68 commits

Author	SHA1	Message	Date
Leo Kettmeir	e02e4c2042	feat: permission audit log (#30575) ... Adds a `DENO_PERMISSIONS_AUDIT` env var to set the path for a JSONL permission audit log, with contains the permission and value. Additionally this can be combined with `DENO_TRACE_PERMISSIONS`, which will then include the traces in the audit log too.	2025-09-08 14:23:11 +02:00
David Sherret	17d02c228f	feat: permissions in the config file (#30330) ... Co-authored-by: nathanwhit <nathanwhit@users.noreply.github.com>	2025-09-02 13:37:33 +00:00
David Sherret	b7cebbd4a9	refactor(permissions): remove all state in permissions (#30548)	2025-08-28 13:24:09 -04:00
林炳权	68297b5f10	chore: Rust 1.89.0 (#30364) ... Related PR: https://github.com/denoland/deno/pull/30354	2025-08-09 11:11:48 +00:00
David Sherret	c70e713b5b	refactor: remove more allocations querying for permissions (#30237)	2025-07-29 15:51:07 -04:00
David Sherret	85d342c045	refactor: use Cow<Path> more in permissions (#30227) ... Towards and removing more allocations.	2025-07-29 07:11:57 -04:00
David Sherret	32baa286b7	refactor: update to deno_path_util 0.5.2 (#30211)	2025-07-27 08:44:29 -04:00
David Sherret	990dbc6e4e	Revert "fix(unstable): always require --allow-read permissions for raw imports (#30184)" (#30196)	2025-07-24 22:38:04 +00:00
David Sherret	147bbcf8dd	fix(unstable): always require --allow-read permissions for raw imports (#30184)	2025-07-24 08:26:36 -04:00
David Sherret	76ce7768ab	refactor(permissions): remove access check callback (#30050) ... 1. Removes the access check callback, which was kind of confusing. 1. Requires `CheckedPath` for everything in the `FileSystem` trait to ensure we're always checking permissions.	2025-07-10 21:40:20 -04:00
David Sherret	2617b4ec6b	refactor(permissions): push down special file checking to permissions container (#30005)	2025-07-09 20:50:26 +00:00
Nathan Whitaker	9379a74e08	chore: update to edition 2024 (#29923)	2025-07-02 17:59:39 -07:00
sgasho	b5e41f605d	feat: Add --deny-import flag (#29702) ... Closes: #29502 This commit adds a complementary flag to the "--allow-import" flag, that allows to deny certain hosts. --------- Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>	2025-06-28 12:59:18 +00:00
Simon Lecoq	7554b28a04	fix: support Deno.permissions.query({name:"import"}) (#29610) ... Closes #27050	2025-06-26 22:13:56 +02:00
David Emanuel Buchmann	3cefece2da	feat: --allow-net supports CIDR ranges (#29704) ... This commit adds support for specifying CIDR ranges in `--allow-net` and `--deny-net` flag: Eg: trying to run `deno run --allow-net --deny-net=192.168.0.0/16` and `fetch` from `http://127.0.0.1:4545/` will raise `NotCapable` error.	2025-06-26 22:13:04 +02:00
Nayeem Rahman	99ae41f6bb	feat: stabilize --allow-net subdomain wildcards (#29902) ... Closes #29499.	2025-06-26 17:00:43 +00:00
Nayeem Rahman	ab9673dcc1	feat(unstable): --allow-net subdomain wildcards (#29327)	2025-05-29 04:05:37 +01:00
David Sherret	cb23193f74	refactor: allow deno_permissions to compile to wasm32-unknown-unknown (#29487)	2025-05-28 18:27:42 +00:00
David Sherret	e3bf5ee5db	refactor: remove deno_core dependency from deno_permissions (#29467) ... For making this code more usable without deno_core. Will be useful in deno_resolver.	2025-05-27 16:00:04 +00:00
Nayeem Rahman	ef315b56c2	fix: handling of contradictory global permission flags (#29213)	2025-05-08 23:24:35 +02:00
