrive0"], [["windows"], /NotCapable/, "\\\\.\\PhysicalDrive0"],
]; ];
const os = Deno.build.os; const os = Deno.build.os;

2
tests/specs/permission/write_allow_binary/main.out
View file

@ -1,5 +1,5 @@
Running... Running...
error: Uncaught (in promise) PermissionDenied: Requires write access to "binary[WILDLINE]", run again with the --allow-write flag error: Uncaught (in promise) NotCapable: Requires write access to "binary[WILDLINE]", run again with the --allow-write flag
Deno.writeTextFileSync(binaryName, ""); Deno.writeTextFileSync(binaryName, "");
^ ^
at [WILDCARD] at [WILDCARD]

8
tests/specs/run/ld_preload/env_arg.out
View file

@ -1,8 +1,8 @@
PermissionDenied: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable. NotCapable: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable.
[WILDCARD] [WILDCARD]
name: "PermissionDenied" name: "NotCapable"
} }
PermissionDenied: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable. NotCapable: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable.
[WILDCARD] [WILDCARD]
name: "PermissionDenied" name: "NotCapable"
} }

8
tests/specs/run/ld_preload/set_with_allow_env.out
View file

@ -1,8 +1,8 @@
PermissionDenied: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable. NotCapable: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable.
[WILDCARD] [WILDCARD]
name: "PermissionDenied" name: "NotCapable"
} }
PermissionDenied: Requires --allow-all permissions to spawn subprocess with DYLD_FALLBACK_LIBRARY_PATH, LD_PRELOAD environment variables. NotCapable: Requires --allow-all permissions to spawn subprocess with DYLD_FALLBACK_LIBRARY_PATH, LD_PRELOAD environment variables.
[WILDCARD] [WILDCARD]
name: "PermissionDenied" name: "NotCapable"
} }

12
tests/testdata/bench/allow_none.out vendored
View file

@ -6,16 +6,16 @@ Runtime | Deno [WILDCARD] ([WILDCARD])
benchmark time/iter (avg) iter/s (min … max) p75 p99 p995 benchmark time/iter (avg) iter/s (min … max) p75 p99 p995
----------- ----------------------------- --------------------- -------------------------- ----------- ----------------------------- --------------------- --------------------------
read error: PermissionDenied: Can't escalate parent thread permissions read error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
write error: PermissionDenied: Can't escalate parent thread permissions write error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
net error: PermissionDenied: Can't escalate parent thread permissions net error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
env error: PermissionDenied: Can't escalate parent thread permissions env error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
run error: PermissionDenied: Can't escalate parent thread permissions run error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
ffi error: PermissionDenied: Can't escalate parent thread permissions ffi error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
error: Bench failed error: Bench failed

2
tests/testdata/bench/no_prompt_by_default.out vendored
View file

@ -5,6 +5,6 @@ Runtime | Deno [WILDCARD] ([WILDCARD])
benchmark time/iter (avg) iter/s (min … max) p75 p99 p995 benchmark time/iter (avg) iter/s (min … max) p75 p99 p995
----------- ----------------------------- --------------------- -------------------------- ----------- ----------------------------- --------------------- --------------------------
no prompt error: PermissionDenied: Requires read access to "./some_file.txt", run again with the --allow-read flag no prompt error: NotCapable: Requires read access to "./some_file.txt", run again with the --allow-read flag
[WILDCARD] [WILDCARD]
error: Bench failed error: Bench failed

2
tests/testdata/bench/no_prompt_with_denied_perms.out vendored
View file

@ -5,6 +5,6 @@ Runtime | Deno [WILDCARD] ([WILDCARD])
benchmark time/iter (avg) iter/s (min … max) p75 p99 p995 benchmark time/iter (avg) iter/s (min … max) p75 p99 p995
----------- ----------------------------- --------------------- -------------------------- ----------- ----------------------------- --------------------- --------------------------
no prompt error: PermissionDenied: Requires read access to "./some_file.txt", run again with the --allow-read flag no prompt error: NotCapable: Requires read access to "./some_file.txt", run again with the --allow-read flag
[WILDCARD] [WILDCARD]
error: Bench failed error: Bench failed

2
tests/testdata/npm/deno_run_cowsay_no_permissions.out vendored
View file

@ -1,2 +1,2 @@
error: Uncaught PermissionDenied: Requires read access to <CWD>, specify the required permissions during compilation using `deno compile --allow-read` error: Uncaught NotCapable: Requires read access to <CWD>, specify the required permissions during compilation using `deno compile --allow-read`
[WILDCARD] [WILDCARD]

2
tests/testdata/run/059_fs_relative_path_perm.ts.out vendored
View file

@ -1,4 +1,4 @@
[WILDCARD]error: Uncaught (in promise) PermissionDenied: Requires read access to "non-existent", run again with the --allow-read flag [WILDCARD]error: Uncaught (in promise) NotCapable: Requires read access to "non-existent", run again with the --allow-read flag
Deno.readFileSync("non-existent"); Deno.readFileSync("non-existent");
^ ^
at [WILDCARD] at [WILDCARD]

