Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
deno
提交
bca23e64
D
deno
项目概览
张重言
/
deno
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
deno
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
bca23e64
编写于
11月 24, 2019
作者:
K
Kevin (Kun) "Kassimo" Qian
提交者:
Ry Dahl
11月 24, 2019
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
refactor: Elevate DenoPermissions lock to top level (#3398)
上级
9e97eb28
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
166 addition
and
196 deletion
+166
-196
cli/compilers/ts.rs
cli/compilers/ts.rs
+1
-1
cli/compilers/wasm.rs
cli/compilers/wasm.rs
+1
-1
cli/lib.rs
cli/lib.rs
+1
-0
cli/ops/permissions.rs
cli/ops/permissions.rs
+21
-24
cli/ops/timers.rs
cli/ops/timers.rs
+2
-1
cli/ops/workers.rs
cli/ops/workers.rs
+3
-0
cli/permissions.rs
cli/permissions.rs
+119
-161
cli/state.rs
cli/state.rs
+15
-8
cli/worker.rs
cli/worker.rs
+3
-0
未找到文件。
cli/compilers/ts.rs
浏览文件 @
bca23e64
...
...
@@ -229,7 +229,7 @@ impl TsCompiler {
fn
setup_worker
(
global_state
:
ThreadSafeGlobalState
)
->
Worker
{
let
(
int
,
ext
)
=
ThreadSafeState
::
create_channels
();
let
worker_state
=
ThreadSafeState
::
new
(
global_state
.clone
(),
None
,
true
,
int
)
ThreadSafeState
::
new
(
global_state
.clone
(),
None
,
None
,
true
,
int
)
.expect
(
"Unable to create worker state"
);
// Count how many times we start the compiler worker.
...
...
cli/compilers/wasm.rs
浏览文件 @
bca23e64
...
...
@@ -47,7 +47,7 @@ impl WasmCompiler {
fn
setup_worker
(
global_state
:
ThreadSafeGlobalState
)
->
Worker
{
let
(
int
,
ext
)
=
ThreadSafeState
::
create_channels
();
let
worker_state
=
ThreadSafeState
::
new
(
global_state
.clone
(),
None
,
true
,
int
)
ThreadSafeState
::
new
(
global_state
.clone
(),
None
,
None
,
true
,
int
)
.expect
(
"Unable to create worker state"
);
// Count how many times we start the compiler worker.
...
...
cli/lib.rs
浏览文件 @
bca23e64
...
...
@@ -118,6 +118,7 @@ fn create_worker_and_state(
let
(
int
,
ext
)
=
ThreadSafeState
::
create_channels
();
let
state
=
ThreadSafeState
::
new
(
global_state
.clone
(),
None
,
global_state
.main_module
.clone
(),
true
,
int
,
...
...
cli/ops/permissions.rs
浏览文件 @
bca23e64
...
...
@@ -33,7 +33,8 @@ pub fn op_query_permission(
_
zero_copy
:
Option
<
PinnedBuf
>
,
)
->
Result
<
JsonOp
,
ErrBox
>
{
let
args
:
PermissionArgs
=
serde_json
::
from_value
(
args
)
?
;
let
perm
=
state
.permissions
.get_permission_state
(
let
permissions
=
state
.permissions
.lock
()
.unwrap
();
let
perm
=
permissions
.get_permission_state
(
&
args
.name
,
&
args
.url
.as_ref
()
.map
(
String
::
as_str
),
&
args
.path
.as_ref
()
.map
(
String
::
as_str
),
...
...
@@ -47,16 +48,17 @@ pub fn op_revoke_permission(
_
zero_copy
:
Option
<
PinnedBuf
>
,
)
->
Result
<
JsonOp
,
ErrBox
>
{
let
args
:
PermissionArgs
=
serde_json
::
from_value
(
args
)
?
;
let
mut
permissions
=
state
.permissions
.lock
()
.unwrap
();
match
args
.name
.as_ref
()
{
"run"
=>
state
.
permissions.allow_run
.revoke
(),
"read"
=>
state
.
permissions.allow_read
.revoke
(),
"write"
=>
state
.
permissions.allow_write
.revoke
(),
"net"
=>
state
.
permissions.allow_net
.revoke
(),
"env"
=>
state
.
permissions.allow_env
.revoke
(),
"hrtime"
=>
state
.
permissions.allow_hrtime
.revoke
(),
"run"
=>
permissions
.allow_run
.revoke
(),
"read"
=>
permissions
.allow_read
.revoke
(),
"write"
=>
permissions
.allow_write
.revoke
(),
"net"
=>
permissions
.allow_net
.revoke
(),
"env"
=>
permissions
.allow_env
.revoke
(),
"hrtime"
=>
permissions
.allow_hrtime
.revoke
(),
_
=>
{}
};
let
perm
=
state
.
permissions
.get_permission_state
(
let
perm
=
permissions
.get_permission_state
(
&
args
.name
,
&
args
.url
.as_ref
()
.map
(
String
::
as_str
),
&
args
.path
.as_ref
()
.map
(
String
::
as_str
),
...
