mirror of
https://github.com/denoland/deno.git
synced 2025-01-11 08:33:43 -05:00
fix(compile): implicit read permission to npm vfs (#19281)
Closes #19280
This commit is contained in:
parent
a11681a9b0
commit
d0c5ff42f4
6 changed files with 87 additions and 11 deletions
|
@ -311,7 +311,7 @@ pub async fn run(
|
||||||
http_client.clone(),
|
http_client.clone(),
|
||||||
progress_bar.clone(),
|
progress_bar.clone(),
|
||||||
));
|
));
|
||||||
let (fs, node_modules_path, snapshot) = if let Some(snapshot) =
|
let (fs, vfs_root, node_modules_path, snapshot) = if let Some(snapshot) =
|
||||||
metadata.npm_snapshot
|
metadata.npm_snapshot
|
||||||
{
|
{
|
||||||
let vfs_root_dir_path = if metadata.node_modules_dir {
|
let vfs_root_dir_path = if metadata.node_modules_dir {
|
||||||
|
@ -319,8 +319,8 @@ pub async fn run(
|
||||||
} else {
|
} else {
|
||||||
npm_cache.registry_folder(&npm_registry_url)
|
npm_cache.registry_folder(&npm_registry_url)
|
||||||
};
|
};
|
||||||
let vfs =
|
let vfs = load_npm_vfs(vfs_root_dir_path.clone())
|
||||||
load_npm_vfs(vfs_root_dir_path).context("Failed to load npm vfs.")?;
|
.context("Failed to load npm vfs.")?;
|
||||||
let node_modules_path = if metadata.node_modules_dir {
|
let node_modules_path = if metadata.node_modules_dir {
|
||||||
Some(vfs.root().to_path_buf())
|
Some(vfs.root().to_path_buf())
|
||||||
} else {
|
} else {
|
||||||
|
@ -328,6 +328,7 @@ pub async fn run(
|
||||||
};
|
};
|
||||||
(
|
(
|
||||||
Arc::new(DenoCompileFileSystem::new(vfs)) as Arc<dyn deno_fs::FileSystem>,
|
Arc::new(DenoCompileFileSystem::new(vfs)) as Arc<dyn deno_fs::FileSystem>,
|
||||||
|
Some(vfs_root_dir_path),
|
||||||
node_modules_path,
|
node_modules_path,
|
||||||
Some(snapshot.into_valid()?),
|
Some(snapshot.into_valid()?),
|
||||||
)
|
)
|
||||||
|
@ -336,6 +337,7 @@ pub async fn run(
|
||||||
Arc::new(deno_fs::RealFs) as Arc<dyn deno_fs::FileSystem>,
|
Arc::new(deno_fs::RealFs) as Arc<dyn deno_fs::FileSystem>,
|
||||||
None,
|
None,
|
||||||
None,
|
None,
|
||||||
|
None,
|
||||||
)
|
)
|
||||||
};
|
};
|
||||||
let npm_resolution = Arc::new(NpmResolution::from_serialized(
|
let npm_resolution = Arc::new(NpmResolution::from_serialized(
|
||||||
|
@ -395,9 +397,25 @@ pub async fn run(
|
||||||
}),
|
}),
|
||||||
};
|
};
|
||||||
|
|
||||||
let permissions = PermissionsContainer::new(Permissions::from_options(
|
let permissions = {
|
||||||
&metadata.permissions,
|
let mut permissions = metadata.permissions;
|
||||||
)?);
|
// if running with an npm vfs, grant read access to it
|
||||||
|
if let Some(vfs_root) = vfs_root {
|
||||||
|
match &mut permissions.allow_read {
|
||||||
|
Some(vec) if vec.is_empty() => {
|
||||||
|
// do nothing, already granted
|
||||||
|
}
|
||||||
|
Some(vec) => {
|
||||||
|
vec.push(vfs_root);
|
||||||
|
}
|
||||||
|
None => {
|
||||||
|
permissions.allow_read = Some(vec![vfs_root]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
PermissionsContainer::new(Permissions::from_options(&permissions)?)
