1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-15 02:20:15 -05:00
denoland-deno/runtime/js/10_permissions.js
Asher Gomez 6fb7e8d93b
feat(permissions): add "--deny-*" flags (#19070)
This commit adds new "--deny-*" permission flags. These are complimentary to
"--allow-*" flags.

These flags can be used to restrict access to certain resources, even if they
were granted using "--allow-*" flags or the "--allow-all" ("-A") flag.

Eg. specifying "--allow-read --deny-read" will result in a permission error,
while "--allow-read --deny-read=/etc" will allow read access to all FS but the
"/etc" directory.

Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly
by adding, a new "PermissionStatus.partial" field. This field denotes that
while permission might be granted to requested resource, it's only partial (ie.
a "--deny-*" flag was specified that excludes some of the requested resources).
Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for
permissions like "Deno.permissions.query({ name: "read", path: "foo/" })"
will return "PermissionStatus { state: "granted", onchange: null, partial: true }",
denoting that some of the subpaths don't have read access.

Closes #18804.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
2023-08-03 13:19:19 +02:00

294 lines
7.1 KiB
JavaScript

// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
const core = globalThis.Deno.core;
const ops = core.ops;
import { pathFromURL } from "ext:deno_web/00_infra.js";
import { Event, EventTarget } from "ext:deno_web/02_event.js";
const primordials = globalThis.__bootstrap.primordials;
const {
ArrayIsArray,
ArrayPrototypeIncludes,
ArrayPrototypeMap,
ArrayPrototypeSlice,
MapPrototypeGet,
MapPrototypeHas,
MapPrototypeSet,
FunctionPrototypeCall,
PromiseResolve,
PromiseReject,
ReflectHas,
SafeArrayIterator,
SafeMap,
Symbol,
SymbolFor,
TypeError,
} = primordials;
const illegalConstructorKey = Symbol("illegalConstructorKey");
/**
* @typedef StatusCacheValue
* @property {PermissionState} state
* @property {PermissionStatus} status
* @property {boolean} partial
*/
/** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "sys" | "run" | "ffi" | "hrtime">} */
const permissionNames = [
"read",
"write",
"net",
"env",
"sys",
"run",
"ffi",
"hrtime",
];
/**
* @param {Deno.PermissionDescriptor} desc
* @returns {Deno.PermissionState}
*/
function opQuery(desc) {
return ops.op_query_permission(desc);
}
/**
* @param {Deno.PermissionDescriptor} desc
* @returns {Deno.PermissionState}
*/
function opRevoke(desc) {
return ops.op_revoke_permission(desc);
}
/**
* @param {Deno.PermissionDescriptor} desc
* @returns {Deno.PermissionState}
*/
function opRequest(desc) {
return ops.op_request_permission(desc);
}
class PermissionStatus extends EventTarget {
/** @type {{ state: Deno.PermissionState, partial: boolean }} */
#status;
/** @type {((this: PermissionStatus, event: Event) => any) | null} */
onchange = null;
/** @returns {Deno.PermissionState} */
get state() {
return this.#status.state;
}
/** @returns {boolean} */
get partial() {
return this.#status.partial;
}
/**
* @param {{ state: Deno.PermissionState, partial: boolean }} status
* @param {unknown} key
*/
constructor(status = null, key = null) {
if (key != illegalConstructorKey) {
throw new TypeError("Illegal constructor.");
}
super();
this.#status = status;
}
/**
* @param {Event} event
* @returns {boolean}
*/
dispatchEvent(event) {
let dispatched = super.dispatchEvent(event);
if (dispatched && this.onchange) {
FunctionPrototypeCall(this.onchange, this, event);
dispatched = !event.defaultPrevented;
}
return dispatched;
}
[SymbolFor("Deno.privateCustomInspect")](inspect) {
const object = { state: this.state, onchange: this.onchange };
if (this.partial) object.partial = this.partial;
return `${this.constructor.name} ${inspect(object)}`;
}
}
/** @type {Map<string, StatusCacheValue>} */
const statusCache = new SafeMap();