2
tests/testdata/run/089_run_allow_list.ts.out vendored
View file

@ -1,3 +1,3 @@
[WILDCARD]PermissionDenied: Requires run access to "ls", run again with the --allow-run flag [WILDCARD]NotCapable: Requires run access to "ls", run again with the --allow-run flag
[WILDCARD] [WILDCARD]
true true

2
tests/testdata/run/node_env_var_allowlist.ts.out vendored
View file

@ -1,5 +1,5 @@
ok ok
[WILDCARD]error: Uncaught (in promise) PermissionDenied: Requires env access to "NOT_NODE_DEBUG", run again with the --allow-env flag [WILDCARD]error: Uncaught (in promise) NotCapable: Requires env access to "NOT_NODE_DEBUG", run again with the --allow-env flag
Deno.env.get("NOT_NODE_DEBUG"); Deno.env.get("NOT_NODE_DEBUG");
^ ^
at [WILDCARD] at [WILDCARD]

12
tests/testdata/test/allow_none.out vendored
View file

@ -10,27 +10,27 @@ ffi ... FAILED [WILDCARD]
ERRORS ERRORS
read => ./test/allow_none.ts:[WILDCARD] read => ./test/allow_none.ts:[WILDCARD]
error: PermissionDenied: Can't escalate parent thread permissions error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
write => ./test/allow_none.ts:[WILDCARD] write => ./test/allow_none.ts:[WILDCARD]
error: PermissionDenied: Can't escalate parent thread permissions error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
net => ./test/allow_none.ts:[WILDCARD] net => ./test/allow_none.ts:[WILDCARD]
error: PermissionDenied: Can't escalate parent thread permissions error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
env => ./test/allow_none.ts:[WILDCARD] env => ./test/allow_none.ts:[WILDCARD]
error: PermissionDenied: Can't escalate parent thread permissions error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
run => ./test/allow_none.ts:[WILDCARD] run => ./test/allow_none.ts:[WILDCARD]
error: PermissionDenied: Can't escalate parent thread permissions error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
ffi => ./test/allow_none.ts:[WILDCARD] ffi => ./test/allow_none.ts:[WILDCARD]
error: PermissionDenied: Can't escalate parent thread permissions error: NotCapable: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
FAILURES FAILURES

2
tests/testdata/test/no_prompt_by_default.out vendored
View file

@ -4,7 +4,7 @@ no prompt ... FAILED ([WILDCARD]s)
ERRORS ERRORS
no prompt => ./test/no_prompt_by_default.ts:[WILDCARD] no prompt => ./test/no_prompt_by_default.ts:[WILDCARD]
error: PermissionDenied: Requires read access to "./some_file.txt", run again with the --allow-read flag error: NotCapable: Requires read access to "./some_file.txt", run again with the --allow-read flag
[WILDCARD] [WILDCARD]
FAILURES FAILURES

2
tests/testdata/test/no_prompt_with_denied_perms.out vendored
View file

@ -4,7 +4,7 @@ no prompt ... FAILED ([WILDCARD]s)
ERRORS ERRORS
no prompt => ./test/no_prompt_with_denied_perms.ts:[WILDCARD] no prompt => ./test/no_prompt_with_denied_perms.ts:[WILDCARD]
error: PermissionDenied: Requires read access to "./some_file.txt", run again with the --allow-read flag error: NotCapable: Requires read access to "./some_file.txt", run again with the --allow-read flag
[WILDCARD] [WILDCARD]
FAILURES FAILURES

4
tests/unit/chmod_test.ts
View file

@ -94,7 +94,7 @@ Deno.test({ permissions: { write: true } }, function chmodSyncFailure() {
Deno.test({ permissions: { write: false } }, function chmodSyncPerm() { Deno.test({ permissions: { write: false } }, function chmodSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.chmodSync("/somefile.txt", 0o777); Deno.chmodSync("/somefile.txt", 0o777);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(
@ -186,5 +186,5 @@ Deno.test({ permissions: { write: true } }, async function chmodFailure() {
Deno.test({ permissions: { write: false } }, async function chmodPerm() { Deno.test({ permissions: { write: false } }, async function chmodPerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.chmod("/somefile.txt", 0o777); await Deno.chmod("/somefile.txt", 0o777);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });

2
tests/unit/chown_test.ts
View file

@ -26,7 +26,7 @@ Deno.test(
const filePath = "chown_test_file.txt"; const filePath = "chown_test_file.txt";
await assertRejects(async () => { await assertRejects(async () => {
await Deno.chown(filePath, 1000, 1000); await Deno.chown(filePath, 1000, 1000);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

4
tests/unit/command_test.ts
View file

@ -382,7 +382,7 @@ Deno.test(
await new Deno.Command(Deno.execPath(), { await new Deno.Command(Deno.execPath(), {
args: ["eval", "console.log('hello world')"], args: ["eval", "console.log('hello world')"],
}).output(); }).output();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -393,7 +393,7 @@ Deno.test(
new Deno.Command(Deno.execPath(), { new Deno.Command(Deno.execPath(), {
args: ["eval", "console.log('hello world')"], args: ["eval", "console.log('hello world')"],
}).outputSync(); }).outputSync();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