...
@@ -70,23 +72,18 @@ pub fn op_request_permission(
_
zero_copy
:
Option
<
PinnedBuf
>
,
)
->
Result
<
JsonOp
,
ErrBox
>
{
let
args
:
PermissionArgs
=
serde_json
::
from_value
(
args
)
?
;
let
mut
permissions
=
state
.permissions
.lock
()
.unwrap
();
let
perm
=
match
args
.name
.as_ref
()
{
"run"
=>
Ok
(
state
.permissions
.request_run
()),
"read"
=>
Ok
(
state
.permissions
.request_read
(
&
args
.path
.as_ref
()
.map
(
String
::
as_str
)),
),
"write"
=>
Ok
(
state
.permissions
.request_write
(
&
args
.path
.as_ref
()
.map
(
String
::
as_str
)),
),
"net"
=>
state
.permissions
.request_net
(
&
args
.url
.as_ref
()
.map
(
String
::
as_str
)),
"env"
=>
Ok
(
state
.permissions
.request_env
()),
"hrtime"
=>
Ok
(
state
.permissions
.request_hrtime
()),
"run"
=>
Ok
(
permissions
.request_run
()),
"read"
=>
{
Ok
(
permissions
.request_read
(
&
args
.path
.as_ref
()
.map
(
String
::
as_str
)))
}
"write"
=>
{
Ok
(
permissions
.request_write
(
&
args
.path
.as_ref
()
.map
(
String
::
as_str
)))
}
"net"
=>
permissions
.request_net
(
&
args
.url
.as_ref
()
.map
(
String
::
as_str
)),
"env"
=>
Ok
(
permissions
.request_env
()),
"hrtime"
=>
Ok
(
permissions
.request_hrtime
()),
n
=>
Err
(
type_error
(
format!
(
"No such permission name: {}"
,
n
))),
}
?
;
Ok
(
JsonOp
::
Sync
(
json!
({
"state"
:
perm
.to_string
()
})))
...
...
cli/ops/timers.rs
浏览文件 @
bca23e64
...
...
@@ -66,11 +66,12 @@ fn op_now(
let
seconds
=
state
.start_time
.elapsed
()
.as_secs
();
let
mut
subsec_nanos
=
state
.start_time
.elapsed
()
.subsec_nanos
();
let
reduced_time_precision
=
2_000_000
;
// 2ms in nanoseconds
let
permissions
=
state
.permissions
.lock
()
.unwrap
();
// If the permission is not enabled
// Round the nano result on 2 milliseconds
// see: https://developer.mozilla.org/en-US/docs/Web/API/DOMHighResTimeStamp#Reduced_time_precision
if
!
state
.
permissions.allow_hrtime
.is_allow
()
{
if
!
permissions
.allow_hrtime
.is_allow
()
{
subsec_nanos
-=
subsec_nanos
%
reduced_time_precision
}
...
...
cli/ops/workers.rs
浏览文件 @
bca23e64
...
...
@@ -142,10 +142,13 @@ fn op_create_worker(
let
(
int
,
ext
)
=
ThreadSafeState
::
create_channels
();
let
child_state
=
ThreadSafeState
::
new
(
state
.global_state
.clone
(),
Some
(
parent_state
.permissions
.clone
()),
// by default share with parent
Some
(
module_specifier
.clone
()),
include_deno_namespace
,
int
,
)
?
;
// TODO: add a new option to make child worker not sharing permissions
// with parent (aka .clone(), requests from child won't reflect in parent)
let
name
=
format!
(
"USER-WORKER-{}"
,
specifier
);
let
deno_main_call
=
format!
(
"denoMain({})"
,
include_deno_namespace
);
let
mut
worker
=
...
...
cli/permissions.rs
浏览文件 @
bca23e64
...
...
