1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-28 16:20:57 -05:00
Commit graph

114 commits

Author SHA1 Message Date
Matt Mastracci
adc7b3de26
fix(runtime): Allow opening /dev/fd/XXX for unix (#23743)
`deno run script.ts <(some command)` is a valid use case -- let's allow
this to work without `--allow-all`.

Fixes #23703
2024-05-10 11:21:36 -06:00
David Sherret
47f7bed677
chore: enable clippy::print_stdout and clippy::print_stderr (#23732)
1. Generally we should prefer to use the `log` crate.
2. I very often accidentally commit `eprintln`s.

When we should use `println` or `eprintln`, it's not too bad to be a bit
more verbose and ignore the lint rule.
2024-05-08 22:45:06 -04:00
denobot
e6dc4dfbff
chore: forward v1.43.2 release commit to main (#23749)
**THIS PR HAS GIT CONFLICTS THAT MUST BE RESOLVED**

This is the release commit being forwarded back to main for 1.43.2

Please ensure:
- [x] Everything looks ok in the PR
- [x] The release has been published

To make edits to this PR:
```shell
git fetch upstream forward_v1.43.2 && git checkout -b forward_v1.43.2 upstream/forward_v1.43.2
```

Don't need this PR? Close it.

cc @nathanwhit

Co-authored-by: nathanwhit <nathanwhit@users.noreply.github.com>
Co-authored-by: Nathan Whitaker <nathan@deno.com>
2024-05-09 00:45:01 +00:00
Matt Mastracci
9f7f681e26
fix(runtime): allow nul device on windows (#23741)
Fixes [23721](https://github.com/denoland/deno/issues/23721)
2024-05-08 14:39:06 -06:00
Luca Casonato
f3cc760f2f
fix(runtime): allow r/w access to /etc without --allow-all (#23718)
This is not a special path that can be used to escalate or bypass Deno
permissions, such as `--allow-env`.
2024-05-07 14:51:42 +02:00
denobot
5ff881a073
1.43.0 (#23629)
Bumped versions for 1.43.0

Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
2024-05-01 12:16:39 +05:30
denobot
8321106b78
1.43.0 (#23549)
Bumped versions for 1.43.0

Co-authored-by: littledivy <littledivy@users.noreply.github.com>
2024-04-25 15:14:26 +05:30
Matt Mastracci
472a370640
feat(runtime): Allow embedders to perform additional access checks on file open (#23208)
Embedders may have special requirements around file opening, so we add a
new `check_open` permission check that is called as part of the file
open process.
2024-04-19 18:12:03 -06:00
Bartek Iwańczuk
0a7f46b8c2
chore: forward v1.42.4 commit to main (#23394)
Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
2024-04-16 02:41:59 +00:00
denobot
c92f118652
chore: forward v1.42.3 release commit to main (#23335)
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
2024-04-12 04:19:46 +00:00
denobot
ca7432b86b
chore: forward v1.42.2 release commit to main (#23315)
Co-authored-by: Satya Rohith <me@satyarohith.com>
2024-04-11 13:37:24 +05:30
Matt Mastracci
945eb5eba6
fix(runtime): fix Windows permission prompt (#23212)
Followup to https://github.com/denoland/deno/pull/23184
2024-04-04 09:44:43 -06:00
Matt Mastracci
3b9fd1af80
fix(cli): Enforce a human delay in prompt to fix paste problem (#23184)
The permission prompt doesn't wait for quiescent input, so someone
pasting a large text file into the console may end up losing the prompt.
We enforce a minimum human delay and wait for a 100ms quiescent period
before we write and accept prompt input to avoid this problem.

