1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-29 16:30:56 -05:00
Commit graph

14 commits

Author SHA1 Message Date
Matt Mastracci
5d7ebea99f
fix(cli): harden permission stdio check (#21778)
Harden the code that does permission checks to protect against
re-opening of stdin.

Code that runs FFI is vulnerable to an attack where fd 0 is closed
during a permission check and re-opened with a file that contains a
positive response (ie: `y` or `A`). While FFI code is dangerous in
general, we can make it more difficult for FFI-enabled code to bypass
additional permission checks.

- Checks to see if the underlying file for stdin has changed from the
start to the end of the permission check (detects races)
- Checks to see if the message is excessively long (lowering the window
for races)
- Checks to see if stdin and stderr are still terminals at the end of
the function (making races more difficult)
2024-01-04 20:34:54 +01:00
David Sherret
21dd7f8a7f
chore: update copyright to 2024 (#21753) 2024-01-04 20:34:51 +01:00
Matt Mastracci
c272d26ae8
chore(cli): remove atty crate (#20275)
Removes a crate with an outstanding vulnerability.
2023-08-25 07:43:07 -06:00
David Sherret
ff690b0ab4
chore: fix flaky stdio_streams_are_locked_in_permission_prompt (#19443) 2023-06-09 13:24:39 -04:00
David Sherret
6fb6b0c1f3
chore: restore pty tests and make them run on the Linux CI (#18424)
1. Rewrites the tests to be more back and forth rather than getting the
output all at once (which I believe was causing the hangs on linux and
maybe mac)
2. Runs the pty tests on the linux ci.
3. Fixes a bunch of tests that were just wrong.
4. Adds timeouts on the pty tests.
2023-03-28 21:49:00 +00:00
Bartek Iwańczuk
78d430103a
fix(prompt): better output with control chars (#18108) 2023-03-10 01:09:14 +01:00
Asher Gomez
c18e0d1d37
feat(permissions): grant all permission for a group in permission prompt (#17140)
This commit adds new "A" option to the interactive permission prompt, that will
allow all subsequent permissions for given group (domain). Ie. when querying for
permissions to access eg. env variables responding with "A" will allow access
to all environmental variables.

This works for all permission domains and should make permission prompts
more ergonomic for users.
2023-02-22 23:02:10 +01:00
Bartek Iwańczuk
9ea899afa7
refactor(permissions): use less space for permissions prompt (#17708) 2023-02-10 12:29:03 +01:00
David Sherret
f5840bdcd3
chore: upgrade to Rust 1.67 (#17548)
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-01-27 10:43:16 -05:00
Bartek Iwańczuk
1b17985c5a
fix(permissions): lock stdio streams when prompt is shown (#17392)
This commit changes permission prompt to lock stdio streams when prompt
is shown.
2023-01-13 10:05:07 -05:00
Bartek Iwańczuk
7a5b6a3261
fix(permissions): fix italic font in permission prompt (#17249) 2023-01-03 17:30:15 +01:00
David Sherret
10e4b2e140
chore: update copyright year to 2023 (#17247)
Yearly tradition of creating extra noise in git.
2023-01-02 21:00:42 +00:00
David Sherret
2ff27a1f93
fix: hide progress bars when showing permission prompt (#17130)
Also adds download bytes progress when downloading remote specifiers.

Closes #16860
2022-12-19 14:31:19 -05:00
Bartek Iwańczuk
7b212bc574
refactor(permissions): factor out PermissionPrompter trait, add callbacks (#16975)
This commit refactors several things in "runtime/permissions" module:
- splits it into "mod.rs" and "prompter.rs"
- adds "PermissionPrompter" trait with two implementations:
 * "TtyPrompter"
 * "TestPrompter"
- adds "before" and "after" prompt callback which can be used to hide
progress bar in the CLI (to be done in a follow up)
- "permissions_prompt" API returns "PromptResponse" enum, instead
of a boolean; this allows to add "allow all"/"deny all" functionality
for the prompt
2022-12-18 01:12:28 +01:00