@@ -13,166 +13,131 @@ use std::io;
use
std
::
path
::
PathBuf
;
#[cfg(test)]
use
std
::
sync
::
atomic
::
AtomicBool
;
use
std
::
sync
::
atomic
::{
AtomicUsize
,
Ordering
};
use
std
::
sync
::
Arc
;
#[cfg(test)]
use
std
::
sync
::
atomic
::
Ordering
;
use
url
::
Url
;
const
PERMISSION_EMOJI
:
&
str
=
"⚠️"
;
/// Tri-state value for storing permission state
#[derive(PartialEq,
Debug)]
pub
enum
Permission
Accessor
State
{
#[derive(PartialEq,
Debug
,
Clone,
Copy
)]
pub
enum
PermissionState
{
Allow
=
0
,
Ask
=
1
,
Deny
=
2
,
}
impl
Permission
Accessor
State
{
impl
PermissionState
{
/// Checks the permission state and returns the result.
pub
fn
check
(
self
,
msg
:
&
str
,
err_msg
:
&
str
)
->
Result
<
(),
ErrBox
>
{
if
self
==
Permission
Accessor
State
::
Allow
{
if
self
==
PermissionState
::
Allow
{
log_perm_access
(
msg
);
return
Ok
(());
}
Err
(
permission_denied_msg
(
err_msg
.to_string
()))
}
pub
fn
is_allow
(
self
)
->
bool
{
self
==
PermissionState
::
Allow
}
/// If the state is "Allow" walk it back to the default "Ask"
/// Don't do anything if state is "Deny"
pub
fn
revoke
(
&
mut
self
)
{
if
*
self
==
PermissionState
::
Allow
{
*
self
=
PermissionState
::
Ask
;
}
}
/// Requests the permission.
pub
fn
request
(
&
mut
self
,
msg
:
&
str
)
->
PermissionState
{
if
*
self
!=
PermissionState
::
Ask
{
return
*
self
;
}
if
permission_prompt
(
msg
)
{
*
self
=
PermissionState
::
Allow
;
}
else
{
*
self
=
PermissionState
::
Deny
;
}
*
self
}
}
impl
From
<
usize
>
for
Permission
Accessor
State
{
impl
From
<
usize
>
for
PermissionState
{
fn
from
(
val
:
usize
)
->
Self
{
match
val
{
0
=>
Permission
Accessor
State
::
Allow
,
1
=>
Permission
Accessor
State
::
Ask
,
2
=>
Permission
Accessor
State
::
Deny
,
0
=>
PermissionState
::
Allow
,
1
=>
PermissionState
::
Ask
,
2
=>
PermissionState
::
Deny
,
_
=>
unreachable!
(),
}
}
}
impl
From
<
bool
>
for
Permission
Accessor
State
{
impl
From
<
bool
>
for
PermissionState
{
fn
from
(
val
:
bool
)
->
Self
{
if
val
{
Permission
Accessor
State
::
Allow
PermissionState
::
Allow
}
else
{
Permission
Accessor
State
::
Ask
PermissionState
::
Ask
}
}
}
impl
fmt
::
Display
for
Permission
Accessor
State
{
impl
fmt
::
Display
for
PermissionState
{
fn
fmt
(
&
self
,
f
:
&
mut
fmt
::
Formatter
<
'_
>
)
->
fmt
::
Result
{
match
self
{
Permission
Accessor
State
::
Allow
=>
f
.pad
(
"granted"
),
Permission
Accessor
State
::
Ask
=>
f
.pad
(
"prompt"
),
Permission
Accessor
State
::
Deny
=>
f
.pad
(
"denied"
),
PermissionState
::
Allow
=>
f
.pad
(
"granted"
),
PermissionState
::
Ask
=>
f
.pad
(
"prompt"
),
PermissionState
::
Deny
=>
f
.pad
(
"denied"
),
}
}
}
#[derive(Clone,
Debug)]
pub
struct
PermissionAccessor
{
state
:
Arc
<
AtomicUsize
>
,
}
impl
PermissionAccessor
{
pub
fn
new
(
state
:
PermissionAccessorState
)
->
Self
{
Self
{
state
:
Arc
::
new
(
AtomicUsize
::
new
(
state
as
usize
)),
}
}
/// If the state is "Allow" walk it back to the default "Ask"
/// Don't do anything if state is "Deny"
pub
fn
revoke
(
&
self
)
{
if
self
.is_allow
()
{
self
.set_state
(
PermissionAccessorState
::
Ask
)
}
}
/// Requests the permission.