This does require adding a human delay in all prompt tests, but that's
pretty straightforward. I rewrote the locked stdout/stderr test while I
was in here.
2024-04-02 15:55:06 -06:00
denobot
8d158058e5
chore: forward v1.42.1 release commit to main (#23162)
This is the release commit being forwarded back to main for 1.42.1

Co-authored-by: littledivy <littledivy@users.noreply.github.com>
2024-04-01 13:35:46 +05:30
denobot
9c6eca1064
1.42.0 (#23105)
Bumped versions for 1.42.0

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-03-28 01:47:33 +01:00
Nayeem Rahman
2cd9c6a8e6
fix(runtime): use FQDN in NetDescriptor (#23084) 2024-03-26 23:27:40 +00:00
Nathan Whitaker
85116226b3
chore: Forward 1.41.3 release commit (#22930)
Forward 1.41.3 release commit

Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
Co-authored-by: nathanwhit <nathanwhit@users.noreply.github.com>
2024-03-14 21:23:24 +00:00
Matt Mastracci
c9a9d040a3
perf(permissions): Fast exit from checks when permission is in "fully-granted" state (#22894)
Skips the access check if the specific unary permission is in an
all-granted state. Generally prevents an allocation or two.

Hooks up a quiet "all" permission that is automatically inherited. This
permission will be used in the future to indicate that the user wishes
to accept all side-effects of the permissions they explicitly granted.

The "all" permission is an "ambient flag"-style permission that states
whether "allow-all" was passed on the command-line.
2024-03-13 14:30:48 -06:00
Matt Mastracci
eccdb0e99a
chore(permissions): add allow_all flag (#22890)
Unlocking a potential perf optimization at a later date -- carry the
`allow_all` flag into the permission container.
2024-03-13 16:07:24 +00:00
Nayeem Rahman
485b4c6301
fix(runtime): negate partial condition for deny flags (#22866) 2024-03-12 22:12:29 +00:00
Divy Srivastava
de28e6fc09
refactor: add deno_permissions crate (#22236)
Issue https://github.com/denoland/deno/issues/22222


![image](https://github.com/denoland/deno/assets/34997667/2af8474b-b919-4519-98ce-9d29bc7829f2)

This PR moves `runtime/permissions` code to a upstream crate called
`deno_permissions`. The `deno_permissions::PermissionsContainer` is put
into the OpState and can be used instead of the current trait-based
permissions system.

For this PR, I've migrated `deno_fetch` to the new crate but kept the
rest of the trait-based system as a wrapper of `deno_permissions` crate.
Doing the migration all at once is error prone and hard to review.

Comparing incremental compile times for `ext/fetch` on Mac M1:

| profile | `cargo build --bin deno` | `cargo plonk build --bin deno` |
| --------- | ------------- | ------------------- |
| `debug`   | 20 s          | 0.8s                |
| `release` | 4 mins 12 s   | 1.4s                  |
2024-03-12 10:42:26 -07:00
Matt Mastracci
7e6b942312
feat(core): highlight unprintable chars in permission prompts (#22468)
If we strip out unprintable chars, we don't see the full filename being
requested by permission prompts. Instead, we highlight and escape them
to make them visible.
2024-02-19 04:51:06 +00:00
David Sherret
83d72e5c1c
refactor: extract out runtime::colors to deno_terminal::colors (#22324) 2024-02-07 11:25:14 -05:00
restlessronin
b16e6220a2
fix: enable "--allow-sys=cpus" for "deno run" (#22260)
Fixes #22221 with the suggested fix, and added "cpus" to the existing
tests.
2024-02-07 06:38:40 +00:00
Divy Srivastava
df062d2c78
fix(ext/node): add fs.cp, fs.cpSync, promises.cp (#21745)
Fixes https://github.com/denoland/deno/issues/20803
Fixes https://github.com/denoland/deno/issues/21723

Performance: copying a 48GiB rust `target` folder (recursive)
| Platform  | `deno` | `node v21.5` | Improvement |
| -------- | ------- | ------- | ------- |
| macOS (APFS) |   3.1secs  |  127.99 secs |  **42x** |
| Windows | 18.3secs | 67.2secs |  **3.8x** |

Copying files with varying sizes:


![image](https://github.com/denoland/deno/assets/34997667/58932652-6f7a-47f5-8504-896dc9ab4ddc)
2024-01-05 18:28:33 +05:30
Matt Mastracci
00970daea2
fix(cli): harden permission stdio check (#21778)
Harden the code that does permission checks to protect against
re-opening of stdin.

Code that runs FFI is vulnerable to an attack where fd 0 is closed
during a permission check and re-opened with a file that contains a
positive response (ie: `y` or `A`). While FFI code is dangerous in
general, we can make it more difficult for FFI-enabled code to bypass
additional permission checks.

