language-servers/deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-09-27 04:39:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Enforce permissions on kill(), homeDir() and execPath (#2723)

Browse source
This commit is contained in:
Nayeem Rahman 2019-08-06 06:45:36 +01:00 committed by Ryan Dahl
parent 046cccfe17
commit 11c850af42
4 changed files with 24 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cli/ops.rs
View file

@ -1053,10 +1053,12 @@ fn op_close(
} }
fn op_kill( fn op_kill(
_state: &ThreadSafeState, state: &ThreadSafeState,
base: &msg::Base<'_>, base: &msg::Base<'_>,
data: Option<PinnedBuf>, data: Option<PinnedBuf>,
) -> CliOpResult { ) -> CliOpResult {
state.check_run()?;
assert!(data.is_none()); assert!(data.is_none());
let inner = base.inner_as_kill().unwrap(); let inner = base.inner_as_kill().unwrap();
let pid = inner.pid(); let pid = inner.pid();

6
js/os.ts
View file

@ -13,7 +13,9 @@ export let pid: number;
/** Reflects the NO_COLOR environment variable: https://no-color.org/ */ /** Reflects the NO_COLOR environment variable: https://no-color.org/ */
export let noColor: boolean; export let noColor: boolean;
/** Path to the current deno process's executable file. */ /** Path to the current deno process's executable file.
* Requires the `--allow-env` flag, otherwise it'll be set to an empty `string`.
*/
export let execPath: string; export let execPath: string;
function setGlobals(pid_: number, noColor_: boolean, execPath_: string): void { function setGlobals(pid_: number, noColor_: boolean, execPath_: string): void {
@ -145,7 +147,7 @@ export function start(
/** /**
* Returns the current user's home directory. * Returns the current user's home directory.
* Does not require elevated privileges. * Requires the `--allow-env` flag.
*/ */
export function homeDir(): string { export function homeDir(): string {
const builder = flatbuffers.createBuilder(); const builder = flatbuffers.createBuilder();

1
js/process.ts
View file

@ -55,6 +55,7 @@ async function runStatus(rid: number): Promise<ProcessStatus> {
/** Send a signal to process under given PID. Unix only at this moment. /** Send a signal to process under given PID. Unix only at this moment.
* If pid is negative, the signal will be sent to the process group identified * If pid is negative, the signal will be sent to the process group identified
* by -pid. * by -pid.
* Requires the `--allow-run` flag.
*/ */
export function kill(pid: number, signo: number): void { export function kill(pid: number, signo: number): void {
const builder = flatbuffers.createBuilder(); const builder = flatbuffers.createBuilder();

16
js/process_test.ts
View file

@ -321,6 +321,22 @@ test(function signalNumbers(): void {
// Ignore signal tests on windows for now... // Ignore signal tests on windows for now...
if (Deno.platform.os !== "win") { if (Deno.platform.os !== "win") {
test(function killPermissions(): void {
let caughtError = false;
try {
// Unlike the other test cases, we don't have permission to spawn a
// subprocess we can safely kill. Instead we send SIGCONT to the current
// process - assuming that Deno does not have a special handler set for it
// and will just continue even if a signal is erroneously sent.
Deno.kill(Deno.pid, Deno.Signal.SIGCONT);
} catch (e) {
caughtError = true;
assertEquals(e.kind, Deno.ErrorKind.PermissionDenied);
assertEquals(e.name, "PermissionDenied");
}
assert(caughtError);
});
testPerm({ run: true }, async function killSuccess(): Promise<void> { testPerm({ run: true }, async function killSuccess(): Promise<void> {
const p = run({ const p = run({
args: ["python", "-c", "from time import sleep; sleep(10000)"] args: ["python", "-c", "from time import sleep; sleep(10000)"]