pub
fn
request
(
&
self
,
msg
:
&
str
)
->
PermissionAccessorState
{
let
state
=
self
.get_state
();
if
state
!=
PermissionAccessorState
::
Ask
{
return
state
;
}
self
.set_state
(
if
permission_prompt
(
msg
)
{
PermissionAccessorState
::
Allow
}
else
{
PermissionAccessorState
::
Deny
});
self
.get_state
()
}
pub
fn
is_allow
(
&
self
)
->
bool
{
self
.get_state
()
==
PermissionAccessorState
::
Allow
}
#[inline]
pub
fn
get_state
(
&
self
)
->
PermissionAccessorState
{
self
.state
.load
(
Ordering
::
SeqCst
)
.into
()
}
fn
set_state
(
&
self
,
state
:
PermissionAccessorState
)
{
self
.state
.store
(
state
as
usize
,
Ordering
::
SeqCst
)
}
}
impl
From
<
bool
>
for
PermissionAccessor
{
fn
from
(
val
:
bool
)
->
Self
{
Self
::
new
(
PermissionAccessorState
::
from
(
val
))
}
}
impl
Default
for
PermissionAccessor
{
impl
Default
for
PermissionState
{
fn
default
()
->
Self
{
Self
{
state
:
Arc
::
new
(
AtomicUsize
::
new
(
PermissionAccessorState
::
Ask
as
usize
)),
}
PermissionState
::
Ask
}
}
#[derive(Clone,
Debug,
Default)]
pub
struct
DenoPermissions
{
// Keep in sync with cli/js/permissions.ts
pub
allow_read
:
Permission
Accessor
,
pub
read_whitelist
:
Arc
<
HashSet
<
String
>
>
,
pub
allow_write
:
Permission
Accessor
,
pub
write_whitelist
:
Arc
<
HashSet
<
String
>
>
,
pub
allow_net
:
Permission
Accessor
,
pub
net_whitelist
:
Arc
<
HashSet
<
String
>
>
,
pub
allow_env
:
Permission
Accessor
,
pub
allow_run
:
Permission
Accessor
,
pub
allow_hrtime
:
Permission
Accessor
,
pub
allow_read
:
Permission
State
,
pub
read_whitelist
:
HashSet
<
String
>
,
pub
allow_write
:
Permission
State
,
pub
write_whitelist
:
HashSet
<
String
>
,
pub
allow_net
:
Permission
State
,
pub
net_whitelist
:
HashSet
<
String
>
,
pub
allow_env
:
Permission
State
,
pub
allow_run
:
Permission
State
,
pub
allow_hrtime
:
Permission
State
,
}
impl
DenoPermissions
{
pub
fn
from_flags
(
flags
:
&
DenoFlags
)
->
Self
{
Self
{
allow_read
:
PermissionAccessor
::
from
(
flags
.allow_read
),
read_whitelist
:
Arc
::
new
(
flags
.read_whitelist
.iter
()
.cloned
()
.collect
()),
allow_write
:
PermissionAccessor
::
from
(
flags
.allow_write
),
write_whitelist
:
Arc
::
new
(
flags
.write_whitelist
.iter
()
.cloned
()
.collect
(),
),
allow_net
:
PermissionAccessor
::
from
(
flags
.allow_net
),
net_whitelist
:
Arc
::
new
(
flags
.net_whitelist
.iter
()
.cloned
()
.collect
()),
allow_env
:
PermissionAccessor
::
from
(
flags
.allow_env
),
allow_run
:
PermissionAccessor
::
from
(
flags
.allow_run
),
allow_hrtime
:
PermissionAccessor
::
from
(
flags
.allow_hrtime
),
allow_read
:
PermissionState
::
from
(
flags
.allow_read
),
read_whitelist
:
flags
.read_whitelist
.iter
()
.cloned
()
.collect
(),
allow_write
:
PermissionState
::
from
(
flags
.allow_write
),
write_whitelist
:
flags
.write_whitelist
.iter
()
.cloned
()
.collect
(),
allow_net
:
PermissionState
::
from
(
flags
.allow_net
),
net_whitelist
:
flags
.net_whitelist
.iter
()
.cloned
()
.collect
(),
allow_env
:
PermissionState
::
from
(
flags
.allow_env
),
allow_run
:
PermissionState
::
from
(
flags
.allow_run
),
allow_hrtime
:
PermissionState
::
from
(
flags
.allow_hrtime
),
}
}
pub
fn
check_run
(
&
self
)
->
Result
<
(),
ErrBox
>
{
self
.allow_run
.