8
tests/unit/copy_file_test.ts
View file

@ -84,7 +84,7 @@ Deno.test(
function copyFileSyncPerm1() { function copyFileSyncPerm1() {
assertThrows(() => { assertThrows(() => {
Deno.copyFileSync("/from.txt", "/to.txt"); Deno.copyFileSync("/from.txt", "/to.txt");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -93,7 +93,7 @@ Deno.test(
function copyFileSyncPerm2() { function copyFileSyncPerm2() {
assertThrows(() => { assertThrows(() => {
Deno.copyFileSync("/from.txt", "/to.txt"); Deno.copyFileSync("/from.txt", "/to.txt");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -197,7 +197,7 @@ Deno.test(
async function copyFilePerm1() { async function copyFilePerm1() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.copyFile("/from.txt", "/to.txt"); await Deno.copyFile("/from.txt", "/to.txt");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -206,7 +206,7 @@ Deno.test(
async function copyFilePerm2() { async function copyFilePerm2() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.copyFile("/from.txt", "/to.txt"); await Deno.copyFile("/from.txt", "/to.txt");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

2
tests/unit/dir_test.ts
View file

@ -43,7 +43,7 @@ Deno.test({ permissions: { read: false } }, function dirCwdPermError() {
() => { () => {
Deno.cwd(); Deno.cwd();
}, },
Deno.errors.PermissionDenied, Deno.errors.NotCapable,
"Requires read access to <CWD>, run again with the --allow-read flag", "Requires read access to <CWD>, run again with the --allow-read flag",
); );
}); });

1
tests/unit/error_test.ts
View file

@ -22,6 +22,7 @@ Deno.test("Errors work", () => {
assert(new Deno.errors.Http("msg") instanceof Error); assert(new Deno.errors.Http("msg") instanceof Error);
assert(new Deno.errors.Busy("msg") instanceof Error); assert(new Deno.errors.Busy("msg") instanceof Error);
assert(new Deno.errors.NotSupported("msg") instanceof Error); assert(new Deno.errors.NotSupported("msg") instanceof Error);
assert(new Deno.errors.NotCapable("msg") instanceof Error);
}); });
Deno.test("Errors have some tamper resistance", () => { Deno.test("Errors have some tamper resistance", () => {

6
tests/unit/fetch_test.ts
View file

@ -124,7 +124,7 @@ Deno.test({ permissions: { net: true } }, async function fetchJsonSuccess() {
Deno.test({ permissions: { net: false } }, async function fetchPerm() { Deno.test({ permissions: { net: false } }, async function fetchPerm() {
await assertRejects(async () => { await assertRejects(async () => {
await fetch("http://localhost:4545/assets/fixture.json"); await fetch("http://localhost:4545/assets/fixture.json");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { net: true } }, async function fetchUrl() { Deno.test({ permissions: { net: true } }, async function fetchUrl() {
@ -1637,7 +1637,7 @@ Deno.test(
Deno.test({ permissions: { read: false } }, async function fetchFilePerm() { Deno.test({ permissions: { read: false } }, async function fetchFilePerm() {
await assertRejects(async () => { await assertRejects(async () => {
await fetch(import.meta.resolve("../testdata/subdir/json_1.json")); await fetch(import.meta.resolve("../testdata/subdir/json_1.json"));
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(
@ -1645,7 +1645,7 @@ Deno.test(
async function fetchFilePermDoesNotExist() { async function fetchFilePermDoesNotExist() {
await assertRejects(async () => { await assertRejects(async () => {
await fetch(import.meta.resolve("./bad.json")); await fetch(import.meta.resolve("./bad.json"));
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

