1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-22 07:14:47 -05:00
Commit graph

36 commits

Author SHA1 Message Date
Yazan AbdAl-Rahman
b729bf0ad9
feat(permission): support suffix wildcards in --allow-env flag (#25255)
This commit adds support for suffix wildcard for `--allow-env` flag.

Specifying flag like `--allow-env=DENO_*` will enable access to all
environmental variables starting with `DENO_*`.

Closes #24847

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: David Sherret <dsherret@gmail.com>
2024-11-20 23:30:43 +00:00
Richard Carson
01f3451869
chore: make fields public on PermissionDeniedError and deno_kv::KvConfig (#26798)
A few small changes to avoid needing unsafe mem transmutes to
instantiate the extensions

---------

Signed-off-by: Richard Carson <Rscarson@rogers.com>
2024-11-12 17:49:49 +00:00
Divy Srivastava
7179bdcc77
fix(ext/node): handle --allow-sys=inspector (#26836)
`op_inspector_open` checks for "inspector" as one of the allowed sys
value.
2024-11-12 16:55:49 +01:00
Leo Kettmeir
fe9f0ee593
refactor(runtime/permissions): use concrete error types (#26464) 2024-11-04 09:17:21 -08:00
Nathan Whitaker
6c6bbeb974
fix(node): Implement os.userInfo properly, add missing toPrimitive (#24702)
Fixes the implementation of `os.userInfo`, and adds a missing
`toPrimitive` for `tmpdir`. This allows us to enable the corresponding
node_compat test.
2024-10-31 22:18:33 -07:00
Lucas Nogueira
40b4b9aaa3
feat(permissions): expose PromptResponse (#26358)
follow-up for #26327
2024-10-17 11:36:34 -07:00
Lucas Nogueira
3b62e05062
feat(permissions): expose PermissionPrompter and set_prompter function (#26327)
when defining a custom runtime, it might be useful to define a custom
prompter - for instance when you are not relying on the terminal and
want a GUI prompter instead
2024-10-17 12:39:18 -04:00
David Sherret
2de4faa483
refactor: improve node permission checks (#26028)
Does less work when requesting permissions with `-A`
2024-10-04 20:55:41 +01:00
Simon Lecoq
da7edf1c0c
fix: don't prompt when using Deno.permissions.request with --no-prompt (#25811) 2024-10-03 12:28:38 +00:00
David Sherret
c8f692057b
refactor: bury descriptor parsing in PermissionsContainer (#25936)
Closes https://github.com/denoland/deno/issues/25634
2024-09-30 09:19:24 -04:00
David Sherret
fc739dc5eb
refactor: use deno_path_util (#25918) 2024-09-28 07:55:01 -04:00
Bartek Iwańczuk
5504acea67
feat: add --allow-import flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.

By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.

Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:

```ts
deno run -A -r https://fresh.deno.dev
```

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-26 01:50:54 +00:00
Leo Kettmeir
3e053f8f06
fix(flags): properly error out for urls (#25770)
Closes https://github.com/denoland/deno/issues/25760
2024-09-20 11:10:46 -07:00
Yazan AbdAl-Rahman
bed46474b2
fix: do not panic running invalid file specifier (#25530)
Co-authored-by: Bedis Nbiba <bedisnbiba@gmail.com>
2024-09-18 14:51:39 +01:00
David Sherret
62e952559f
refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)
This makes the permission system more versatile.
2024-09-16 21:39:37 +01:00
Luca Casonato
7bfcb4dd10
feat(cli): use NotCapable error for permission errors (#25431)
Closes #7394

---------

Co-authored-by: snek <snek@deno.com>
2024-09-10 11:12:24 -07:00
Bartek Iwańczuk
5dedb49ac4
refactor(permissions): remove FromStr implementations, add ::parse methods (#25473)
The `.parse()` calls in permission code are only making it more
confusing, verbosity
is encouraged and welcome in this code even at the cost of not being
concise.

Left a couple TODOs to not use `AnyError`.
2024-09-06 11:28:53 +02:00
David Sherret
dd208a6df0
fix(regression): do not expose resolved path in Deno.Command permission denied error (#25434)
Regression from https://github.com/denoland/deno/pull/25370
2024-09-04 22:57:49 +00:00
David Sherret
74fc66da11
fix: lock down allow-run permissions more (#25370)
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.

1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
2024-09-04 14:51:24 +02:00
Luca Casonato
5cf97f539b
BREAKING(permissions): remove --allow-hrtime (#25367)
Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because
it is already possible to get access to high resolution timers through
workers and SharedArrayBuffer.

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-09-03 11:24:25 +02:00
Yazan AbdAl-Rahman
4f49f703c1
fix(cli): update permission prompt message for compiled binaries (#24081)
Co-authored-by: David Sherret <dsherret@gmail.com>
2024-08-20 01:20:06 +00:00
David Sherret
bf510544ef
chore: improve accessing special file test (#25099) 2024-08-19 16:21:27 -04:00
Adam Gregory
82f9216610
fix: Add sys permission kinds for node compat (#24242)
Fixes #24241

* Support "statfs", "username", "getPriority" and "setPriority" kinds
for `--allow-sys`.
* Check individual permissions in `node:os.userInfo()` instead of a
single "userInfo" permission.
* Check for "uid" permission in `node:process.geteuid()` instead of
"geteuid".
* Add missing "homedir" to `SysPermissionDescriptor.kind` union

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-07-10 15:15:43 +02:00
Luca Casonato
74ac29bae6
fix(permissions): handle ipv6 addresses correctly (#24397)
Also don't panic on invalid domain names and addresses.