get_state
()
.
check
(
self
.allow_run
.check
(
"access to run a subprocess"
,
"run again with the --allow-run flag"
,
)
}
fn
get_state_read
(
&
self
,
filename
:
&
Option
<&
str
>
)
->
Permission
Accessor
State
{
fn
get_state_read
(
&
self
,
filename
:
&
Option
<&
str
>
)
->
PermissionState
{
if
check_path_white_list
(
filename
,
&
self
.read_whitelist
)
{
return
Permission
Accessor
State
::
Allow
;
return
PermissionState
::
Allow
;
}
self
.allow_read
.get_state
()
self
.allow_read
}
pub
fn
check_read
(
&
self
,
filename
:
&
str
)
->
Result
<
(),
ErrBox
>
{
...
...
@@ -182,14 +147,11 @@ impl DenoPermissions {
)
}
fn
get_state_write
(
&
self
,
filename
:
&
Option
<&
str
>
,
)
->
PermissionAccessorState
{
fn
get_state_write
(
&
self
,
filename
:
&
Option
<&
str
>
)
->
PermissionState
{
if
check_path_white_list
(
filename
,
&
self
.write_whitelist
)
{
return
Permission
Accessor
State
::
Allow
;
return
PermissionState
::
Allow
;
}
self
.allow_write
.get_state
()
self
.allow_write
}
pub
fn
check_write
(
&
self
,
filename
:
&
str
)
->
Result
<
(),
ErrBox
>
{
...
...
@@ -199,23 +161,19 @@ impl DenoPermissions {
)
}
fn
get_state_net
(
&
self
,
host
:
&
str
,
port
:
Option
<
u16
>
,
)
->
PermissionAccessorState
{
fn
get_state_net
(
&
self
,
host
:
&
str
,
port
:
Option
<
u16
>
)
->
PermissionState
{
if
check_host_and_port_whitelist
(
host
,
port
,
&
self
.net_whitelist
)
{
return
Permission
Accessor
State
::
Allow
;
return
PermissionState
::
Allow
;
}
self
.allow_net
.get_state
()
self
.allow_net
}
fn
get_state_net_url
(
&
self
,
url
:
&
Option
<&
str
>
,
)
->
Result
<
Permission
Accessor
State
,
ErrBox
>
{
)
->
Result
<
PermissionState
,
ErrBox
>
{
if
url
.is_none
()
{
return
Ok
(
self
.allow_net
.get_state
()
);
return
Ok
(
self
.allow_net
);
}
let
url
:
&
str
=
url
.unwrap
();
// If url is invalid, then throw a TypeError.
...
...
@@ -243,21 +201,21 @@ impl DenoPermissions {
}
pub
fn
check_env
(
&
self
)
->
Result
<
(),
ErrBox
>
{
self
.allow_env
.
get_state
()
.
check
(
self
.allow_env
.check
(
"access to environment variables"
,
"run again with the --allow-env flag"
,
)
}
pub
fn
request_run
(
&
self
)
->
PermissionAccessor
State
{
pub
fn
request_run
(
&
mut
self
)
->
Permission
State
{
self
.allow_run
.request
(
"Deno requests to access to run a subprocess."
)
}
pub
fn
request_read
(
&
self
,
path
:
&
Option
<&
str
>
)
->
PermissionAccessor
State
{
pub
fn
request_read
(
&
mut
self
,
path
:
&
Option
<&
str
>
)
->
Permission
State
{
if
check_path_white_list
(
path
,
&
self
.read_whitelist
)
{
return
Permission
Accessor
State
::
Allow
;
return
PermissionState
::
Allow
;
};
self
.allow_write
.request
(
&
match
path
{
None
=>
"Deno requests read access."
.to_string
(),
...
...
@@ -265,9 +223,9 @@ impl DenoPermissions {
})
}
pub
fn
request_write
(
&
self
,
path
:
&
Option
<&
str
>
)
->
PermissionAccessor
State
{
pub
fn
request_write
(
&
mut
self
,
path
:
&
Option
<&
str
>
)
->
Permission
State
{
if
check_path_white_list
(
path
,
&
self
.write_whitelist
)
{
return
Permission
Accessor
State
::
Allow
;
return
PermissionState
::
Allow
;
};
self
.allow_write
.request
(
&
match
path
{
None
=>
"Deno requests write access."
.to_string
(),
...
...
