Skip to content

Commit

Permalink
refactor(runtime/permissions): use concrete error types (#26464)
Browse files Browse the repository at this point in the history
  • Loading branch information
@crowlKats @bartlomieju
crowlKats authored and bartlomieju committed Nov 5, 2024
1 parent 3bded14 commit 1bdecc8
Show file tree
Hide file tree
Showing 35 changed files with 999 additions and 830 deletions.
1 change: 1 addition & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions cli/args/flags.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3388,8 +3388,7 @@ fn permission_args(app: Command, requires: Option<&'static str>) -> Command {
.value_name("IP_OR_HOSTNAME")
.help("Allow network access. Optionally specify allowed IP addresses and host names, with ports as necessary")
.value_parser(flags_net::validator)
.hide(true)
;
.hide(true);
if let Some(requires) = requires {
arg = arg.requires(requires)
}
Expand Down
2 changes: 1 addition & 1 deletion cli/args/flags_net.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ pub fn parse(paths: Vec<String>) -> clap::error::Result<Vec<String>> {
}
} else {
NetDescriptor::parse(&host_and_port).map_err(|e| {
clap::Error::raw(clap::error::ErrorKind::InvalidValue, format!("{e:?}"))
clap::Error::raw(clap::error::ErrorKind::InvalidValue, e.to_string())
})?;
out.push(host_and_port)
}
Expand Down
2 changes: 1 addition & 1 deletion cli/npm/byonm.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ impl CliNpmResolver for CliByonmNpmResolver {
.components()
.any(|c| c.as_os_str().to_ascii_lowercase() == "node_modules")
{
permissions.check_read_path(path)
permissions.check_read_path(path).map_err(Into::into)
} else {
Ok(Cow::Borrowed(path))
}
Expand Down
2 changes: 1 addition & 1 deletion cli/npm/managed/resolvers/common.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ impl RegistryReadPermissionChecker {
}
}

permissions.check_read_path(path)
permissions.check_read_path(path).map_err(Into::into)
}
}

Expand Down
10 changes: 6 additions & 4 deletions cli/tools/info.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -645,10 +645,12 @@ impl<'a> GraphDisplayContext<'a> {
let message = match err {
HttpsChecksumIntegrity(_) => "(checksum integrity error)",
Decode(_) => "(loading decode error)",
Loader(err) => match deno_core::error::get_custom_error_class(err) {
Some("NotCapable") => "(not capable, requires --allow-import)",
_ => "(loading error)",
},
Loader(err) => {
match deno_runtime::errors::get_error_class_name(err) {
Some("NotCapable") => "(not capable, requires --allow-import)",
_ => "(loading error)",
}
}
Jsr(_) => "(loading error)",
NodeUnknownBuiltinModule(_) => "(unknown node built-in error)",
Npm(_) => "(npm loading error)",
Expand Down
23 changes: 9 additions & 14 deletions ext/fetch/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ use deno_core::OpState;
use deno_core::RcRef;
use deno_core::Resource;
use deno_core::ResourceId;
use deno_permissions::PermissionCheckError;
use deno_tls::rustls::RootCertStore;
use deno_tls::Proxy;
use deno_tls::RootCertStoreProvider;
Expand Down Expand Up @@ -149,7 +150,7 @@ pub enum FetchError {
#[error(transparent)]
Resource(deno_core::error::AnyError),
#[error(transparent)]
Permission(deno_core::error::AnyError),
Permission(#[from] PermissionCheckError),
#[error("NetworkError when attempting to fetch resource")]
NetworkError,
#[error("Fetching files only supports the GET method: received {0}")]
Expand Down Expand Up @@ -346,13 +347,13 @@ pub trait FetchPermissions {
&mut self,
url: &Url,
api_name: &str,
) -> Result<(), deno_core::error::AnyError>;
) -> Result<(), PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_read<'a>(
&mut self,
p: &'a Path,
api_name: &str,
) -> Result<Cow<'a, Path>, deno_core::error::AnyError>;
) -> Result<Cow<'a, Path>, PermissionCheckError>;
}

impl FetchPermissions for deno_permissions::PermissionsContainer {
Expand All @@ -361,7 +362,7 @@ impl FetchPermissions for deno_permissions::PermissionsContainer {
&mut self,
url: &Url,
api_name: &str,
) -> Result<(), deno_core::error::AnyError> {
) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_net_url(self, url, api_name)
}

Expand All @@ -370,7 +371,7 @@ impl FetchPermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &'a Path,
api_name: &str,
) -> Result<Cow<'a, Path>, deno_core::error::AnyError> {
) -> Result<Cow<'a, Path>, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_read_path(
self,
path,
Expand Down Expand Up @@ -414,9 +415,7 @@ where
"file" => {
let path = url.to_file_path().map_err(|_| FetchError::NetworkError)?;
let permissions = state.borrow_mut::<FP>();
let path = permissions
.check_read(&path, "fetch()")
.map_err(FetchError::Permission)?;
let path = permissions.check_read(&path, "fetch()")?;
let url = match path {
Cow::Owned(path) => Url::from_file_path(path).unwrap(),
Cow::Borrowed(_) => url,
Expand All @@ -442,9 +441,7 @@ where
}
"http" | "https" => {
let permissions = state.borrow_mut::<FP>();
permissions
.check_net_url(&url, "fetch()")
.map_err(FetchError::Resource)?;
permissions.check_net_url(&url, "fetch()")?;