Nathan Whitaker	c22d17824b	perf(fs): don't canonicalize path when opening file if --allow-all is passed (#28716) ... Fixes #28702. Super artificial benchmark: ```ts const perf = performance; async function asyncOpen() { const start = perf.now(); for (let i = 0; i < 100_000; i++) { const file = await Deno.open("./foo.txt"); file.close(); } const end = perf.now(); console.log(end - start); } function syncOpen() { const start = perf.now(); for (let i = 0; i < 100_000; i++) { const file = Deno.openSync("./foo.txt"); file.close(); } const end = perf.now(); console.log(end - start); } if (Deno.args[0]?.trim() === "async") { await asyncOpen(); } else { syncOpen(); } ``` Results (average of 10 for each): ``` deno sync 1785.59 deno-this-pr sync 491.69 deno async 1839.71 deno-this-pr async 528.78 ``` --------- Co-authored-by: David Sherret <dsherret@users.noreply.github.com>	2025-04-29 23:16:24 +00:00
Bartek Iwańczuk	f2ae7a19f4	fix: make --allow-env stronger that --deny-env (#29079)	2025-04-28 19:28:38 +02:00
snek	9da231dc7a	feat: support linux vsock (#28725) ... impl support for vsock https://man7.org/linux/man-pages/man7/vsock.7.html	2025-04-11 07:35:05 +02:00
Nathan Whitaker	ee4c14a550	chore: update to rust 1.85 (#28236) ... Updates to use rust 1.85. Doesn't move to the 2024 edition, as that's a fair bit more involved. A nice side benefit is that the new rustc version seems to lead to a slight reduction in binary size (at least on mac): ``` FILE SIZE -------------- +4.3% +102Ki __DATA_CONST,__const [NEW] +69.3Ki __TEXT,__literals [NEW] +68.5Ki Rebase Info +5.0% +39.9Ki __TEXT,__unwind_info +57% +8.85Ki [__TEXT] [NEW] +8.59Ki Lazy Binding Info [NEW] +5.16Ki __TEXT,__stub_helper [NEW] +3.58Ki Export Info [NEW] +3.42Ki __DATA,__la_symbol_ptr -0.1% -726 [12 Others] -21.4% -3.10Ki [__DATA_CONST] -95.8% -3.39Ki __DATA_CONST,__got -20.9% -3.43Ki [__DATA] -0.5% -4.52Ki Code Signature -100.0% -11.6Ki [__LINKEDIT] -1.0% -43.5Ki Symbol Table -1.6% -44.0Ki __TEXT,__gcc_except_tab -0.2% -48.1Ki __TEXT,__const -3.3% -78.6Ki __TEXT,__eh_frame -0.7% -320Ki __TEXT,__text -1.5% -334Ki String Table -0.5% -586Ki TOTAL ```	2025-02-25 08:50:01 -08:00
Divy Srivastava	cda0c5b3ae	fix: do special file permission check for check_read_path (#27989) ... Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>	2025-02-12 15:46:21 +00:00
Leo Kettmeir	ea30e188a8	refactor: update deno_core for error refactor (#26867) ... Closes #26171 --------- Co-authored-by: David Sherret <dsherret@gmail.com>	2025-01-08 14:52:32 -08:00
David Sherret	0457c38d4f	refactor: remove use of home crate (#27516) ... The two places mentioned in the issue are now consolidated. Closes https://github.com/denoland/deno/issues/24385	2025-01-02 10:06:35 -05:00
Kenta Moriuchi	8fb073d7b4	chore: Happy New Year 2025 (#27509)	2024-12-31 19:12:39 +00:00
David Sherret	ac7b33a340	chore: cargo fmt - turn on group_imports=StdExternalCrate (#26646)	2024-12-31 12:13:39 -05:00
David Sherret	ece718eb3e	perf: upgrade to deno_semver 0.7 (#27426)	2024-12-20 21:14:37 +00:00
Yusuke Tanaka	c56274285d	feat(permission): separate PermissionDeniedError to Retryable and Fatal (#27282) ... This commit separates `PermissionDeniedError` into two kinds; `Retryable` and `Fatal`. The existing `PermissionDeniedError`s fall into `Retryable`, since permission errors can be resolved by retrying with proper permissions in Deno CLI. The motivation of adding `Fatal` is that in some environments some operations are just disabled; for instance, in Deno Deploy, any write operations to filesystem can never be granted, in which case `Fatal` kind becomes useful. Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>	2024-12-17 11:45:18 +09:00
David Sherret	d99b2d6f7d	chore: reduce allocations in a few places (#27288) ... Probably doesn't have much impact. I didn't measure any of these, but reducing allocations should always be good.	2024-12-09 19:28:53 -05:00
Yazan AbdAl-Rahman	b729bf0ad9	feat(permission): support suffix wildcards in --allow-env flag (#25255) ... This commit adds support for suffix wildcard for `--allow-env` flag. Specifying flag like `--allow-env=DENO_*` will enable access to all environmental variables starting with `DENO_*`. Closes #24847 --------- Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> Co-authored-by: David Sherret <dsherret@gmail.com>	2024-11-20 23:30:43 +00:00