|
||||||
|
};
|
||||||
let worker_factory = CliMainWorkerFactory::new(
|
let worker_factory = CliMainWorkerFactory::new(
|
||||||
StorageKeyResolver::empty(),
|
StorageKeyResolver::empty(),
|
||||||
npm_resolver.clone(),
|
npm_resolver.clone(),
|
||||||
|
|
|
@ -912,11 +912,13 @@ testing[WILDCARD]this
|
||||||
fn compile_npm_file_system() {
|
fn compile_npm_file_system() {
|
||||||
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
||||||
input_specifier: "compile/npm_fs/main.ts",
|
input_specifier: "compile/npm_fs/main.ts",
|
||||||
|
compile_args: vec!["-A"],
|
||||||
|
run_args: vec![],
|
||||||
output_file: "compile/npm_fs/main.out",
|
output_file: "compile/npm_fs/main.out",
|
||||||
node_modules_dir: true,
|
node_modules_dir: true,
|
||||||
input_name: Some("binary"),
|
input_name: Some("binary"),
|
||||||
expected_name: "binary",
|
expected_name: "binary",
|
||||||
run_args: vec![],
|
exit_code: 0,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -924,11 +926,13 @@ fn compile_npm_file_system() {
|
||||||
fn compile_npm_bin_esm() {
|
fn compile_npm_bin_esm() {
|
||||||
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
||||||
input_specifier: "npm:@denotest/bin/cli-esm",
|
input_specifier: "npm:@denotest/bin/cli-esm",
|
||||||
|
compile_args: vec![],
|
||||||
run_args: vec!["this", "is", "a", "test"],
|
run_args: vec!["this", "is", "a", "test"],
|
||||||
output_file: "npm/deno_run_esm.out",
|
output_file: "npm/deno_run_esm.out",
|
||||||
node_modules_dir: false,
|
node_modules_dir: false,
|
||||||
input_name: None,
|
input_name: None,
|
||||||
expected_name: "cli-esm",
|
expected_name: "cli-esm",
|
||||||
|
exit_code: 0,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -936,23 +940,55 @@ fn compile_npm_bin_esm() {
|
||||||
fn compile_npm_bin_cjs() {
|
fn compile_npm_bin_cjs() {
|
||||||
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
||||||
input_specifier: "npm:@denotest/bin/cli-cjs",
|
input_specifier: "npm:@denotest/bin/cli-cjs",
|
||||||
|
compile_args: vec![],
|
||||||
run_args: vec!["this", "is", "a", "test"],
|
run_args: vec!["this", "is", "a", "test"],
|
||||||
output_file: "npm/deno_run_cjs.out",
|
output_file: "npm/deno_run_cjs.out",
|
||||||
node_modules_dir: false,
|
node_modules_dir: false,
|
||||||
input_name: None,
|
input_name: None,
|
||||||
expected_name: "cli-cjs",
|
expected_name: "cli-cjs",
|
||||||
|
exit_code: 0,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn compile_npm_cowsay() {
|
fn compile_npm_cowsay_main() {
|
||||||
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
||||||
input_specifier: "npm:cowsay@1.5.0",
|
input_specifier: "npm:cowsay@1.5.0",
|
||||||
|
compile_args: vec!["--allow-read"],
|
||||||
run_args: vec!["Hello"],
|
run_args: vec!["Hello"],
|
||||||
output_file: "npm/deno_run_cowsay.out",
|
output_file: "npm/deno_run_cowsay.out",
|
||||||
node_modules_dir: false,
|
node_modules_dir: false,
|
||||||
input_name: None,
|
input_name: None,
|
||||||
expected_name: "cowsay",
|
expected_name: "cowsay",
|
||||||
|
exit_code: 0,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn compile_npm_vfs_implicit_read_permissions() {
|
||||||
|
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
||||||
|
input_specifier: "compile/vfs_implicit_read_permission/main.ts",
|
||||||
|
compile_args: vec![],
|
||||||
|
run_args: vec![],
|
||||||
|
output_file: "compile/vfs_implicit_read_permission/main.out",
|
||||||
|
node_modules_dir: false,
|
||||||
|
input_name: Some("binary"),
|
||||||
|
expected_name: "binary",
|
||||||
|
exit_code: 0,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn compile_npm_no_permissions() {
|
||||||
|
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
||||||
|
input_specifier: "npm:cowsay@1.5.0",
|
||||||
|
compile_args: vec![],
|
||||||
|
run_args: vec!["Hello"],
|
||||||
|
output_file: "npm/deno_run_cowsay_no_permissions.out",
|
||||||
|
node_modules_dir: false,
|
||||||
|
input_name: None,
|
||||||
|
expected_name: "cowsay",
|
||||||
|
exit_code: 1,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -960,11 +996,13 @@ fn compile_npm_cowsay() {
|
||||||
fn compile_npm_cowsay_explicit() {
|
fn compile_npm_cowsay_explicit() {
|
||||||
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
||||||
input_specifier: "npm:cowsay@1.5.0/cowsay",
|
input_specifier: "npm:cowsay@1.5.0/cowsay",
|
||||||
|
compile_args: vec!["--allow-read"],
