development/deno
development/deno
1
0
Fork 0
mirror of https://github.com/denoland/deno synced 2024-09-19 16:12:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(runtime): require full read and write permissions to create symlinks (#12554)

Browse source
This commit is contained in:
David Sherret 2021-10-29 17:05:55 -04:00 committed by GitHub
parent b7341438f2
commit d44011a69e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 34 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cli/dts/lib.deno.ns.d.ts vendored
View file

@ -2347,7 +2347,7 @@ declare namespace Deno {
* Deno.symlinkSync("old/name", "new/name");
* ```
*
* Requires `allow-write` permission. */
* Requires full `allow-read` and `allow-write` permissions. */
export function symlinkSync(
oldpath: string | URL,
newpath: string | URL,
@ -2364,7 +2364,7 @@ declare namespace Deno {
* await Deno.symlink("old/name", "new/name");
* ```
*
* Requires `allow-write` permission. */
* Requires full `allow-read` and `allow-write` permissions. */
export function symlink(
oldpath: string | URL,
newpath: string | URL,

28
cli/tests/unit/symlink_test.ts
View file

@ -108,3 +108,31 @@ unitTest(
);
},
);
unitTest(
{ permissions: { read: true, write: ["."] } },
async function symlinkNoFullWritePermissions() {
await assertRejects(
() => Deno.symlink("old", "new"),
Deno.errors.PermissionDenied,
);
assertThrows(
() => Deno.symlinkSync("old", "new"),
Deno.errors.PermissionDenied,
);
},
);
unitTest(
{ permissions: { read: ["."], write: true } },
async function symlinkNoFullReadPermissions() {
await assertRejects(
() => Deno.symlink("old", "new"),
Deno.errors.PermissionDenied,
);
assertThrows(
() => Deno.symlinkSync("old", "new"),
Deno.errors.PermissionDenied,
);
},
);

6
runtime/ops/fs.rs
View file

@ -1370,7 +1370,8 @@ fn op_symlink_sync(
let oldpath = PathBuf::from(&args.oldpath);
let newpath = PathBuf::from(&args.newpath);
state.borrow_mut::<Permissions>().write.check(&newpath)?;
state.borrow_mut::<Permissions>().write.check_all()?;
state.borrow_mut::<Permissions>().read.check_all()?;
debug!(
"op_symlink_sync {} {}",
@ -1432,7 +1433,8 @@ async fn op_symlink_async(
{
let mut state = state.borrow_mut();
state.borrow_mut::<Permissions>().write.check(&newpath)?;
state.borrow_mut::<Permissions>().write.check_all()?;
state.borrow_mut::<Permissions>().read.check_all()?;
}
tokio::task::spawn_blocking(move || {