Extracted with cleanups up from #24080

Co-authored-by: Yazan AbdAl-Rahman <yazan.abdalrahman@exalt.ps>
2024-07-05 23:45:06 +01:00
Nathan Whitaker
d4d3a3c54f
fix(node): Implement fs.lchown (and process.getegid) (#24418)
Closes https://github.com/denoland/deno/issues/21260.
Part of https://github.com/denoland/deno/issues/18218.

Implements `node:fs.lchown`, and enables the node_compat test for it.
The test uses `process.getegid`, which we didn't have implemented, so I
went ahead and implemented that as well to get the test working.
2024-07-05 18:32:51 +00:00
Satya Rohith
0f48313565
chore: upgrade to rust 1.79 (#24207) 2024-06-14 17:10:57 +05:30
Divy Srivastava
bba553bea5
fix(ext/node): homedir() getpwuid/SHGetKnownFolderPath fallback (#23841)
**Unix**: Returns the value of the HOME environment variable if it is
set even if it is an empty string. Otherwise, it tries to determine the
home directory by invoking the
[getpwuid_r](https://linux.die.net/man/3/getpwuid_r) function with the
UID of the current user.

**Windows**: Returns the value of the USERPROFILE environment variable
if it is set and it is not an empty string. Otherwise, it tries to
determine the home directory by invoking the
[SHGetKnownFolderPath](https://learn.microsoft.com/en-us/windows/win32/api/shlobj_core/nf-shlobj_core-shgetknownfolderpath)
function with
[FOLDERID_Profile](https://learn.microsoft.com/en-us/windows/win32/shell/knownfolderid).

Fixes https://github.com/denoland/deno/issues/23824
2024-05-16 10:52:40 +05:30
Matt Mastracci
adc7b3de26
fix(runtime): Allow opening /dev/fd/XXX for unix (#23743)
`deno run script.ts <(some command)` is a valid use case -- let's allow
this to work without `--allow-all`.

Fixes #23703
2024-05-10 11:21:36 -06:00
Matt Mastracci
9f7f681e26
fix(runtime): allow nul device on windows (#23741)
Fixes [23721](https://github.com/denoland/deno/issues/23721)
2024-05-08 14:39:06 -06:00
Luca Casonato
f3cc760f2f
fix(runtime): allow r/w access to /etc without --allow-all (#23718)
This is not a special path that can be used to escalate or bypass Deno
permissions, such as `--allow-env`.
2024-05-07 14:51:42 +02:00
Matt Mastracci
472a370640
feat(runtime): Allow embedders to perform additional access checks on file open (#23208)
Embedders may have special requirements around file opening, so we add a
new `check_open` permission check that is called as part of the file
open process.
2024-04-19 18:12:03 -06:00
Nayeem Rahman
2cd9c6a8e6
fix(runtime): use FQDN in NetDescriptor (#23084) 2024-03-26 23:27:40 +00:00
Matt Mastracci
c9a9d040a3
perf(permissions): Fast exit from checks when permission is in "fully-granted" state (#22894)
Skips the access check if the specific unary permission is in an
all-granted state. Generally prevents an allocation or two.

Hooks up a quiet "all" permission that is automatically inherited. This
permission will be used in the future to indicate that the user wishes
to accept all side-effects of the permissions they explicitly granted.

The "all" permission is an "ambient flag"-style permission that states
whether "allow-all" was passed on the command-line.
2024-03-13 14:30:48 -06:00
Matt Mastracci
eccdb0e99a
chore(permissions): add allow_all flag (#22890)
Unlocking a potential perf optimization at a later date -- carry the
`allow_all` flag into the permission container.
2024-03-13 16:07:24 +00:00
Nayeem Rahman
485b4c6301
fix(runtime): negate partial condition for deny flags (#22866) 2024-03-12 22:12:29 +00:00
Divy Srivastava
de28e6fc09
refactor: add deno_permissions crate (#22236)
Issue https://github.com/denoland/deno/issues/22222


![image](https://github.com/denoland/deno/assets/34997667/2af8474b-b919-4519-98ce-9d29bc7829f2)

This PR moves `runtime/permissions` code to a upstream crate called
`deno_permissions`. The `deno_permissions::PermissionsContainer` is put
into the OpState and can be used instead of the current trait-based
permissions system.

For this PR, I've migrated `deno_fetch` to the new crate but kept the
rest of the trait-based system as a wrapper of `deno_permissions` crate.
Doing the migration all at once is error prone and hard to review.

Comparing incremental compile times for `ext/fetch` on Mac M1:

| profile | `cargo build --bin deno` | `cargo plonk build --bin deno` |
| --------- | ------------- | ------------------- |
| `debug`   | 20 s          | 0.8s                |
| `release` | 4 mins 12 s   | 1.4s                  |
2024-03-12 10:42:26 -07:00
Renamed from runtime/permissions/mod.rs (Browse further)