1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-05 05:49:20 -05:00
denoland-deno/cli/tests/testdata/allow_run_allowlist_resolution.ts
Nayeem Rahman 1cce306022
fix(runtime/permissions): Resolve executable specifiers in allowlists and queries (#14130)
Closes #14122.

Adds two extensions to `--allow-run` behaviour:
- When `--allow-run=foo` is specified and `foo` is found in the `PATH`
at startup, `RunDescriptor::Path(which("foo"))` is added to the
allowlist alongside `RunDescriptor::Name("foo")`. Currently only the
latter is.
- When run permission for `foo` is queried and `foo` is found in the
`PATH` at runtime, either `RunDescriptor::Path(which("foo"))` or
`RunDescriptor::Name("foo")` would qualify in the allowlist. Currently
only the latter does.
2023-08-30 18:52:01 +01:00

66 lines
2.5 KiB
TypeScript

// Testing the following (but with `deno` instead of `echo`):
// | `deno run --allow-run=echo` | `which path == "/usr/bin/echo"` at startup | `which path != "/usr/bin/echo"` at startup |
// |-------------------------------------|--------------------------------------------|--------------------------------------------|
// | **`Deno.Command("echo")`** | ✅ | ✅ |
// | **`Deno.Command("/usr/bin/echo")`** | ✅ | ❌ |
// | `deno run --allow-run=/usr/bin/echo | `which path == "/usr/bin/echo"` at runtime | `which path != "/usr/bin/echo"` at runtime |
// |-------------------------------------|--------------------------------------------|--------------------------------------------|
// | **`Deno.Command("echo")`** | ✅ | ❌ |
// | **`Deno.Command("/usr/bin/echo")`** | ✅ | ✅ |
const execPath = Deno.execPath();
const execPathParent = execPath.replace(/[/\\][^/\\]+$/, "");
const testUrl = `data:application/typescript;base64,${
btoa(`
console.log(await Deno.permissions.query({ name: "run", command: "deno" }));
console.log(await Deno.permissions.query({ name: "run", command: "${
execPath.replaceAll("\\", "\\\\")
}" }));
Deno.env.set("PATH", "");
console.log(await Deno.permissions.query({ name: "run", command: "deno" }));
console.log(await Deno.permissions.query({ name: "run", command: "${
execPath.replaceAll("\\", "\\\\")
}" }));
`)
}`;
const process1 = await new Deno.Command(Deno.execPath(), {
args: [
"run",
"--quiet",
"--allow-env",
"--allow-run=deno",
testUrl,
],
stderr: "null",
env: { "PATH": execPathParent },
}).output();
console.log(new TextDecoder().decode(process1.stdout));
const process2 = await new Deno.Command(Deno.execPath(), {
args: [
"run",
"--quiet",
"--allow-env",
"--allow-run=deno",
testUrl,
],
stderr: "null",
env: { "PATH": "" },
}).output();
console.log(new TextDecoder().decode(process2.stdout));
const process3 = await new Deno.Command(Deno.execPath(), {
args: [
"run",
"--quiet",
"--allow-env",
`--allow-run=${execPath}`,
testUrl,
],
stderr: "null",
env: { "PATH": execPathParent },
}).output();
console.log(new TextDecoder().decode(process3.stdout));