fix(runtime): mitigate permission prompt stuffing

Flush the tty's input buffer before reading to avoid already typed characters from being treated as the answer to the permissions prompt. Fixes denoland#9750.
bnoordhuis · Mar 17, 2021 · bb8ab8d · bb8ab8d
1 parent bd961c3
commit bb8ab8d
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/runtime/permissions.rs b/runtime/permissions.rs
@@ -641,6 +641,12 @@ fn permission_prompt(message: &str) -> bool {
   if !atty::is(atty::Stream::Stdin) || !atty::is(atty::Stream::Stderr) {
     return false;
   };
+  #[cfg(unix)]
+  unsafe {
+    if -1 == libc::tcflush(libc::STDIN_FILENO, libc::TCIFLUSH) {
+      return false;
+    }
+  }
   let msg = format!(
     "️{}  {}. Grant? [g/d (g = grant, d = deny)] ",
     PERMISSION_EMOJI, message