- Checks to see if the underlying file for stdin has changed from the
start to the end of the permission check (detects races)
- Checks to see if the message is excessively long (lowering the window
for races)
- Checks to see if stdin and stderr are still terminals at the end of
the function (making races more difficult)
2024-01-04 00:31:39 +01:00
David Sherret
7e72f3af61
chore: update copyright to 2024 (#21753) 2024-01-01 19:58:21 +00:00
David Sherret
a24d3e8763
perf(node/fs): faster existsSync when not exists (#21458) 2023-12-04 21:05:40 +00:00
Ian Bull
e087851e54
fix(perm): allow-net with port 80 (#21221) 2023-12-01 19:03:53 +01:00
liruifengv
fc8f060ee3
fix(permissions): fix panics when revoking net permission (#21388)
fix #21385
2023-12-01 18:45:51 +01:00
Bartek Iwańczuk
2167a52d69
refactor: remove TimersPermissions::check_unstable (#20831)
This is dead code that was not used in any way.

Ref https://github.com/denoland/deno/pull/20797
2023-10-09 02:08:10 +02:00
Nayeem Rahman
1cce306022
fix(runtime/permissions): Resolve executable specifiers in allowlists and queries (#14130)
Closes #14122.

Adds two extensions to `--allow-run` behaviour:
- When `--allow-run=foo` is specified and `foo` is found in the `PATH`
at startup, `RunDescriptor::Path(which("foo"))` is added to the
allowlist alongside `RunDescriptor::Name("foo")`. Currently only the
latter is.
- When run permission for `foo` is queried and `foo` is found in the
`PATH` at runtime, either `RunDescriptor::Path(which("foo"))` or
`RunDescriptor::Name("foo")` would qualify in the allowlist. Currently
only the latter does.
2023-08-30 18:52:01 +01:00
Matt Mastracci
c272d26ae8
chore(cli): remove atty crate (#20275)
Removes a crate with an outstanding vulnerability.
2023-08-25 07:43:07 -06:00
Heyang Zhou
6d4a005e41
feat(ext/kv): connect to remote database (#20178)
This patch adds a `remote` backend for `ext/kv`. This supports
connection to Deno Deploy and potentially other services compatible with
the KV Connect protocol.
2023-08-22 13:56:00 +08:00
Asher Gomez
6fb7e8d93b
feat(permissions): add "--deny-*" flags (#19070)
This commit adds new "--deny-*" permission flags. These are complimentary to
"--allow-*" flags.

These flags can be used to restrict access to certain resources, even if they
were granted using "--allow-*" flags or the "--allow-all" ("-A") flag.

Eg. specifying "--allow-read --deny-read" will result in a permission error,
while "--allow-read --deny-read=/etc" will allow read access to all FS but the
"/etc" directory.

Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly
by adding, a new "PermissionStatus.partial" field. This field denotes that
while permission might be granted to requested resource, it's only partial (ie.
a "--deny-*" flag was specified that excludes some of the requested resources).
Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for
permissions like "Deno.permissions.query({ name: "read", path: "foo/" })"
will return "PermissionStatus { state: "granted", onchange: null, partial: true }",
denoting that some of the subpaths don't have read access.

Closes #18804.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
2023-08-03 13:19:19 +02:00
Leo Kettmeir
aa8078b688
feat(node/os): implement getPriority, setPriority & userInfo (#19370)
Takes #4202 over
Closes #17850 

---------

Co-authored-by: ecyrbe <ecyrbe@gmail.com>
2023-07-31 22:29:09 +02:00
Martin Fischer
801b9ec62d
chore: fix typos (#19572) 2023-06-26 09:10:27 -04:00
David Sherret
ff690b0ab4
chore: fix flaky stdio_streams_are_locked_in_permission_prompt (#19443) 2023-06-09 13:24:39 -04:00
David Sherret
5c55f2b4fb
chore: upgrade to Rust 1.70.0 (#19345)
Co-authored-by: linbingquan <695601626@qq.com>
2023-06-06 00:35:39 +00:00
Leo Kettmeir
be59e93220
refactor(node/http): don't use readablestream for writing to request (#19282)
Refactors the internal usage of a readablestream to write to the
resource directly

