mirror of
https://github.com/denoland/deno.git
synced 2024-10-30 09:08:00 -04:00
1cce306022
Closes #14122. Adds two extensions to `--allow-run` behaviour: - When `--allow-run=foo` is specified and `foo` is found in the `PATH` at startup, `RunDescriptor::Path(which("foo"))` is added to the allowlist alongside `RunDescriptor::Name("foo")`. Currently only the latter is. - When run permission for `foo` is queried and `foo` is found in the `PATH` at runtime, either `RunDescriptor::Path(which("foo"))` or `RunDescriptor::Name("foo")` would qualify in the allowlist. Currently only the latter does.
66 lines
2.5 KiB
TypeScript
66 lines
2.5 KiB
TypeScript
// Testing the following (but with `deno` instead of `echo`):
|
|
// | `deno run --allow-run=echo` | `which path == "/usr/bin/echo"` at startup | `which path != "/usr/bin/echo"` at startup |
|
|
// |-------------------------------------|--------------------------------------------|--------------------------------------------|
|
|
// | **`Deno.Command("echo")`** | ✅ | ✅ |
|
|
// | **`Deno.Command("/usr/bin/echo")`** | ✅ | ❌ |
|
|
|
|
// | `deno run --allow-run=/usr/bin/echo | `which path == "/usr/bin/echo"` at runtime | `which path != "/usr/bin/echo"` at runtime |
|
|
// |-------------------------------------|--------------------------------------------|--------------------------------------------|
|
|
// | **`Deno.Command("echo")`** | ✅ | ❌ |
|
|
// | **`Deno.Command("/usr/bin/echo")`** | ✅ | ✅ |
|
|
|
|
const execPath = Deno.execPath();
|
|
const execPathParent = execPath.replace(/[/\\][^/\\]+$/, "");
|
|
|
|
const testUrl = `data:application/typescript;base64,${
|
|
btoa(`
|
|
console.log(await Deno.permissions.query({ name: "run", command: "deno" }));
|
|
console.log(await Deno.permissions.query({ name: "run", command: "${
|
|
execPath.replaceAll("\\", "\\\\")
|
|
}" }));
|
|
Deno.env.set("PATH", "");
|
|
console.log(await Deno.permissions.query({ name: "run", command: "deno" }));
|
|
console.log(await Deno.permissions.query({ name: "run", command: "${
|
|
execPath.replaceAll("\\", "\\\\")
|
|
}" }));
|
|
`)
|
|
}`;
|
|
|
|
const process1 = await new Deno.Command(Deno.execPath(), {
|
|
args: [
|
|
"run",
|
|
"--quiet",
|
|
"--allow-env",
|
|
"--allow-run=deno",
|
|
testUrl,
|
|
],
|
|
stderr: "null",
|
|
env: { "PATH": execPathParent },
|
|
}).output();
|
|
console.log(new TextDecoder().decode(process1.stdout));
|
|
|
|
const process2 = await new Deno.Command(Deno.execPath(), {
|
|
args: [
|
|
"run",
|
|
"--quiet",
|
|
"--allow-env",
|
|
"--allow-run=deno",
|
|
testUrl,
|
|
],
|
|
stderr: "null",
|
|
env: { "PATH": "" },
|
|
}).output();
|
|
console.log(new TextDecoder().decode(process2.stdout));
|
|
|
|
const process3 = await new Deno.Command(Deno.execPath(), {
|
|
args: [
|
|
"run",
|
|
"--quiet",
|
|
"--allow-env",
|
|
`--allow-run=${execPath}`,
|
|
testUrl,
|
|
],
|
|
stderr: "null",
|
|
env: { "PATH": execPathParent },
|
|
}).output();
|
|
console.log(new TextDecoder().decode(process3.stdout));
|