@@ -276,10 +234,10 @@ impl DenoPermissions {
}
pub
fn
request_net
(
&
self
,
&
mut
self
,
url
:
&
Option
<&
str
>
,
)
->
Result
<
Permission
Accessor
State
,
ErrBox
>
{
if
self
.get_state_net_url
(
url
)
?
==
Permission
Accessor
State
::
Ask
{
)
->
Result
<
PermissionState
,
ErrBox
>
{
if
self
.get_state_net_url
(
url
)
?
==
PermissionState
::
Ask
{
return
Ok
(
self
.allow_run
.request
(
&
match
url
{
None
=>
"Deno requests network access."
.to_string
(),
Some
(
url
)
=>
format!
(
"Deno requests network access to
\"
{}
\"
."
,
url
),
...
...
@@ -288,13 +246,13 @@ impl DenoPermissions {
self
.get_state_net_url
(
url
)
}
pub
fn
request_env
(
&
self
)
->
PermissionAccessor
State
{
pub
fn
request_env
(
&
mut
self
)
->
Permission
State
{
self
.allow_env
.request
(
"Deno requests to access to environment variables."
)
}
pub
fn
request_hrtime
(
&
self
)
->
PermissionAccessor
State
{
pub
fn
request_hrtime
(
&
mut
self
)
->
Permission
State
{
self
.allow_hrtime
.request
(
"Deno requests to access to high precision time."
)
...
...
@@ -305,14 +263,14 @@ impl DenoPermissions {
name
:
&
str
,
url
:
&
Option
<&
str
>
,
path
:
&
Option
<&
str
>
,
)
->
Result
<
Permission
Accessor
State
,
ErrBox
>
{
)
->
Result
<
PermissionState
,
ErrBox
>
{
match
name
{
"run"
=>
Ok
(
self
.allow_run
.get_state
()
),
"run"
=>
Ok
(
self
.allow_run
),
"read"
=>
Ok
(
self
.get_state_read
(
path
)),
"write"
=>
Ok
(
self
.get_state_write
(
path
)),
"net"
=>
self
.get_state_net_url
(
url
),
"env"
=>
Ok
(
self
.allow_env
.get_state
()
),
"hrtime"
=>
Ok
(
self
.allow_hrtime
.get_state
()
),
"env"
=>
Ok
(
self
.allow_env
),
"hrtime"
=>
Ok
(
self
.allow_hrtime
),
n
=>
Err
(
type_error
(
format!
(
"No such permission name: {}"
,
n
))),
}
}
...
...
@@ -380,7 +338,7 @@ fn log_perm_access(message: &str) {
fn
check_path_white_list
(
filename
:
&
Option
<&
str
>
,
white_list
:
&
Arc
<
HashSet
<
String
>
>
,
white_list
:
&
HashSet
<
String
>
,
)
->
bool
{
if
filename
.is_none
()
{
return
false
;
...
...
@@ -400,7 +358,7 @@ fn check_path_white_list(
fn
check_host_and_port_whitelist
(
host
:
&
str
,
port
:
Option
<
u16
>
,
whitelist
:
&
Arc
<
HashSet
<
String
>
>
,
whitelist
:
&
HashSet
<
String
>
,
)
->
bool
{
whitelist
.contains
(
host
)
||
(
port
.is_some
()
...
...
@@ -544,23 +502,23 @@ mod tests {
#[test]
fn
test_permissions_request_run
()
{
let
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
..
Default
::
default
()
});
set_prompt_result
(
true
);
assert_eq!
(
perms0
.request_run
(),
Permission
Accessor
State
::
Allow
);
assert_eq!
(
perms0
.request_run
(),
PermissionState
::
Allow
);
let
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
..
Default
::
default
()
});
set_prompt_result
(
false
);
assert_eq!
(
perms1
.request_run
(),
Permission
Accessor
State
::
Deny
);
assert_eq!
(
perms1
.request_run
(),
PermissionState
::
Deny
);
}
#[test]
fn
test_permissions_request_read
()
{
let
whitelist
=
svec!
[
"/foo/bar"
];
let
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
read_whitelist
:
whitelist
.clone
(),
..
Default
::
default
()
});
...
...
@@ -569,34 +527,34 @@ mod tests {
// regardless of prompt result
assert_eq!
(
perms0
.request_read
(
&
Some
(
"/foo/bar"
)),
Permission
Accessor
State
::
Allow
PermissionState
::
Allow
);
let
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
read_whitelist
:
whitelist
.clone
(),
..
Default
::
default
()
});
set_prompt_result
(
true
);
assert_eq!
