1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-29 02:29:06 -05:00
denoland-deno/runtime/ops/permissions.rs
Asher Gomez 6fb7e8d93b
feat(permissions): add "--deny-*" flags (#19070)
This commit adds new "--deny-*" permission flags. These are complimentary to
"--allow-*" flags.

These flags can be used to restrict access to certain resources, even if they
were granted using "--allow-*" flags or the "--allow-all" ("-A") flag.

Eg. specifying "--allow-read --deny-read" will result in a permission error,
while "--allow-read --deny-read=/etc" will allow read access to all FS but the
"/etc" directory.

Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly
by adding, a new "PermissionStatus.partial" field. This field denotes that
while permission might be granted to requested resource, it's only partial (ie.
a "--deny-*" flag was specified that excludes some of the requested resources).
Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for
permissions like "Deno.permissions.query({ name: "read", path: "foo/" })"
will return "PermissionStatus { state: "granted", onchange: null, partial: true }",
denoting that some of the subpaths don't have read access.

Closes #18804.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
2023-08-03 13:19:19 +02:00

164 lines
4.7 KiB
Rust

// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
use crate::permissions::parse_sys_kind;
use crate::permissions::PermissionState;
use crate::permissions::PermissionsContainer;
use deno_core::error::custom_error;
use deno_core::error::uri_error;
use deno_core::error::AnyError;
use deno_core::op;
use deno_core::url;
use deno_core::OpState;
use serde::Deserialize;
use serde::Serialize;
use std::path::Path;
deno_core::extension!(
deno_permissions,
ops = [
op_query_permission,
op_revoke_permission,
op_request_permission,
],
);
#[derive(Deserialize)]
pub struct PermissionArgs {
name: String,
path: Option<String>,
host: Option<String>,
variable: Option<String>,
kind: Option<String>,
command: Option<String>,
}
#[derive(Serialize)]
pub struct PermissionStatus {
state: String,
partial: bool,
}
impl From<PermissionState> for PermissionStatus {
fn from(state: PermissionState) -> Self {
PermissionStatus {
state: if state == PermissionState::GrantedPartial {
PermissionState::Granted.to_string()
} else {
state.to_string()
},
partial: state == PermissionState::GrantedPartial,
}
}
}
#[op]
pub fn op_query_permission(
state: &mut OpState,
args: PermissionArgs,
) -> Result<PermissionStatus, AnyError> {
let permissions = state.borrow::<PermissionsContainer>().0.lock();
let path = args.path.as_deref();
let perm = match args.name.as_ref() {
"read" => permissions.read.query(path.map(Path::new)),
"write" => permissions.write.query(path.map(Path::new)),
"net" => permissions.net.query(
match args.host.as_deref() {
None => None,
Some(h) => Some(parse_host(h)?),
}
.as_ref(),
),
"env" => permissions.env.query(args.variable.as_deref()),
"sys" => permissions
.sys
.query(args.kind.as_deref().map(parse_sys_kind).transpose()?),
"run" => permissions.run.query(args.command.as_deref()),
"ffi" => permissions.ffi.query(args.path.as_deref().map(Path::new)),
"hrtime" => permissions.hrtime.query(),
n => {
return Err(custom_error(
"ReferenceError",
format!("No such permission name: {n}"),
))
}
};
Ok(PermissionStatus::from(perm))
}
#[op]
pub fn op_revoke_permission(
state: &mut OpState,
args: PermissionArgs,
) -> Result<PermissionStatus, AnyError> {
let mut permissions = state.borrow_mut::<PermissionsContainer>().0.lock();
let path = args.path.as_deref();
let perm = match args.name.as_ref() {
"read" => permissions.read.revoke(path.map(Path::new)),
"write" => permissions.write.revoke(path.map(Path::new)),
"net" => permissions.net.revoke(
match args.host.as_deref() {
None => None,
Some(h) => Some(parse_host(h)?),
}
.as_ref(),
),
"env" => permissions.env.revoke(args.variable.as_deref()),
"sys" => permissions
.sys
.revoke(args.kind.as_deref().map(parse_sys_kind).transpose()?),
"run" => permissions.run.revoke(args.command.as_deref()),
"ffi" => permissions.ffi.revoke(args.path.as_deref().map(Path::new)),
"hrtime" => permissions.hrtime.revoke(),
n => {
return Err(custom_error(
"ReferenceError",
format!("No such permission name: {n}"),
))
}
};
Ok(PermissionStatus::from(perm))
}
#[op]
pub fn op_request_permission(
state: &mut OpState,
args: PermissionArgs,
) -> Result<PermissionStatus, AnyError> {
let mut permissions = state.borrow_mut::<PermissionsContainer>().0.lock();
let path = args.path.as_deref();
let perm = match args.name.as_ref() {
"read" => permissions.read.request(path.map(Path::new)),
"write" => permissions.write.request(path.map(Path::new)),
"net" => permissions.net.request(
match args.host.as_deref() {
None => None,
Some(h) => Some(parse_host(h)?),
}
.as_ref(),
),
"env" => permissions.env.request(args.variable.as_deref()),
"sys" => permissions
.sys
.request(args.kind.as_deref().map(parse_sys_kind).transpose()?),
"run" => permissions.run.request(args.command.as_deref()),
"ffi" => permissions.ffi.request(args.path.as_deref().map(Path::new)),
"hrtime" => permissions.hrtime.request(),
n => {
return Err(custom_error(
"ReferenceError",
format!("No such permission name: {n}"),
))
}
};
Ok(PermissionStatus::from(perm))
}
fn parse_host(host_str: &str) -> Result<(String, Option<u16>), AnyError> {
let url = url::Url::parse(&format!("http://{host_str}/"))
.map_err(|_| uri_error("Invalid host"))?;
if url.path() != "/" {
return Err(uri_error("Invalid host"));
}
let hostname = url.host_str().unwrap();
Ok((hostname.to_string(), url.port()))
}