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-05-27 15:42:20 +02:00
David Sherret
5b4a9b48ae
refactor(ext/node): enforce interior mutable for NodePermissions to remove clones (#18831)
We can make `NodePermissions` rely on interior mutability (which the
`PermissionsContainer` is already doing) in order to not have to clone
everything all the time. This also reduces the chance of an accidental
`borrow` while `borrrow_mut`.
2023-04-24 21:07:48 -04:00
Luca Casonato
f90caa821c
refactor(ext/fs): abstract FS via FileSystem trait (#18599)
This commit abstracts out the specifics of the underlying system calls
FS operations behind a new `FileSystem` and `File` trait in the
`ext/fs` extension.

This allows other embedders to re-use ext/fs, but substituting in a
different FS backend.

This is likely not the final form of these traits. Eventually they will
be entirely `deno_core::Resource` agnostic, and will live in a seperate
crate.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-04-12 15:13:32 +02:00
Bartek Iwańczuk
51d3fb78ad
refactor: remove "ext/flash" (#18578)
With https://github.com/denoland/deno/pull/18568 landed we no longer
need "ext/flash". 

This commit removes "deno_flash" extension completely.

This should have some impact on the binary and snapshot size.

Closes https://github.com/denoland/deno/issues/17356
2023-04-03 19:01:02 +02:00
David Sherret
6fb6b0c1f3
chore: restore pty tests and make them run on the Linux CI (#18424)
1. Rewrites the tests to be more back and forth rather than getting the
output all at once (which I believe was causing the hangs on linux and
maybe mac)
2. Runs the pty tests on the linux ci.
3. Fixes a bunch of tests that were just wrong.
4. Adds timeouts on the pty tests.
2023-03-28 21:49:00 +00:00
Heyang Zhou
92ebf4afe5
feat(ext/kv): key-value store (#18232)
This commit adds unstable "Deno.openKv()" API that allows to open
a key-value database at a specified path.

---------

Co-authored-by: Luca Casonato <hello@lcas.dev>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-03-22 12:13:24 +08:00
David Sherret
fb021d7cef
refactor: remove usages of map_or / map_or_else (#18212)
These methods are confusing because the arguments are backwards. I feel
like they should have never been added to `Option<T>` and that clippy
should suggest rewriting to
`map(...).unwrap_or(...)`/`map(...).unwrap_or_else(|| ...)`

https://github.com/rust-lang/rfcs/issues/1025
2023-03-15 17:46:36 -04:00
Bartek Iwańczuk
c4771356f2
refactor: Remove call sites of "deno_core::resolve_url_or_path" (#18169)
These call sites didn't need to use "resolve_url_or_path".

Towards landing https://github.com/denoland/deno/pull/15454
2023-03-13 19:31:03 -04:00
Bartek Iwańczuk
78d430103a
fix(prompt): better output with control chars (#18108) 2023-03-10 01:09:14 +01:00
Bartek Iwańczuk
bb07e230d1
chore: update Rust to 1.68.0 (#18102) 2023-03-09 19:18:00 +00:00
Bartek Iwańczuk
fe368b72c1
refactor: Add "deno_fs" extension crate (#18040)
This commit factors out APIs related to file system from "runtime/"
to a separate "deno_fs" extension crate.
2023-03-07 18:13:44 +09:00
Bartek Iwańczuk
19bb23b60a
refactor(runtime): factor out FsPermissions for fs ops (#18012)
This will help us with moving fs ops to a separate extension crate.
2023-03-05 00:44:59 +01:00
Asher Gomez
c18e0d1d37
feat(permissions): grant all permission for a group in permission prompt (#17140)
This commit adds new "A" option to the interactive permission prompt, that will
allow all subsequent permissions for given group (domain). Ie. when querying for
permissions to access eg. env variables responding with "A" will allow access
to all environmental variables.

