Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add --allow-sys permission flag #16028

Merged
merged 7 commits into from
Sep 28, 2022
Merged

feat: add --allow-sys permission flag #16028

merged 7 commits into from
Sep 28, 2022

Conversation

kt3k
Copy link
Member

@kt3k kt3k commented Sep 26, 2022
edited
Loading

This PR add --allow-sys permission flag to control the access to the system infromations such as loadavg, hostname, networkInterfaces, getUid, getGid, osRelease, and systemMemoryInfo.

Summary of changes

Rust

  • Added SysDescriptor(pub String) type
  • Added methods to UnaryPermission<SysDescriptor>
  • Updated Permissions struct
  • Updated deserializer for ChildPermissionsArg
  • Updated create_child_permissions function
  • Updated perm checking of 7 os ops.
  • Added --allow-sys flag handling

JS

  • Updated permission cache handling

TS

  • Added SysPermissionDescriptor type
  • Updated PermissionOptionsObject to accept sys perm

Doc

  • Updated required perm info / @tags for 7 methods.

closes #15986

@kt3k kt3k force-pushed the allow-sys-info branch 2 times, most recently from a69bf27 to 110e915 Compare September 26, 2022 14:53
@kt3k kt3k marked this pull request as ready for review September 27, 2022 05:12
@kt3k kt3k requested review from bartlomieju and ry September 27, 2022 05:13
@kt3k
Copy link
Member Author

kt3k commented Sep 27, 2022

cc @nayeemrmn

bartlomieju
bartlomieju reviewed Sep 27, 2022
View reviewed changes
Copy link
Member

@bartlomieju bartlomieju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation wise it looks good to me (minus one nipick). I'd like to suggest we use --allow-sys instead of --allow-sys-info - that way all permission flags will be two-word and won't require quotes in places like permission definition in Deno.test()

cli/args/flags.rs Outdated
.takes_value(true)
.use_value_delimiter(true)
.require_equals(true)
.help("Allow access to system info"),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right now this flag can accept arbitrary values, I suggest to add a validator here that will limit options

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added validation of sys kind in 3 places:

  • allow-sys arg values are validated
  • kind prop of SysPermissionDescriptor is now typed as "hostname" | "loadavg" | ... (in TypeScript)
  • op_{query|revoke|request}_permission throws TypeError when the kind is invalid

@bartlomieju bartlomieju mentioned this pull request Sep 27, 2022
Merged
@kt3k kt3k changed the title feat: add --allow-sys-info permission flag feat: add --allow-sys permission flag Sep 28, 2022
bartlomieju
bartlomieju approved these changes Sep 28, 2022
View reviewed changes
Copy link
Member

@bartlomieju bartlomieju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, nice work

runtime/ops/os.rs Outdated Show resolved Hide resolved
@kt3k kt3k merged commit fa9e7aa into denoland:main Sep 28, 2022
@kt3k kt3k deleted the allow-sys-info branch September 28, 2022 12:46
lucacasonato
lucacasonato reviewed Sep 28, 2022
View reviewed changes
cli/args/flags.rs
Comment on lines +1837 to +1843
match key {
"hostname" | "osRelease" | "loadavg" | "networkInterfaces"
| "systemMemoryInfo" | "getUid" | "getGid" => {}
_ => {
return Err(format!("unknown system info kind \"{}\"", key));
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be de-duplicated with parse_sys_kind, I think?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right. Created a PR #16087

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucacasonato lucacasonato lucacasonato left review comments

@bartlomieju bartlomieju bartlomieju approved these changes

@ry ry Awaiting requested review from ry

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feature request: add --allow-sys-info permission flag
3 participants
@kt3k @lucacasonato @bartlomieju