|
||||||
run_args: vec!["Hello"],
|
run_args: vec!["Hello"],
|
||||||
output_file: "npm/deno_run_cowsay.out",
|
output_file: "npm/deno_run_cowsay.out",
|
||||||
node_modules_dir: false,
|
node_modules_dir: false,
|
||||||
input_name: None,
|
input_name: None,
|
||||||
expected_name: "cowsay",
|
expected_name: "cowsay",
|
||||||
|
exit_code: 0,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -972,21 +1010,25 @@ fn compile_npm_cowsay_explicit() {
|
||||||
fn compile_npm_cowthink() {
|
fn compile_npm_cowthink() {
|
||||||
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
run_npm_bin_compile_test(RunNpmBinCompileOptions {
|
||||||
input_specifier: "npm:cowsay@1.5.0/cowthink",
|
input_specifier: "npm:cowsay@1.5.0/cowthink",
|
||||||
|
compile_args: vec!["--allow-read"],
|
||||||
run_args: vec!["Hello"],
|
run_args: vec!["Hello"],
|
||||||
output_file: "npm/deno_run_cowthink.out",
|
output_file: "npm/deno_run_cowthink.out",
|
||||||
node_modules_dir: false,
|
node_modules_dir: false,
|
||||||
input_name: None,
|
input_name: None,
|
||||||
expected_name: "cowthink",
|
expected_name: "cowthink",
|
||||||
|
exit_code: 0,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
struct RunNpmBinCompileOptions<'a> {
|
struct RunNpmBinCompileOptions<'a> {
|
||||||
input_specifier: &'a str,
|
input_specifier: &'a str,
|
||||||
output_file: &'a str,
|
|
||||||
node_modules_dir: bool,
|
node_modules_dir: bool,
|
||||||
|
output_file: &'a str,
|
||||||
input_name: Option<&'a str>,
|
input_name: Option<&'a str>,
|
||||||
expected_name: &'a str,
|
expected_name: &'a str,
|
||||||
run_args: Vec<&'a str>,
|
run_args: Vec<&'a str>,
|
||||||
|
compile_args: Vec<&'a str>,
|
||||||
|
exit_code: i32,
|
||||||
}
|
}
|
||||||
|
|
||||||
fn run_npm_bin_compile_test(opts: RunNpmBinCompileOptions) {
|
fn run_npm_bin_compile_test(opts: RunNpmBinCompileOptions) {
|
||||||
|
@ -1006,7 +1048,9 @@ fn run_npm_bin_compile_test(opts: RunNpmBinCompileOptions) {
|
||||||
.to_string()
|
.to_string()
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut args = vec!["compile".to_string(), "-A".to_string()];
|
let mut args = vec!["compile".to_string()];
|
||||||
|
|
||||||
|
args.extend(opts.compile_args.iter().map(|s| s.to_string()));
|
||||||
|
|
||||||
if opts.node_modules_dir {
|
if opts.node_modules_dir {
|
||||||
args.push("--node-modules-dir".to_string());
|
args.push("--node-modules-dir".to_string());
|
||||||
|
@ -1036,4 +1080,5 @@ fn run_npm_bin_compile_test(opts: RunNpmBinCompileOptions) {
|
||||||
.args_vec(opts.run_args)
|
.args_vec(opts.run_args)
|
||||||
.run();
|
.run();
|
||||||
output.assert_matches_file(opts.output_file);
|
output.assert_matches_file(opts.output_file);
|
||||||
|
output.assert_exit_code(opts.exit_code);
|
||||||
}
|
}
|
||||||
|
|
8
cli/tests/testdata/compile/vfs_implicit_read_permission/main.out
vendored
Normal file
8
cli/tests/testdata/compile/vfs_implicit_read_permission/main.out
vendored
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
__________________
|
||||||
|
< Hello from Deno! >
|
||||||
|
------------------
|
||||||
|
\ ^__^
|
||||||
|
\ (oo)\_______
|
||||||
|
(__)\ )\/\
|
||||||
|
||----w |
|
||||||
|
|| ||
|
3
cli/tests/testdata/compile/vfs_implicit_read_permission/main.ts
vendored
Normal file
3
cli/tests/testdata/compile/vfs_implicit_read_permission/main.ts
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
// this will read a file from the package
|
||||||
|
import { say } from "npm:cowsay@1.5.0";
|
||||||
|
console.log(say({ text: "Hello from Deno!" }));
|
2
cli/tests/testdata/npm/deno_run_cowsay_no_permissions.out
vendored
Normal file
2
cli/tests/testdata/npm/deno_run_cowsay_no_permissions.out
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
error: Uncaught PermissionDenied: Requires read access to <CWD>, run again with the --allow-read flag
|
||||||
|
[WILDCARD]
|
|
@ -394,7 +394,7 @@ impl TestCommandBuilder {
|
||||||
(Some(combined_reader), None)
|
(Some(combined_reader), None)
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut process = command.spawn().unwrap();
|
let mut process = command.spawn().expect("Failed spawning command");
|
||||||
|
|
||||||
if let Some(input) = &self.stdin {
|
if let Some(input) = &self.stdin {
|
||||||
let mut p_stdin = process.stdin.take().unwrap();
|
let mut p_stdin = process.stdin.take().unwrap();
|
||||||
|
|
Loading…
Reference in a new issue