28
tests/unit/ffi_test.ts
View file

@ -24,10 +24,10 @@ Deno.test({ permissions: { ffi: true } }, function dlopenInvalidArguments() {
}, TypeError); }, TypeError);
}); });
Deno.test({ permissions: { ffi: false } }, function ffiPermissionDenied() { Deno.test({ permissions: { ffi: false } }, function ffiNotCapable() {
assertThrows(() => { assertThrows(() => {
Deno.dlopen("/usr/lib/libc.so.6", {}); Deno.dlopen("/usr/lib/libc.so.6", {});
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
const fnptr = new Deno.UnsafeFnPointer( const fnptr = new Deno.UnsafeFnPointer(
// @ts-expect-error: Not NonNullable but null check is after permissions check. // @ts-expect-error: Not NonNullable but null check is after permissions check.
null, null,
@ -38,44 +38,44 @@ Deno.test({ permissions: { ffi: false } }, function ffiPermissionDenied() {
); );
assertThrows(() => { assertThrows(() => {
fnptr.call(123, null); fnptr.call(123, null);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
assertThrows(() => { assertThrows(() => {
Deno.UnsafePointer.of(new Uint8Array(0)); Deno.UnsafePointer.of(new Uint8Array(0));
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
const ptrView = new Deno.UnsafePointerView( const ptrView = new Deno.UnsafePointerView(
// @ts-expect-error: Not NonNullable but null check is after permissions check. // @ts-expect-error: Not NonNullable but null check is after permissions check.
null, null,
); );
assertThrows(() => { assertThrows(() => {
ptrView.copyInto(new Uint8Array(0)); ptrView.copyInto(new Uint8Array(0));
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
assertThrows(() => { assertThrows(() => {
ptrView.getCString(); ptrView.getCString();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
assertThrows(() => { assertThrows(() => {
ptrView.getUint8(); ptrView.getUint8();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
assertThrows(() => { assertThrows(() => {
ptrView.getInt8(); ptrView.getInt8();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
assertThrows(() => { assertThrows(() => {
ptrView.getUint16(); ptrView.getUint16();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
assertThrows(() => { assertThrows(() => {
ptrView.getInt16(); ptrView.getInt16();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
assertThrows(() => { assertThrows(() => {
ptrView.getUint32(); ptrView.getUint32();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
assertThrows(() => { assertThrows(() => {
ptrView.getInt32(); ptrView.getInt32();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
assertThrows(() => { assertThrows(() => {
ptrView.getFloat32(); ptrView.getFloat32();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
assertThrows(() => { assertThrows(() => {
ptrView.getFloat64(); ptrView.getFloat64();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { ffi: true } }, function pointerOf() { Deno.test({ permissions: { ffi: true } }, function pointerOf() {

6
tests/unit/files_test.ts
View file

@ -127,7 +127,7 @@ Deno.test(
for (const options of openOptions) { for (const options of openOptions) {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.open(filename, options); await Deno.open(filename, options);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
} }
}, },
); );
@ -170,7 +170,7 @@ Deno.test(async function openOptions() {
Deno.test({ permissions: { read: false } }, async function readPermFailure() { Deno.test({ permissions: { read: false } }, async function readPermFailure() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.open("package.json", { read: true }); await Deno.open("package.json", { read: true });
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(
@ -229,7 +229,7 @@ Deno.test(
const filename = "tests/hello.txt"; const filename = "tests/hello.txt";
await assertRejects(async () => { await assertRejects(async () => {
await Deno.open(filename, { read: true }); await Deno.open(filename, { read: true });
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

2
tests/unit/fs_events_test.ts
View file

@ -7,7 +7,7 @@ import { assert, assertEquals, assertThrows, delay } from "./test_util.ts";
Deno.test({ permissions: { read: false } }, function watchFsPermissions() { Deno.test({ permissions: { read: false } }, function watchFsPermissions() {
assertThrows(() => { assertThrows(() => {
Deno.watchFs("."); Deno.watchFs(".");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, function watchFsInvalidPath() { Deno.test({ permissions: { read: true } }, function watchFsInvalidPath() {

8
tests/unit/link_test.ts
View file

@ -87,7 +87,7 @@ Deno.test(
function linkSyncReadPerm() { function linkSyncReadPerm() {
assertThrows(() => { assertThrows(() => {
Deno.linkSync("oldbaddir", "newbaddir"); Deno.linkSync("oldbaddir", "newbaddir");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -96,7 +96,7 @@ Deno.test(
function linkSyncWritePerm() { function linkSyncWritePerm() {
assertThrows(() => { assertThrows(() => {
Deno.linkSync("oldbaddir", "newbaddir"); Deno.linkSync("oldbaddir", "newbaddir");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -181,7 +181,7 @@ Deno.test(
async function linkReadPerm() { async function linkReadPerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.link("oldbaddir", "newbaddir"); await Deno.link("oldbaddir", "newbaddir");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -190,6 +190,6 @@ Deno.test(
async function linkWritePerm() { async function linkWritePerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.link("oldbaddir", "newbaddir"); await Deno.link("oldbaddir", "newbaddir");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

4
tests/unit/make_temp_test.ts
View file

@ -42,7 +42,7 @@ Deno.test({ permissions: { write: false } }, function makeTempDirSyncPerm() {
// makeTempDirSync should require write permissions (for now). // makeTempDirSync should require write permissions (for now).
assertThrows(() => { assertThrows(() => {
Deno.makeTempDirSync({ dir: "/baddir" }); Deno.makeTempDirSync({ dir: "/baddir" });
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(
@ -117,7 +117,7 @@ Deno.test({ permissions: { write: false } }, function makeTempFileSyncPerm() {
// makeTempFileSync should require write permissions (for now). // makeTempFileSync should require write permissions (for now).
assertThrows(() => { assertThrows(() => {
Deno.makeTempFileSync({ dir: "/baddir" }); Deno.makeTempFileSync({ dir: "/baddir" });
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(

2
tests/unit/mkdir_test.ts
View file

@ -36,7 +36,7 @@ Deno.test(
Deno.test({ permissions: { write: false } }, function mkdirSyncPerm() { Deno.test({ permissions: { write: false } }, function mkdirSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.mkdirSync("/baddir"); Deno.mkdirSync("/baddir");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(