(
perms1
.request_read
(
&
Some
(
"/foo/baz"
)),
Permission
Accessor
State
::
Allow
PermissionState
::
Allow
);
let
perms2
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms2
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
read_whitelist
:
whitelist
.clone
(),
..
Default
::
default
()
});
set_prompt_result
(
false
);
assert_eq!
(
perms2
.request_read
(
&
Some
(
"/foo/baz"
)),
Permission
Accessor
State
::
Deny
PermissionState
::
Deny
);
}
#[test]
fn
test_permissions_request_write
()
{
let
whitelist
=
svec!
[
"/foo/bar"
];
let
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
write_whitelist
:
whitelist
.clone
(),
..
Default
::
default
()
});
...
...
@@ -605,27 +563,27 @@ mod tests {
// regardless of prompt result
assert_eq!
(
perms0
.request_write
(
&
Some
(
"/foo/bar"
)),
Permission
Accessor
State
::
Allow
PermissionState
::
Allow
);
let
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
write_whitelist
:
whitelist
.clone
(),
..
Default
::
default
()
});
set_prompt_result
(
true
);
assert_eq!
(
perms1
.request_write
(
&
Some
(
"/foo/baz"
)),
Permission
Accessor
State
::
Allow
PermissionState
::
Allow
);
let
perms2
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms2
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
write_whitelist
:
whitelist
.clone
(),
..
Default
::
default
()
});
set_prompt_result
(
false
);
assert_eq!
(
perms2
.request_write
(
&
Some
(
"/foo/baz"
)),
Permission
Accessor
State
::
Deny
PermissionState
::
Deny
);
}
...
...
@@ -633,7 +591,7 @@ mod tests {
fn
test_permission_request_net
()
{
let
whitelist
=
svec!
[
"localhost:8080"
];
let
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
net_whitelist
:
whitelist
.clone
(),
..
Default
::
default
()
});
...
...
@@ -644,10 +602,10 @@ mod tests {
perms0
.request_net
(
&
Some
(
"http://localhost:8080/"
))
.expect
(
"Testing expect"
),
Permission
Accessor
State
::
Allow
PermissionState
::
Allow
);
let
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
net_whitelist
:
whitelist
.clone
(),
..
Default
::
default
()
});
...
...
@@ -656,10 +614,10 @@ mod tests {
perms1
.request_net
(
&
Some
(
"http://deno.land/"
))
.expect
(
"Testing expect"
),
Permission
Accessor
State
::
Allow
PermissionState
::
Allow
);
let
perms2
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms2
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
net_whitelist
:
whitelist
.clone
(),
..
Default
::
default
()
});
...
...
@@ -668,10 +626,10 @@ mod tests {
perms2
.request_net
(
&
Some
(
"http://deno.land/"
))
.expect
(
"Testing expect"
),
Permission
Accessor
State
::
Deny
PermissionState
::
Deny
);
let
perms3
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms3
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
net_whitelist
:
whitelist
.clone
(),
..
Default
::
default
()
});
...
...
@@ -681,31 +639,31 @@ mod tests {
#[test]
fn
test_permissions_request_env
()
{
let
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
..
Default
::
default
()
});
set_prompt_result
(
true
);
assert_eq!
(
perms0
.request_env
(),
Permission
Accessor
State
::
Allow
);
assert_eq!
(
perms0
.request_env
(),
PermissionState
::
Allow
);
let
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
..
Default
::
default
()
});
set_prompt_result
(
false
);
assert_eq!
(
perms1
.request_env
(),
Permission
Accessor
State
::
Deny
);
assert_eq!
(
perms1
.request_env
(),
PermissionState
::
Deny
);
}
#[test]
fn
test_permissions_request_hrtime
()
{
let
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms0
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
..
Default
::
default
()
});
set_prompt_result
(
true
);
assert_eq!
(
perms0
.request_hrtime
(),
Permission
Accessor
State
::
Allow
);
assert_eq!
(
perms0
.request_hrtime
(),
PermissionState
::
Allow
);
let
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
let
mut
perms1
=
DenoPermissions
::
from_flags
(
&
DenoFlags
{
..
Default
::
default
()
});
set_prompt_result
(
false
);
assert_eq!
(
perms1
.request_hrtime
(),
Permission
Accessor
State
::
Deny
);
assert_eq!
(
perms1
.request_hrtime
(),
PermissionState
::
Deny
);
}
}
cli/state.rs
浏览文件 @
bca23e64
...
...