let maybe_authority = extract_authority(&mut url);
let uri = url
Expand Down Expand Up @@ -863,9 +860,7 @@ where
if let Some(proxy) = args.proxy.clone() {
let permissions = state.borrow_mut::<FP>();
let url = Url::parse(&proxy.url)?;
permissions
.check_net_url(&url, "Deno.createHttpClient()")
.map_err(FetchError::Permission)?;
permissions.check_net_url(&url, "Deno.createHttpClient()")?;
}

let options = state.borrow::<Options>();
Expand Down
14 changes: 6 additions & 8 deletions ext/ffi/call.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,9 @@ pub enum CallError {
#[error("Invalid FFI symbol name: '{0}'")]
InvalidSymbol(String),
#[error(transparent)]
Permission(deno_core::error::AnyError),
Permission(#[from] deno_permissions::PermissionCheckError),
#[error(transparent)]
Resource(deno_core::error::AnyError),
#[error(transparent)]
Callback(#[from] super::CallbackError),
}
Expand Down Expand Up @@ -301,9 +303,7 @@ where
{
let mut state = state.borrow_mut();
let permissions = state.borrow_mut::<FP>();
permissions
.check_partial_no_path()
.map_err(CallError::Permission)?;
permissions.check_partial_no_path()?;
};

let symbol = PtrSymbol::new(pointer, &def)?;
Expand Down Expand Up @@ -347,7 +347,7 @@ pub fn op_ffi_call_nonblocking(
let resource = state
.resource_table
.get::<DynamicLibraryResource>(rid)
.map_err(CallError::Permission)?;
.map_err(CallError::Resource)?;
let symbols = &resource.symbols;
*symbols
.get(&symbol)
Expand Down Expand Up @@ -401,9 +401,7 @@ where
{
let mut state = state.borrow_mut();
let permissions = state.borrow_mut::<FP>();
permissions
.check_partial_no_path()
.map_err(CallError::Permission)?;
permissions.check_partial_no_path()?;
};

let symbol = PtrSymbol::new(pointer, &def)?;
Expand Down
6 changes: 2 additions & 4 deletions ext/ffi/callback.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ pub enum CallbackError {
#[error(transparent)]
Resource(deno_core::error::AnyError),
#[error(transparent)]
Permission(deno_core::error::AnyError),
Permission(#[from] deno_permissions::PermissionCheckError),
#[error(transparent)]
Other(deno_core::error::AnyError),
}
Expand Down Expand Up @@ -572,9 +572,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
permissions
.check_partial_no_path()
.map_err(CallbackError::Permission)?;
permissions.check_partial_no_path()?;

let thread_id: u32 = LOCAL_THREAD_ID.with(|s| {
let value = *s.borrow();
Expand Down
6 changes: 2 additions & 4 deletions ext/ffi/dlfcn.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ pub enum DlfcnError {
#[error(transparent)]
Dlopen(#[from] dlopen2::Error),
#[error(transparent)]
Permission(deno_core::error::AnyError),
Permission(#[from] deno_permissions::PermissionCheckError),
#[error(transparent)]
Other(deno_core::error::AnyError),
}
Expand Down Expand Up @@ -133,9 +133,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
let path = permissions
.check_partial_with_path(&args.path)
.map_err(DlfcnError::Permission)?;
let path = permissions.check_partial_with_path(&args.path)?;

let lib = Library::open(&path).map_err(|e| {
dlopen2::Error::OpeningLibraryError(std::io::Error::new(
Expand Down
11 changes: 5 additions & 6 deletions ext/ffi/lib.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.

use deno_core::error::AnyError;

use std::mem::size_of;
use std::os::raw::c_char;
use std::os::raw::c_short;
Expand Down Expand Up @@ -31,6 +29,7 @@ use symbol::Symbol;

pub use call::CallError;
pub use callback::CallbackError;
use deno_permissions::PermissionCheckError;
pub use dlfcn::DlfcnError;
pub use ir::IRError;
pub use r#static::StaticError;
Expand All @@ -48,25 +47,25 @@ const _: () = {
pub const UNSTABLE_FEATURE_NAME: &str = "ffi";

pub trait FfiPermissions {
fn check_partial_no_path(&mut self) -> Result<(), AnyError>;
fn check_partial_no_path(&mut self) -> Result<(), PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_partial_with_path(
&mut self,
path: &str,
) -> Result<PathBuf, AnyError>;
) -> Result<PathBuf, PermissionCheckError>;
}

impl FfiPermissions for deno_permissions::PermissionsContainer {
#[inline(always)]
fn check_partial_no_path(&mut self) -> Result<(), AnyError> {
fn check_partial_no_path(&mut self) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_ffi_partial_no_path(self)
}

#[inline(always)]
fn check_partial_with_path(
&mut self,
path: &str,
) -> Result<PathBuf, AnyError> {
) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_ffi_partial_with_path(
self, path,
)
Expand Down
Loading

0 comments on commit 1bdecc8

Please sign in to comment.