4
tests/unit/net_test.ts
View file

@ -100,7 +100,7 @@ Deno.test(
assert(socket.addr.transport === "unix"); assert(socket.addr.transport === "unix");
assertEquals(socket.addr.path, filePath); assertEquals(socket.addr.path, filePath);
socket.close(); socket.close();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -119,7 +119,7 @@ Deno.test(
assert(socket.addr.transport === "unixpacket"); assert(socket.addr.transport === "unixpacket");
assertEquals(socket.addr.path, filePath); assertEquals(socket.addr.path, filePath);
socket.close(); socket.close();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

20
tests/unit/os_test.ts
View file

@ -48,16 +48,16 @@ Deno.test({ permissions: { env: true } }, function avoidEmptyNamedEnv() {
assertThrows(() => Deno.env.delete("a\0a"), TypeError); assertThrows(() => Deno.env.delete("a\0a"), TypeError);
}); });
Deno.test({ permissions: { env: false } }, function envPermissionDenied1() { Deno.test({ permissions: { env: false } }, function envPerm1() {
assertThrows(() => { assertThrows(() => {
Deno.env.toObject(); Deno.env.toObject();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { env: false } }, function envPermissionDenied2() { Deno.test({ permissions: { env: false } }, function envPerm2() {
assertThrows(() => { assertThrows(() => {
Deno.env.get("PATH"); Deno.env.get("PATH");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
// This test verifies that on Windows, environment variables are // This test verifies that on Windows, environment variables are
@ -191,7 +191,7 @@ Deno.test({ permissions: { read: false } }, function execPathPerm() {
() => { () => {
Deno.execPath(); Deno.execPath();
}, },
Deno.errors.PermissionDenied, Deno.errors.NotCapable,
"Requires read access to <exec_path>, run again with the --allow-read flag", "Requires read access to <exec_path>, run again with the --allow-read flag",
); );
}); });
@ -206,7 +206,7 @@ Deno.test(
() => { () => {
Deno.readTextFileSync("/proc/net/dev"); Deno.readTextFileSync("/proc/net/dev");
}, },
Deno.errors.PermissionDenied, Deno.errors.NotCapable,
`Requires all access to "/proc/net/dev", run again with the --allow-all flag`, `Requires all access to "/proc/net/dev", run again with the --allow-all flag`,
); );
}, },
@ -223,7 +223,7 @@ Deno.test(
Deno.test({ permissions: { sys: false } }, function loadavgPerm() { Deno.test({ permissions: { sys: false } }, function loadavgPerm() {
assertThrows(() => { assertThrows(() => {
Deno.loadavg(); Deno.loadavg();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(
@ -253,7 +253,7 @@ Deno.test(
Deno.test({ permissions: { sys: false } }, function hostnamePerm() { Deno.test({ permissions: { sys: false } }, function hostnamePerm() {
assertThrows(() => { assertThrows(() => {
Deno.hostname(); Deno.hostname();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(
@ -266,7 +266,7 @@ Deno.test(
Deno.test({ permissions: { sys: false } }, function releasePerm() { Deno.test({ permissions: { sys: false } }, function releasePerm() {
assertThrows(() => { assertThrows(() => {
Deno.osRelease(); Deno.osRelease();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { sys: ["osUptime"] } }, function osUptime() { Deno.test({ permissions: { sys: ["osUptime"] } }, function osUptime() {
@ -278,7 +278,7 @@ Deno.test({ permissions: { sys: ["osUptime"] } }, function osUptime() {
Deno.test({ permissions: { sys: false } }, function osUptimePerm() { Deno.test({ permissions: { sys: false } }, function osUptimePerm() {
assertThrows(() => { assertThrows(() => {
Deno.osUptime(); Deno.osUptime();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(

4
tests/unit/process_test.ts
View file

@ -17,7 +17,7 @@ Deno.test(
Deno.run({ Deno.run({
cmd: [Deno.execPath(), "eval", "console.log('hello world')"], cmd: [Deno.execPath(), "eval", "console.log('hello world')"],
}); });
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -517,7 +517,7 @@ Deno.test({ permissions: { run: false } }, function killPermissions() {
// process - assuming that Deno does not have a special handler set for it // process - assuming that Deno does not have a special handler set for it
// and will just continue even if a signal is erroneously sent. // and will just continue even if a signal is erroneously sent.
Deno.kill(Deno.pid, "SIGCONT"); Deno.kill(Deno.pid, "SIGCONT");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(

4
tests/unit/read_dir_test.ts
View file

@ -35,7 +35,7 @@ Deno.test({ permissions: { read: true } }, function readDirSyncWithUrl() {
Deno.test({ permissions: { read: false } }, function readDirSyncPerm() { Deno.test({ permissions: { read: false } }, function readDirSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.readDirSync("tests/"); Deno.readDirSync("tests/");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, function readDirSyncNotDir() { Deno.test({ permissions: { read: true } }, function readDirSyncNotDir() {
@ -79,7 +79,7 @@ Deno.test({ permissions: { read: true } }, async function readDirWithUrl() {
Deno.test({ permissions: { read: false } }, async function readDirPerm() { Deno.test({ permissions: { read: false } }, async function readDirPerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.readDir("tests/")[Symbol.asyncIterator]().next(); await Deno.readDir("tests/")[Symbol.asyncIterator]().next();
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(

