From aa47f8186cbc068232e23b92a6966be9bd23e4bb Mon Sep 17 00:00:00 2001 From: Casper Beyer Date: Fri, 26 Feb 2021 01:35:10 +0800 Subject: [PATCH] feat(runtime): stabilize Deno.link and Deno.linkSync (#9417) This commit makes "Deno.link" and "Deno.linkSync" stable. The permission required has been changed to read-write to ensure one cannot escape the sandbox. --- cli/diagnostics.rs | 2 -- cli/dts/lib.deno.ns.d.ts | 21 +++++++++++++++++++++ cli/dts/lib.deno.unstable.d.ts | 22 ---------------------- runtime/js/90_deno_ns.js | 4 ++-- runtime/ops/fs.rs | 7 ++++--- 5 files changed, 27 insertions(+), 29 deletions(-) diff --git a/cli/diagnostics.rs b/cli/diagnostics.rs index 1da2f277e2..5b2ce36414 100644 --- a/cli/diagnostics.rs +++ b/cli/diagnostics.rs @@ -44,8 +44,6 @@ const UNSTABLE_DENO_PROPS: &[&str] = &[ "ftruncateSync", "hostname", "kill", - "link", - "linkSync", "listen", "listenDatagram", "loadavg", diff --git a/cli/dts/lib.deno.ns.d.ts b/cli/dts/lib.deno.ns.d.ts index 15088934a3..aa10ce3afc 100644 --- a/cli/dts/lib.deno.ns.d.ts +++ b/cli/dts/lib.deno.ns.d.ts @@ -265,6 +265,27 @@ declare namespace Deno { */ export function cwd(): string; + /** + * Synchronously creates `newpath` as a hard link to `oldpath`. + * + * ```ts + * Deno.linkSync("old/name", "new/name"); + * ``` + * + * Requires `allow-read` and `allow-write` permissions. */ + export function linkSync(oldpath: string, newpath: string): void; + + /** + * + * Creates `newpath` as a hard link to `oldpath`. + * + * ```ts + * await Deno.link("old/name", "new/name"); + * ``` + * + * Requires `allow-read` and `allow-write` permissions. */ + export function link(oldpath: string, newpath: string): Promise; + export enum SeekMode { Start = 0, Current = 1, diff --git a/cli/dts/lib.deno.unstable.d.ts b/cli/dts/lib.deno.unstable.d.ts index 8623e73d44..5007d657d5 100644 --- a/cli/dts/lib.deno.unstable.d.ts +++ b/cli/dts/lib.deno.unstable.d.ts @@ -21,28 +21,6 @@ declare namespace Deno { */ export function umask(mask?: number): number; - /** **UNSTABLE**: This API needs a security review. - * - * Synchronously creates `newpath` as a hard link to `oldpath`. - * - * ```ts - * Deno.linkSync("old/name", "new/name"); - * ``` - * - * Requires `allow-read` and `allow-write` permissions. */ - export function linkSync(oldpath: string, newpath: string): void; - - /** **UNSTABLE**: This API needs a security review. - * - * Creates `newpath` as a hard link to `oldpath`. - * - * ```ts - * await Deno.link("old/name", "new/name"); - * ``` - * - * Requires `allow-read` and `allow-write` permissions. */ - export function link(oldpath: string, newpath: string): Promise; - /** **UNSTABLE**: New API, yet to be vetted. * * Gets the size of the console as columns/rows. diff --git a/runtime/js/90_deno_ns.js b/runtime/js/90_deno_ns.js index 84c6b7ade0..bd56538d1c 100644 --- a/runtime/js/90_deno_ns.js +++ b/runtime/js/90_deno_ns.js @@ -88,6 +88,8 @@ fsync: __bootstrap.fs.fsync, fdatasyncSync: __bootstrap.fs.fdatasyncSync, fdatasync: __bootstrap.fs.fdatasync, + link: __bootstrap.fs.link, + linkSync: __bootstrap.fs.linkSync, permissions: __bootstrap.permissions.permissions, Permissions: __bootstrap.permissions.Permissions, PermissionStatus: __bootstrap.permissions.PermissionStatus, @@ -122,8 +124,6 @@ ftruncateSync: __bootstrap.fs.ftruncateSync, ftruncate: __bootstrap.fs.ftruncate, umask: __bootstrap.fs.umask, - link: __bootstrap.fs.link, - linkSync: __bootstrap.fs.linkSync, futime: __bootstrap.fs.futime, futimeSync: __bootstrap.fs.futimeSync, utime: __bootstrap.fs.utime, diff --git a/runtime/ops/fs.rs b/runtime/ops/fs.rs index 629afbfe65..5f5425dfa2 100644 --- a/runtime/ops/fs.rs +++ b/runtime/ops/fs.rs @@ -1140,13 +1140,14 @@ fn op_link_sync( args: Value, _zero_copy: &mut [ZeroCopyBuf], ) -> Result { - super::check_unstable(state, "Deno.link"); let args: LinkArgs = serde_json::from_value(args)?; let oldpath = PathBuf::from(&args.oldpath); let newpath = PathBuf::from(&args.newpath); let permissions = state.borrow::(); permissions.check_read(&oldpath)?; + permissions.check_write(&oldpath)?; + permissions.check_read(&newpath)?; permissions.check_write(&newpath)?; debug!("op_link_sync {} {}", oldpath.display(), newpath.display()); @@ -1159,8 +1160,6 @@ async fn op_link_async( args: Value, _zero_copy: BufVec, ) -> Result { - super::check_unstable2(&state, "Deno.link"); - let args: LinkArgs = serde_json::from_value(args)?; let oldpath = PathBuf::from(&args.oldpath); let newpath = PathBuf::from(&args.newpath); @@ -1169,6 +1168,8 @@ async fn op_link_async( let state = state.borrow(); let permissions = state.borrow::(); permissions.check_read(&oldpath)?; + permissions.check_write(&oldpath)?; + permissions.check_read(&newpath)?; permissions.check_write(&newpath)?; }