Richard Carson	01f3451869	chore: make fields public on PermissionDeniedError and deno_kv::KvConfig (#26798) ... A few small changes to avoid needing unsafe mem transmutes to instantiate the extensions --------- Signed-off-by: Richard Carson <Rscarson@rogers.com>	2024-11-12 17:49:49 +00:00
Divy Srivastava	7179bdcc77	fix(ext/node): handle --allow-sys=inspector (#26836) ... `op_inspector_open` checks for "inspector" as one of the allowed sys value.	2024-11-12 16:55:49 +01:00
Leo Kettmeir	fe9f0ee593	refactor(runtime/permissions): use concrete error types (#26464)	2024-11-04 09:17:21 -08:00
Nathan Whitaker	6c6bbeb974	fix(node): Implement os.userInfo properly, add missing toPrimitive (#24702) ... Fixes the implementation of `os.userInfo`, and adds a missing `toPrimitive` for `tmpdir`. This allows us to enable the corresponding node_compat test.	2024-10-31 22:18:33 -07:00
Lucas Nogueira	40b4b9aaa3	feat(permissions): expose PromptResponse (#26358) ... follow-up for #26327	2024-10-17 11:36:34 -07:00
Lucas Nogueira	3b62e05062	feat(permissions): expose PermissionPrompter and set_prompter function (#26327) ... when defining a custom runtime, it might be useful to define a custom prompter - for instance when you are not relying on the terminal and want a GUI prompter instead	2024-10-17 12:39:18 -04:00
David Sherret	2de4faa483	refactor: improve node permission checks (#26028) ... Does less work when requesting permissions with `-A`	2024-10-04 20:55:41 +01:00
Simon Lecoq	da7edf1c0c	fix: don't prompt when using Deno.permissions.request with --no-prompt (#25811)	2024-10-03 12:28:38 +00:00
David Sherret	c8f692057b	refactor: bury descriptor parsing in PermissionsContainer (#25936) ... Closes https://github.com/denoland/deno/issues/25634	2024-09-30 09:19:24 -04:00
David Sherret	fc739dc5eb	refactor: use deno_path_util (#25918)	2024-09-28 07:55:01 -04:00
Bartek Iwańczuk	5504acea67	feat: add --allow-import flag (#25469) ... This replaces `--allow-net` for import permissions and makes the security sandbox stricter by also checking permissions for statically analyzable imports. By default, this has a value of `--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`, but that can be overridden by providing a different set of hosts. Additionally, when no value is provided, import permissions are inferred from the CLI arguments so the following works because `fresh.deno.dev:443` will be added to the list of allowed imports: ```ts deno run -A -r https://fresh.deno.dev ``` --------- Co-authored-by: David Sherret <dsherret@gmail.com>	2024-09-26 01:50:54 +00:00
Leo Kettmeir	3e053f8f06	fix(flags): properly error out for urls (#25770) ... Closes https://github.com/denoland/deno/issues/25760	2024-09-20 11:10:46 -07:00
Yazan AbdAl-Rahman	bed46474b2	fix: do not panic running invalid file specifier (#25530) ... Co-authored-by: Bedis Nbiba <bedisnbiba@gmail.com>	2024-09-18 14:51:39 +01:00
David Sherret	62e952559f	refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508) ... This makes the permission system more versatile.	2024-09-16 21:39:37 +01:00
Luca Casonato	7bfcb4dd10	feat(cli): use NotCapable error for permission errors (#25431) ... Closes #7394 --------- Co-authored-by: snek <snek@deno.com>	2024-09-10 11:12:24 -07:00
Bartek Iwańczuk	5dedb49ac4	refactor(permissions): remove FromStr implementations, add ::parse methods (#25473) ... The `.parse()` calls in permission code are only making it more confusing, verbosity is encouraged and welcome in this code even at the cost of not being concise. Left a couple TODOs to not use `AnyError`.	2024-09-06 11:28:53 +02:00
David Sherret	dd208a6df0	fix(regression): do not expose resolved path in Deno.Command permission denied error (#25434) ... Regression from https://github.com/denoland/deno/pull/25370	2024-09-04 22:57:49 +00:00