4
tests/unit/read_file_test.ts
View file

@ -31,7 +31,7 @@ Deno.test({ permissions: { read: true } }, function readFileSyncUrl() {
Deno.test({ permissions: { read: false } }, function readFileSyncPerm() { Deno.test({ permissions: { read: false } }, function readFileSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.readFileSync("tests/testdata/assets/fixture.json"); Deno.readFileSync("tests/testdata/assets/fixture.json");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, function readFileSyncNotFound() { Deno.test({ permissions: { read: true } }, function readFileSyncNotFound() {
@ -63,7 +63,7 @@ Deno.test({ permissions: { read: true } }, async function readFileSuccess() {
Deno.test({ permissions: { read: false } }, async function readFilePerm() { Deno.test({ permissions: { read: false } }, async function readFilePerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.readFile("tests/testdata/assets/fixture.json"); await Deno.readFile("tests/testdata/assets/fixture.json");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, function readFileSyncLoop() { Deno.test({ permissions: { read: true } }, function readFileSyncLoop() {

4
tests/unit/read_link_test.ts
View file

@ -39,7 +39,7 @@ Deno.test(
Deno.test({ permissions: { read: false } }, function readLinkSyncPerm() { Deno.test({ permissions: { read: false } }, function readLinkSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.readLinkSync("/symlink"); Deno.readLinkSync("/symlink");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, function readLinkSyncNotFound() { Deno.test({ permissions: { read: true } }, function readLinkSyncNotFound() {
@ -85,7 +85,7 @@ Deno.test(
Deno.test({ permissions: { read: false } }, async function readLinkPerm() { Deno.test({ permissions: { read: false } }, async function readLinkPerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.readLink("/symlink"); await Deno.readLink("/symlink");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, async function readLinkNotFound() { Deno.test({ permissions: { read: true } }, async function readLinkNotFound() {

4
tests/unit/read_text_file_test.ts
View file

@ -28,7 +28,7 @@ Deno.test({ permissions: { read: true } }, function readTextFileSyncByUrl() {
Deno.test({ permissions: { read: false } }, function readTextFileSyncPerm() { Deno.test({ permissions: { read: false } }, function readTextFileSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.readTextFileSync("tests/testdata/assets/fixture.json"); Deno.readTextFileSync("tests/testdata/assets/fixture.json");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, function readTextFileSyncNotFound() { Deno.test({ permissions: { read: true } }, function readTextFileSyncNotFound() {
@ -61,7 +61,7 @@ Deno.test({ permissions: { read: true } }, async function readTextFileByUrl() {
Deno.test({ permissions: { read: false } }, async function readTextFilePerm() { Deno.test({ permissions: { read: false } }, async function readTextFilePerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.readTextFile("tests/testdata/assets/fixture.json"); await Deno.readTextFile("tests/testdata/assets/fixture.json");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, function readTextFileSyncLoop() { Deno.test({ permissions: { read: true } }, function readTextFileSyncLoop() {

4
tests/unit/real_path_test.ts
View file

@ -50,7 +50,7 @@ Deno.test(
Deno.test({ permissions: { read: false } }, function realPathSyncPerm() { Deno.test({ permissions: { read: false } }, function realPathSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.realPathSync("some_file"); Deno.realPathSync("some_file");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, function realPathSyncNotFound() { Deno.test({ permissions: { read: true } }, function realPathSyncNotFound() {
@ -104,7 +104,7 @@ Deno.test(
Deno.test({ permissions: { read: false } }, async function realPathPerm() { Deno.test({ permissions: { read: false } }, async function realPathPerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.realPath("some_file"); await Deno.realPath("some_file");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, async function realPathNotFound() { Deno.test({ permissions: { read: true } }, async function realPathNotFound() {

4
tests/unit/remove_test.ts
View file

@ -153,7 +153,7 @@ Deno.test({ permissions: { write: false } }, async function removePerm() {
for (const method of REMOVE_METHODS) { for (const method of REMOVE_METHODS) {
await assertRejects(async () => { await assertRejects(async () => {
await Deno[method]("/baddir"); await Deno[method]("/baddir");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
} }
}); });
@ -233,7 +233,7 @@ Deno.test({ permissions: { write: false } }, async function removeAllPerm() {
for (const method of REMOVE_METHODS) { for (const method of REMOVE_METHODS) {
await assertRejects(async () => { await assertRejects(async () => {
await Deno[method]("/baddir", { recursive: true }); await Deno[method]("/baddir", { recursive: true });
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
} }
}); });

4
tests/unit/rename_test.ts
View file

@ -70,7 +70,7 @@ Deno.test(
const oldpath = "/oldbaddir"; const oldpath = "/oldbaddir";
const newpath = "/newbaddir"; const newpath = "/newbaddir";
Deno.renameSync(oldpath, newpath); Deno.renameSync(oldpath, newpath);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -81,7 +81,7 @@ Deno.test(
const oldpath = "/oldbaddir"; const oldpath = "/oldbaddir";
const newpath = "/newbaddir"; const newpath = "/newbaddir";
Deno.renameSync(oldpath, newpath); Deno.renameSync(oldpath, newpath);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

