deno_runtime/
permissions.rs

1// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
2
3use std::path::Path;
4use std::path::PathBuf;
5
6use deno_path_util::normalize_path;
7use deno_permissions::AllowRunDescriptor;
8use deno_permissions::AllowRunDescriptorParseResult;
9use deno_permissions::DenyRunDescriptor;
10use deno_permissions::EnvDescriptor;
11use deno_permissions::FfiDescriptor;
12use deno_permissions::ImportDescriptor;
13use deno_permissions::NetDescriptor;
14use deno_permissions::PathQueryDescriptor;
15use deno_permissions::PathResolveError;
16use deno_permissions::ReadDescriptor;
17use deno_permissions::RunDescriptorParseError;
18use deno_permissions::RunQueryDescriptor;
19use deno_permissions::SysDescriptor;
20use deno_permissions::SysDescriptorParseError;
21use deno_permissions::WriteDescriptor;
22
23#[derive(Debug)]
24pub struct RuntimePermissionDescriptorParser {
25  fs: deno_fs::FileSystemRc,
26}
27
28impl RuntimePermissionDescriptorParser {
29  pub fn new(fs: deno_fs::FileSystemRc) -> Self {
30    Self { fs }
31  }
32
33  fn resolve_from_cwd(&self, path: &str) -> Result<PathBuf, PathResolveError> {
34    if path.is_empty() {
35      return Err(PathResolveError::EmptyPath);
36    }
37    let path = Path::new(path);
38    if path.is_absolute() {
39      Ok(normalize_path(path))
40    } else {
41      let cwd = self.resolve_cwd()?;
42      Ok(normalize_path(cwd.join(path)))
43    }
44  }
45
46  fn resolve_cwd(&self) -> Result<PathBuf, PathResolveError> {
47    self
48      .fs
49      .cwd()
50      .map_err(|e| PathResolveError::CwdResolve(e.into_io_error()))
51  }
52}
53
54impl deno_permissions::PermissionDescriptorParser
55  for RuntimePermissionDescriptorParser
56{
57  fn parse_read_descriptor(
58    &self,
59    text: &str,
60  ) -> Result<ReadDescriptor, PathResolveError> {
61    Ok(ReadDescriptor(self.resolve_from_cwd(text)?))
62  }
63
64  fn parse_write_descriptor(
65    &self,
66    text: &str,
67  ) -> Result<WriteDescriptor, PathResolveError> {
68    Ok(WriteDescriptor(self.resolve_from_cwd(text)?))
69  }
70
71  fn parse_net_descriptor(
72    &self,
73    text: &str,
74  ) -> Result<NetDescriptor, deno_permissions::NetDescriptorParseError> {
75    NetDescriptor::parse(text)
76  }
77
78  fn parse_import_descriptor(
79    &self,
80    text: &str,
81  ) -> Result<ImportDescriptor, deno_permissions::NetDescriptorParseError> {
82    ImportDescriptor::parse(text)
83  }
84
85  fn parse_env_descriptor(
86    &self,
87    text: &str,
88  ) -> Result<EnvDescriptor, deno_permissions::EnvDescriptorParseError> {
89    if text.is_empty() {
90      Err(deno_permissions::EnvDescriptorParseError)
91    } else {
92      Ok(EnvDescriptor::new(text))
93    }
94  }
95
96  fn parse_sys_descriptor(
97    &self,
98    text: &str,
99  ) -> Result<SysDescriptor, SysDescriptorParseError> {
100    if text.is_empty() {
101      Err(SysDescriptorParseError::Empty)
102    } else {
103      Ok(SysDescriptor::parse(text.to_string())?)
104    }
105  }
106
107  fn parse_allow_run_descriptor(
108    &self,
109    text: &str,
110  ) -> Result<AllowRunDescriptorParseResult, RunDescriptorParseError> {
111    Ok(AllowRunDescriptor::parse(text, &self.resolve_cwd()?)?)
112  }
113
114  fn parse_deny_run_descriptor(
115    &self,
116    text: &str,
117  ) -> Result<DenyRunDescriptor, PathResolveError> {
118    Ok(DenyRunDescriptor::parse(text, &self.resolve_cwd()?))
119  }
120
121  fn parse_ffi_descriptor(
122    &self,
123    text: &str,
124  ) -> Result<FfiDescriptor, PathResolveError> {
125    Ok(FfiDescriptor(self.resolve_from_cwd(text)?))
126  }
127
128  // queries
129
130  fn parse_path_query(
131    &self,
132    path: &str,
133  ) -> Result<PathQueryDescriptor, PathResolveError> {
134    Ok(PathQueryDescriptor {
135      resolved: self.resolve_from_cwd(path)?,
136      requested: path.to_string(),
137    })
138  }
139
140  fn parse_run_query(
141    &self,
142    requested: &str,
143  ) -> Result<RunQueryDescriptor, RunDescriptorParseError> {
144    if requested.is_empty() {
145      return Err(RunDescriptorParseError::EmptyRunQuery);
146    }
147    RunQueryDescriptor::parse(requested)
148      .map_err(RunDescriptorParseError::PathResolve)
149  }
150}
151
152#[cfg(test)]
153mod test {
154  use std::sync::Arc;
155
156  use deno_fs::RealFs;
157  use deno_permissions::PermissionDescriptorParser;
158
159  use super::*;
160
161  #[test]
162  fn test_handle_empty_value() {
163    let parser = RuntimePermissionDescriptorParser::new(Arc::new(RealFs));
164    assert!(parser.parse_read_descriptor("").is_err());
165    assert!(parser.parse_write_descriptor("").is_err());
166    assert!(parser.parse_env_descriptor("").is_err());
167    assert!(parser.parse_net_descriptor("").is_err());
168    assert!(parser.parse_ffi_descriptor("").is_err());
169    assert!(parser.parse_path_query("").is_err());
170    assert!(parser.parse_run_query("").is_err());
171  }
172}
deno_runtime/permissions.rs

deno_runtime/
permissions.rs