@@ -44,7 +44,7 @@ pub struct ThreadSafeState(Arc<State>);
pub
struct
State
{
pub
global_state
:
ThreadSafeGlobalState
,
pub
modules
:
Arc
<
Mutex
<
deno
::
Modules
>>
,
pub
permissions
:
DenoPermissions
,
pub
permissions
:
Arc
<
Mutex
<
DenoPermissions
>>
,
pub
main_module
:
Option
<
ModuleSpecifier
>
,
pub
worker_channels
:
Mutex
<
WorkerChannels
>
,
/// When flags contains a `.import_map_path` option, the content of the
...
...
@@ -213,6 +213,8 @@ impl ThreadSafeState {
pub
fn
new
(
global_state
:
ThreadSafeGlobalState
,
// If Some(perm), use perm. Else copy from global_state.
shared_permissions
:
Option
<
Arc
<
Mutex
<
DenoPermissions
>>>
,
main_module
:
Option
<
ModuleSpecifier
>
,
include_deno_namespace
:
bool
,
internal_channels
:
WorkerChannels
,
...
...
@@ -229,7 +231,11 @@ impl ThreadSafeState {
};
let
modules
=
Arc
::
new
(
Mutex
::
new
(
deno
::
Modules
::
new
()));
let
permissions
=
global_state
.permissions
.clone
();
let
permissions
=
if
let
Some
(
perm
)
=
shared_permissions
{
perm
}
else
{
Arc
::
new
(
Mutex
::
new
(
global_state
.permissions
.clone
()))
};
let
state
=
State
{
global_state
,
...
...
@@ -260,32 +266,32 @@ impl ThreadSafeState {
#[inline]
pub
fn
check_read
(
&
self
,
filename
:
&
str
)
->
Result
<
(),
ErrBox
>
{
self
.permissions
.check_read
(
filename
)
self
.permissions
.
lock
()
.unwrap
()
.
check_read
(
filename
)
}
#[inline]
pub
fn
check_write
(
&
self
,
filename
:
&
str
)
->
Result
<
(),
ErrBox
>
{
self
.permissions
.check_write
(
filename
)
self
.permissions
.
lock
()
.unwrap
()
.
check_write
(
filename
)
}
#[inline]
pub
fn
check_env
(
&
self
)
->
Result
<
(),
ErrBox
>
{
self
.permissions
.check_env
()
self
.permissions
.
lock
()
.unwrap
()
.
check_env
()
}
#[inline]
pub
fn
check_net
(
&
self
,
hostname
:
&
str
,
port
:
u16
)
->
Result
<
(),
ErrBox
>
{
self
.permissions
.check_net
(
hostname
,
port
)
self
.permissions
.
lock
()
.unwrap
()
.
check_net
(
hostname
,
port
)
}
#[inline]
pub
fn
check_net_url
(
&
self
,
url
:
&
url
::
Url
)
->
Result
<
(),
ErrBox
>
{
self
.permissions
.check_net_url
(
url
)
self
.permissions
.
lock
()
.unwrap
()
.
check_net_url
(
url
)
}
#[inline]
pub
fn
check_run
(
&
self
)
->
Result
<
(),
ErrBox
>
{
self
.permissions
.check_run
()
self
.permissions
.
lock
()
.unwrap
()
.
check_run
()
}
pub
fn
check_dyn_import
(
...
...
@@ -327,6 +333,7 @@ impl ThreadSafeState {
ThreadSafeState
::
new
(
ThreadSafeGlobalState
::
mock
(
argv
),
None
,
module_specifier
,
true
,
internal_channels
,
...
...
cli/worker.rs
浏览文件 @
bca23e64
...
...
@@ -248,6 +248,7 @@ mod tests {
let
(
int
,
ext
)
=
ThreadSafeState
::
create_channels
();
let
state
=
ThreadSafeState
::
new
(
global_state
,
None
,
Some
(
module_specifier
.clone
()),
true
,
int
,
...
...
@@ -288,6 +289,7 @@ mod tests {
let
(
int
,
ext
)
=
ThreadSafeState
::
create_channels
();
let
state
=
ThreadSafeState
::
new
(
global_state
,
None
,
Some
(
module_specifier
.clone
()),
true
,
int
,
...
...
@@ -331,6 +333,7 @@ mod tests {
let
(
int
,
ext
)
=
ThreadSafeState
::
create_channels
();
let
state
=
ThreadSafeState
::
new
(
global_state
.clone
(),
None
,
Some
(
module_specifier
.clone
()),
true
,
int
,
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录