8
tests/unit/stat_test.ts
View file

@ -74,7 +74,7 @@ Deno.test(
Deno.test({ permissions: { read: false } }, function statSyncPerm() { Deno.test({ permissions: { read: false } }, function statSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.statSync("README.md"); Deno.statSync("README.md");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, function statSyncNotFound() { Deno.test({ permissions: { read: true } }, function statSyncNotFound() {
@ -118,7 +118,7 @@ Deno.test({ permissions: { read: true } }, function lstatSyncSuccess() {
Deno.test({ permissions: { read: false } }, function lstatSyncPerm() { Deno.test({ permissions: { read: false } }, function lstatSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.lstatSync("assets/hello.txt"); Deno.lstatSync("assets/hello.txt");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, function lstatSyncNotFound() { Deno.test({ permissions: { read: true } }, function lstatSyncNotFound() {
@ -200,7 +200,7 @@ Deno.test(
Deno.test({ permissions: { read: false } }, async function statPerm() { Deno.test({ permissions: { read: false } }, async function statPerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.stat("README.md"); await Deno.stat("README.md");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, async function statNotFound() { Deno.test({ permissions: { read: true } }, async function statNotFound() {
@ -244,7 +244,7 @@ Deno.test({ permissions: { read: true } }, async function lstatSuccess() {
Deno.test({ permissions: { read: false } }, async function lstatPerm() { Deno.test({ permissions: { read: false } }, async function lstatPerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.lstat("README.md"); await Deno.lstat("README.md");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { read: true } }, async function lstatNotFound() { Deno.test({ permissions: { read: true } }, async function lstatNotFound() {

10
tests/unit/symlink_test.ts
View file

@ -62,7 +62,7 @@ Deno.test(
function symlinkSyncPerm() { function symlinkSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.symlinkSync("oldbaddir", "newbaddir"); Deno.symlinkSync("oldbaddir", "newbaddir");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -152,11 +152,11 @@ Deno.test(
async function symlinkNoFullWritePermissions() { async function symlinkNoFullWritePermissions() {
await assertRejects( await assertRejects(
() => Deno.symlink("old", "new"), () => Deno.symlink("old", "new"),
Deno.errors.PermissionDenied, Deno.errors.NotCapable,
); );
assertThrows( assertThrows(
() => Deno.symlinkSync("old", "new"), () => Deno.symlinkSync("old", "new"),
Deno.errors.PermissionDenied, Deno.errors.NotCapable,
); );
}, },
); );
@ -166,11 +166,11 @@ Deno.test(
async function symlinkNoFullReadPermissions() { async function symlinkNoFullReadPermissions() {
await assertRejects( await assertRejects(
() => Deno.symlink("old", "new"), () => Deno.symlink("old", "new"),
Deno.errors.PermissionDenied, Deno.errors.NotCapable,
); );
assertThrows( assertThrows(
() => Deno.symlinkSync("old", "new"), () => Deno.symlinkSync("old", "new"),
Deno.errors.PermissionDenied, Deno.errors.NotCapable,
); );
}, },
); );

6
tests/unit/tls_test.ts
View file

@ -55,7 +55,7 @@ function unreachable(): never {
Deno.test({ permissions: { net: false } }, async function connectTLSNoPerm() { Deno.test({ permissions: { net: false } }, async function connectTLSNoPerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.connectTls({ hostname: "deno.land", port: 443 }); await Deno.connectTls({ hostname: "deno.land", port: 443 });
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(
@ -76,7 +76,7 @@ Deno.test(
port: 443, port: 443,
certFile: "tests/testdata/tls/RootCA.crt", certFile: "tests/testdata/tls/RootCA.crt",
}); });
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -116,7 +116,7 @@ Deno.test(
certFile: "tests/testdata/tls/localhost.crt", certFile: "tests/testdata/tls/localhost.crt",
keyFile: "tests/testdata/tls/localhost.key", keyFile: "tests/testdata/tls/localhost.key",
}); });
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

4
tests/unit/truncate_test.ts
View file

@ -76,13 +76,13 @@ Deno.test(
Deno.test({ permissions: { write: false } }, function truncateSyncPerm() { Deno.test({ permissions: { write: false } }, function truncateSyncPerm() {
assertThrows(() => { assertThrows(() => {
Deno.truncateSync("/test_truncateSyncPermission.txt"); Deno.truncateSync("/test_truncateSyncPermission.txt");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test({ permissions: { write: false } }, async function truncatePerm() { Deno.test({ permissions: { write: false } }, async function truncatePerm() {
await assertRejects(async () => { await assertRejects(async () => {
await Deno.truncate("/test_truncatePermission.txt"); await Deno.truncate("/test_truncatePermission.txt");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(

