Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(permissions): allow run permission to take values #9833

Merged
merged 13 commits into from
Apr 9, 2021
Merged

feat(permissions): allow run permission to take values #9833

merged 13 commits into from
Apr 9, 2021

Conversation

crowlKats
Copy link
Member

@crowlKats crowlKats commented Mar 19, 2021
edited
Loading

Closes #9925

@ry ry added this to the 1.9.0 milestone Mar 19, 2021
crowlKats and others added 5 commits March 19, 2021 19:22
@crowlKats
Merge branch 'master' into allow_run
af17520 
# Conflicts:
#	runtime/ops/worker_host.rs
@crowlKats
fmt
c374654
@crowlKats
Merge branch 'master' into allow_run
1e0274e 
# Conflicts:
#	runtime/ops/worker_host.rs
#	runtime/permissions.rs
@crowlKats
fix
8d58052
@bartlomieju
Merge branch 'main' into allow_run
77e1e44
bartlomieju
bartlomieju reviewed Mar 24, 2021
View reviewed changes
cli/flags.rs Outdated
if let Some(run_wl) = matches.values_of("allow-run") {
let run_allowlist: Vec<String> = run_wl.map(ToString::to_string).collect();
flags.allow_run = Some(run_allowlist);
debug!("env allowlist: {:#?}", &flags.allow_run);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove?

cli/flags.rs
.min_values(0)
.takes_value(true)
.use_delimiter(true)
.require_equals(true)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think some kind of validator is needed here, similar to --allow-env PR

Copy link
Member Author

@crowlKats crowlKats Mar 24, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure, but how would we validate passed commands? check if they actually exist? That would be somewhat weird, as we don't chck if a path exists for the path related permissions

@bartlomieju
Copy link
Member

@crowlKats this PR looks good to me, let's land it for 1.9. Please rebase

@crowlKats
Merge branch 'master' into allow_run
9e00a4c 
# Conflicts:
#	runtime/ops/process.rs
bartlomieju
bartlomieju reviewed Apr 8, 2021
View reviewed changes
Copy link
Member

@bartlomieju bartlomieju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@crowlKats before landing can you add an integration test to cli/tests/integration_tests.rs that uses an allow list? Something like _045_proxy that runs Deno executable.

bartlomieju
bartlomieju reviewed Apr 9, 2021
View reviewed changes
Copy link
Member

@bartlomieju bartlomieju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, great feature @crowlKats!

@bartlomieju bartlomieju merged commit e7b7129 into denoland:main Apr 9, 2021
@crowlKats crowlKats deleted the allow_run branch April 9, 2021 22:22
@danopia danopia mentioned this pull request Apr 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bartlomieju bartlomieju bartlomieju approved these changes

@crypt096 crypt096 crypt096 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.9.0
Development

Successfully merging this pull request may close these issues.

Run permission can be scoped/limited
4 participants
@crowlKats @bartlomieju @crypt096 @ry