This works for all permission domains and should make permission prompts
more ergonomic for users.
2023-02-22 23:02:10 +01:00
Bartek Iwańczuk
9ea899afa7
refactor(permissions): use less space for permissions prompt (#17708) 2023-02-10 12:29:03 +01:00
David Sherret
f5840bdcd3
chore: upgrade to Rust 1.67 (#17548)
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-01-27 10:43:16 -05:00
Divy Srivastava
d5634164cb
chore: use rustfmt imports_granularity option (#17421)
Closes https://github.com/denoland/deno/issues/2699
Closes https://github.com/denoland/deno/issues/2347

Uses unstable rustfmt features. Since dprint invokes `rustfmt` we do not
need to switch the cargo toolchain to nightly. Do we care about
formatting stability of our codebase across Rust versions? (I don't)
2023-01-14 23:18:58 -05:00
Yiyu Lin
fd85f840cd
refactor: clean up unwrap and clone (#17282)
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
2023-01-15 09:36:46 +05:30
Bartek Iwańczuk
1b17985c5a
fix(permissions): lock stdio streams when prompt is shown (#17392)
This commit changes permission prompt to lock stdio streams when prompt
is shown.
2023-01-13 10:05:07 -05:00
Bartek Iwańczuk
fac6447815
refactor(permissions): add PermissionsContainer struct for internal mutability (#17134)
Turns out we were cloning permissions which after prompting were discarded,
so the state of permissions was never preserved. To handle that we need to store
all permissions behind "Arc<Mutex<>>" (because there are situations where we
need to send them to other thread).

Testing and benching code still uses "Permissions" in most places - it's undesirable
to share the same permission set between various test/bench files - otherwise
granting or revoking permissions in one file would influence behavior of other test
files.
2023-01-07 17:25:34 +01:00
Bartek Iwańczuk
7a5b6a3261
fix(permissions): fix italic font in permission prompt (#17249) 2023-01-03 17:30:15 +01:00
David Sherret
10e4b2e140
chore: update copyright year to 2023 (#17247)
Yearly tradition of creating extra noise in git.
2023-01-02 21:00:42 +00:00
Kamil Ogórek
7ce2b58bcf
feat(unstable): Add "Deno.osUptime()" API (#17179)
This PR adds support for `Deno.osUptime` which reports number of seconds
since os was booted. It will allow us to be compatible with Node's `os.uptime` -
https://nodejs.org/api/os.html#osuptime

Partially based on
https://docs.rs/uptime_lib/latest/src/uptime_lib/lib.rs.html
2022-12-27 00:16:12 +01:00
Bartek Iwańczuk
4258e06f87
fix(permissions): add information about import() API request (#17149)
This commit changes permission prompt to show that "import()" API
is requesting permissions.

Given "dynamic_import.js" like so:
```
import("https://deno.land/std@0.170.0/version.ts");
```

Before:
```
deno run dynamic_import.js
⚠️  ┌ Deno requests net access to "deno.land".
   ├ Run again with --allow-net to bypass this prompt.
   └ Allow? [y/n] (y = yes, allow; n = no, deny) > 

```

After:
```
deno run dynamic_import.js
⚠️  ┌ Deno requests net access to "deno.land".
   ├ Requested by `import()` API
   ├ Run again with --allow-net to bypass this prompt.
   └ Allow? [y/n] (y = yes, allow; n = no, deny) >

```
2022-12-21 14:24:39 +01:00
David Sherret
2ff27a1f93
fix: hide progress bars when showing permission prompt (#17130)
Also adds download bytes progress when downloading remote specifiers.

Closes #16860
2022-12-19 14:31:19 -05:00
Bartek Iwańczuk
7b212bc574
refactor(permissions): factor out PermissionPrompter trait, add callbacks (#16975)
This commit refactors several things in "runtime/permissions" module:
- splits it into "mod.rs" and "prompter.rs"
- adds "PermissionPrompter" trait with two implementations:
 * "TtyPrompter"
 * "TestPrompter"
- adds "before" and "after" prompt callback which can be used to hide
progress bar in the CLI (to be done in a follow up)
- "permissions_prompt" API returns "PromptResponse" enum, instead
of a boolean; this allows to add "allow all"/"deny all" functionality
for the prompt
2022-12-18 01:12:28 +01:00