/**
* @param {Deno.PermissionDescriptor} desc
* @param {{ state: Deno.PermissionState, partial: boolean }} rawStatus
* @returns {PermissionStatus}
*/
function cache(desc, rawStatus) {
let { name: key } = desc;
if (
(desc.name === "read" || desc.name === "write" || desc.name === "ffi") &&
ReflectHas(desc, "path")
) {
key += `-${desc.path}&`;
} else if (desc.name === "net" && desc.host) {
key += `-${desc.host}&`;
} else if (desc.name === "run" && desc.command) {
key += `-${desc.command}&`;
} else if (desc.name === "env" && desc.variable) {
key += `-${desc.variable}&`;
} else if (desc.name === "sys" && desc.kind) {
key += `-${desc.kind}&`;
} else {
key += "$";
}
if (MapPrototypeHas(statusCache, key)) {
const cachedObj = MapPrototypeGet(statusCache, key);
if (
cachedObj.state !== rawStatus.state ||
cachedObj.partial !== rawStatus.partial
) {
cachedObj.state = rawStatus.state;
cachedObj.partial = rawStatus.partial;
cachedObj.status.dispatchEvent(
new Event("change", { cancelable: false }),
);
}
return cachedObj.status;
}
/** @type {{ state: Deno.PermissionState, partial: boolean, status?: PermissionStatus }} */
const obj = rawStatus;
obj.status = new PermissionStatus(obj, illegalConstructorKey);
MapPrototypeSet(statusCache, key, obj);
return obj.status;
}
/**
* @param {unknown} desc
* @returns {desc is Deno.PermissionDescriptor}
*/
function isValidDescriptor(desc) {
return typeof desc === "object" && desc !== null &&
ArrayPrototypeIncludes(permissionNames, desc.name);
}
/**
* @param {Deno.PermissionDescriptor} desc
* @returns {desc is Deno.PermissionDescriptor}
*/
function formDescriptor(desc) {
if (
desc.name === "read" || desc.name === "write" || desc.name === "ffi"
) {
desc.path = pathFromURL(desc.path);
} else if (desc.name === "run") {
desc.command = pathFromURL(desc.command);
}
}
class Permissions {
constructor(key = null) {
if (key != illegalConstructorKey) {
throw new TypeError("Illegal constructor.");
}
}
query(desc) {
try {
return PromiseResolve(this.querySync(desc));
} catch (error) {
return PromiseReject(error);
}
}
querySync(desc) {
if (!isValidDescriptor(desc)) {
throw new TypeError(
`The provided value "${desc?.name}" is not a valid permission name.`,
);
}
formDescriptor(desc);
const status = opQuery(desc);
return cache(desc, status);
}
revoke(desc) {
try {
return PromiseResolve(this.revokeSync(desc));
} catch (error) {
return PromiseReject(error);
}
}
revokeSync(desc) {
if (!isValidDescriptor(desc)) {
throw new TypeError(
`The provided value "${desc?.name}" is not a valid permission name.`,
);
}
formDescriptor(desc);
const status = opRevoke(desc);
return cache(desc, status);
}
request(desc) {
try {
return PromiseResolve(this.requestSync(desc));
} catch (error) {
return PromiseReject(error);
}
}
requestSync(desc) {
if (!isValidDescriptor(desc)) {
throw new TypeError(
`The provided value "${desc?.name}" is not a valid permission name.`,
);
}
formDescriptor(desc);
const status = opRequest(desc);
return cache(desc, status);
}
}
const permissions = new Permissions(illegalConstructorKey);
/** Converts all file URLs in FS allowlists to paths. */
function serializePermissions(permissions) {
if (typeof permissions == "object" && permissions != null) {
const serializedPermissions = {};
for (
const key of new SafeArrayIterator(["read", "write", "run", "ffi"])
) {
if (ArrayIsArray(permissions[key])) {
serializedPermissions[key] = ArrayPrototypeMap(
permissions[key],
(path) => pathFromURL(path),
);
} else {
serializedPermissions[key] = permissions[key];
}
}
for (
const key of new SafeArrayIterator(["env", "hrtime", "net", "sys"])
) {
if (ArrayIsArray(permissions[key])) {
serializedPermissions[key] = ArrayPrototypeSlice(permissions[key]);
} else {
serializedPermissions[key] = permissions[key];
}
}
return serializedPermissions;
}
return permissions;
}
export { Permissions, permissions, PermissionStatus, serializePermissions };