4
tests/unit/utime_test.ts
View file

@ -176,7 +176,7 @@ Deno.test(
assertThrows(() => { assertThrows(() => {
Deno.utimeSync("/some_dir", atime, mtime); Deno.utimeSync("/some_dir", atime, mtime);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );
@ -291,6 +291,6 @@ Deno.test(
await assertRejects(async () => { await assertRejects(async () => {
await Deno.utime("/some_dir", atime, mtime); await Deno.utime("/some_dir", atime, mtime);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

2
tests/unit/websocket_test.ts
View file

@ -7,7 +7,7 @@ const serveUrl = `ws://localhost:${servePort}/`;
Deno.test({ permissions: "none" }, function websocketPermissionless() { Deno.test({ permissions: "none" }, function websocketPermissionless() {
assertThrows( assertThrows(
() => new WebSocket("ws://localhost"), () => new WebSocket("ws://localhost"),
Deno.errors.PermissionDenied, Deno.errors.NotCapable,
); );
}); });

2
tests/unit/worker_test.ts
View file

@ -546,7 +546,7 @@ Deno.test({
); );
worker.terminate(); worker.terminate();
}, },
Deno.errors.PermissionDenied, Deno.errors.NotCapable,
"Can't escalate parent thread permissions", "Can't escalate parent thread permissions",
); );
}, },

4
tests/unit/write_file_test.ts
View file

@ -57,7 +57,7 @@ Deno.test({ permissions: { write: false } }, function writeFileSyncPerm() {
// The following should fail due to no write permission // The following should fail due to no write permission
assertThrows(() => { assertThrows(() => {
Deno.writeFileSync(filename, data); Deno.writeFileSync(filename, data);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(
@ -190,7 +190,7 @@ Deno.test(
// The following should fail due to no write permission // The following should fail due to no write permission
await assertRejects(async () => { await assertRejects(async () => {
await Deno.writeFile(filename, data); await Deno.writeFile(filename, data);
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

4
tests/unit/write_text_file_test.ts
View file

@ -45,7 +45,7 @@ Deno.test({ permissions: { write: false } }, function writeTextFileSyncPerm() {
// The following should fail due to no write permission // The following should fail due to no write permission
assertThrows(() => { assertThrows(() => {
Deno.writeTextFileSync(filename, "Hello"); Deno.writeTextFileSync(filename, "Hello");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}); });
Deno.test( Deno.test(
@ -144,7 +144,7 @@ Deno.test(
// The following should fail due to no write permission // The following should fail due to no write permission
await assertRejects(async () => { await assertRejects(async () => {
await Deno.writeTextFile(filename, "Hello"); await Deno.writeTextFile(filename, "Hello");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

2
tests/unit_node/fs_test.ts
View file

@ -88,7 +88,7 @@ Deno.test(
() => { () => {
assertThrows(() => { assertThrows(() => {
existsSync("tests/testdata/assets/fixture.json"); existsSync("tests/testdata/assets/fixture.json");
}, Deno.errors.PermissionDenied); }, Deno.errors.NotCapable);
}, },
); );

2
tests/unit_node/net_test.ts
View file

@ -113,7 +113,7 @@ Deno.test({
const s = new net.Server(); const s = new net.Server();
s.listen(3000); s.listen(3000);
} catch (e) { } catch (e) {
assert(e instanceof Deno.errors.PermissionDenied); assert(e instanceof Deno.errors.NotCapable);
} }
}, },
}); });

10
tests/unit_node/os_test.ts
View file

@ -8,6 +8,7 @@ import {
assertNotEquals, assertNotEquals,
assertThrows, assertThrows,
} from "@std/assert"; } from "@std/assert";
import console from "node:console";
Deno.test({ Deno.test({
name: "build architecture is a string", name: "build architecture is a string",
@ -298,7 +299,14 @@ Deno.test({
args: ["eval", "while (true) { console.log('foo') }"], args: ["eval", "while (true) { console.log('foo') }"],
}).spawn(); }).spawn();
assertThrows( assertThrows(
() => os.setPriority(child.pid, os.constants.priority.PRIORITY_HIGH), () => {
try {
os.setPriority(child.pid, os.constants.priority.PRIORITY_HIGH);
} catch (err) {
console.error(err);
throw err;
}
},
Deno.errors.PermissionDenied, Deno.errors.PermissionDenied,
); );
os.getPriority(child.pid); os.getPriority(child.pid);

2
tests/util/server/src/lib.rs
View file

@ -48,7 +48,7 @@ pub use fs::TempDir;
pub const PERMISSION_VARIANTS: [&str; 5] = pub const PERMISSION_VARIANTS: [&str; 5] =
["read", "write", "env", "net", "run"]; ["read", "write", "env", "net", "run"];
pub const PERMISSION_DENIED_PATTERN: &str = "PermissionDenied"; pub const PERMISSION_DENIED_PATTERN: &str = "NotCapable";
static GUARD: Lazy<Mutex<HttpServerCount>> = Lazy::new(Default::default); static GUARD: Lazy<Mutex<HttpServerCount>> = Lazy::new(Default::default);