mirror of
https://github.com/denoland/deno.git
synced 2024-12-22 15:24:46 -05:00
fix: panic when trying to pledge permissions before restoring previous pledge (#14306)
This commit fixes and edge case, where testing/benching code could pledge new permission set before restoring the previous pledge. Appropriate panics were added and tests that assert that process is killed in case of "recursive pledge".
This commit is contained in:
parent
19bb82aa40
commit
9c5928b5aa
6 changed files with 60 additions and 0 deletions
|
@ -63,6 +63,10 @@ pub fn op_pledge_test_permissions(
|
||||||
let worker_permissions = create_child_permissions(parent_permissions, args)?;
|
let worker_permissions = create_child_permissions(parent_permissions, args)?;
|
||||||
let parent_permissions = parent_permissions.clone();
|
let parent_permissions = parent_permissions.clone();
|
||||||
|
|
||||||
|
if state.try_take::<PermissionsHolder>().is_some() {
|
||||||
|
panic!("pledge test permissions called before restoring previous pledge");
|
||||||
|
}
|
||||||
|
|
||||||
state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions));
|
state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions));
|
||||||
|
|
||||||
// NOTE: This call overrides current permission set for the worker
|
// NOTE: This call overrides current permission set for the worker
|
||||||
|
|
|
@ -122,6 +122,9 @@ pub fn op_pledge_test_permissions(
|
||||||
let worker_permissions = create_child_permissions(parent_permissions, args)?;
|
let worker_permissions = create_child_permissions(parent_permissions, args)?;
|
||||||
let parent_permissions = parent_permissions.clone();
|
let parent_permissions = parent_permissions.clone();
|
||||||
|
|
||||||
|
if state.try_take::<PermissionsHolder>().is_some() {
|
||||||
|
panic!("pledge test permissions called before restoring previous pledge");
|
||||||
|
}
|
||||||
state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions));
|
state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions));
|
||||||
|
|
||||||
// NOTE: This call overrides current permission set for the worker
|
// NOTE: This call overrides current permission set for the worker
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
|
// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
|
||||||
|
|
||||||
use crate::itest;
|
use crate::itest;
|
||||||
|
use test_util as util;
|
||||||
|
|
||||||
itest!(requires_unstable {
|
itest!(requires_unstable {
|
||||||
args: "bench bench/requires_unstable.js",
|
args: "bench bench/requires_unstable.js",
|
||||||
|
@ -139,3 +140,21 @@ itest!(no_prompt_with_denied_perms {
|
||||||
exit_code: 1,
|
exit_code: 1,
|
||||||
output: "bench/no_prompt_with_denied_perms.out",
|
output: "bench/no_prompt_with_denied_perms.out",
|
||||||
});
|
});
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn recursive_permissions_pledge() {
|
||||||
|
let output = util::deno_cmd()
|
||||||
|
.current_dir(util::testdata_path())
|
||||||
|
.arg("bench")
|
||||||
|
.arg("--unstable")
|
||||||
|
.arg("bench/recursive_permissions_pledge.js")
|
||||||
|
.stderr(std::process::Stdio::piped())
|
||||||
|
.spawn()
|
||||||
|
.unwrap()
|
||||||
|
.wait_with_output()
|
||||||
|
.unwrap();
|
||||||
|
assert!(!output.status.success());
|
||||||
|
assert!(String::from_utf8(output.stderr).unwrap().contains(
|
||||||
|
"pledge test permissions called before restoring previous pledge"
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
|
@ -298,3 +298,21 @@ itest!(no_prompt_with_denied_perms {
|
||||||
exit_code: 1,
|
exit_code: 1,
|
||||||
output: "test/no_prompt_with_denied_perms.out",
|
output: "test/no_prompt_with_denied_perms.out",
|
||||||
});
|
});
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn recursive_permissions_pledge() {
|
||||||
|
let output = util::deno_cmd()
|
||||||
|
.current_dir(util::testdata_path())
|
||||||
|
.arg("test")
|
||||||
|
.arg("test/recursive_permissions_pledge.js")
|
||||||
|
.stderr(std::process::Stdio::piped())
|
||||||
|
.stdout(std::process::Stdio::piped())
|
||||||
|
.spawn()
|
||||||
|
.unwrap()
|
||||||
|
.wait_with_output()
|
||||||
|
.unwrap();
|
||||||
|
assert!(!output.status.success());
|
||||||
|
assert!(String::from_utf8(output.stderr).unwrap().contains(
|
||||||
|
"pledge test permissions called before restoring previous pledge"
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
8
cli/tests/testdata/bench/recursive_permissions_pledge.js
vendored
Normal file
8
cli/tests/testdata/bench/recursive_permissions_pledge.js
vendored
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
Deno.core.opSync(
|
||||||
|
"op_pledge_test_permissions",
|
||||||
|
"none",
|
||||||
|
);
|
||||||
|
Deno.core.opSync(
|
||||||
|
"op_pledge_test_permissions",
|
||||||
|
"inherit",
|
||||||
|
);
|
8
cli/tests/testdata/test/recursive_permissions_pledge.js
vendored
Normal file
8
cli/tests/testdata/test/recursive_permissions_pledge.js
vendored
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
Deno.core.opSync(
|
||||||
|
"op_pledge_test_permissions",
|
||||||
|
"none",
|
||||||
|
);
|
||||||
|
Deno.core.opSync(
|
||||||
|
"op_pledge_test_permissions",
|
||||||
|
"inherit",
|
||||||
|
);
|
Loading…
Reference in a new issue