Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(permission): support suffix wildcards in --allow-env flag #25255

Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
085b111
Add wildcard support to --allow-env flag for environment variable pat…
yazan-abdalrahman Aug 28, 2024
5e463d3
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Aug 28, 2024
1dae2e4
fix, test
yazan-abdalrahman Aug 28, 2024
849e194
Merge remote-tracking branch 'origin/Enhance---allow-env-to-Support-P…
yazan-abdalrahman Aug 28, 2024
574f292
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 3, 2024
8ae53a6
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 4, 2024
7d0b807
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 4, 2024
32af9f7
New solution with support env.get and set
yazan-abdalrahman Sep 4, 2024
ac39fc9
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 5, 2024
8603674
fmt
yazan-abdalrahman Sep 5, 2024
981a9ce
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 5, 2024
a7469b9
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 5, 2024
7a93a1a
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 5, 2024
8df48c3
fix
yazan-abdalrahman Sep 5, 2024
7ed8376
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 5, 2024
4c31cdd
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 5, 2024
b5c8bb8
fix new solution
yazan-abdalrahman Sep 5, 2024
24e2ac5
Merge remote-tracking branch 'origin/Enhance---allow-env-to-Support-P…
yazan-abdalrahman Sep 5, 2024
3076ca9
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 8, 2024
e49e0ef
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 10, 2024
6a368f9
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 16, 2024
afff2c8
Merge branch 'refs/heads/main' into Enhance---allow-env-to-Support-Pr…
yazan-abdalrahman Sep 18, 2024
22b568f
fmt
yazan-abdalrahman Sep 18, 2024
6153314
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Sep 24, 2024
9ef3509
Merge branch 'refs/heads/main' into Enhance---allow-env-to-Support-Pr…
yazan-abdalrahman Oct 9, 2024
c828c7c
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Oct 17, 2024
525cdbc
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Oct 21, 2024
63b3e22
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Oct 30, 2024
37c49be
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
yazan-abdalrahman Nov 12, 2024
372266b
wip
bartlomieju Nov 17, 2024
600d042
Merge branch 'env_wildcard' into Enhance---allow-env-to-Support-Prefi…
bartlomieju Nov 17, 2024
4b2b357
cleanup
bartlomieju Nov 17, 2024
365525e
test for wildcards in workers
bartlomieju Nov 20, 2024
6d12ba3
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
bartlomieju Nov 20, 2024
522a4f3
move definition beside impl
dsherret Nov 20, 2024
78d9617
allow doing a subset of a prefix when creating child perms
dsherret Nov 20, 2024
0bc4cd7
Merge branch 'main' into Enhance---allow-env-to-Support-Prefix,-Suffi…
bartlomieju Nov 20, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 31 additions & 1 deletion cli/args/flags.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1325,6 +1325,35 @@ pub fn flags_from_vec(args: Vec<OsString>) -> clap::error::Result<Flags> {
Ok(flags)
}

fn process_env_permissions(allowed_env_vars: Vec<String>) -> Vec<String> {
let mut env_permissions = Vec::new();
for env_var in allowed_env_vars {
if let Some(suffix) = env_var.strip_prefix('*') {
for (key, _value) in std::env::vars() {
if key.ends_with(suffix) {
env_permissions.push(key);
}
}
} else if let Some(prefix) = env_var.strip_suffix('*') {
for (key, _value) in std::env::vars() {
if key.starts_with(prefix) {
env_permissions.push(key);
}
}
} else if env_var.contains('*') {
let pattern = env_var.replace('*', "");
for (key, _value) in std::env::vars() {
if key.contains(&pattern) {
env_permissions.push(key);
}
}
} else {
env_permissions.push(env_var);
}
}
env_permissions
}

macro_rules! heading {
($($name:ident = $title:expr),+; $total:literal) => {
$(const $name: &str = $title;)+
Expand Down Expand Up @@ -5071,7 +5100,8 @@ fn permission_args_parse(flags: &mut Flags, matches: &mut ArgMatches) {
}

if let Some(env_wl) = matches.remove_many::<String>("allow-env") {
flags.permissions.allow_env = Some(env_wl.collect());
let env_permissions = process_env_permissions(env_wl.collect());
flags.permissions.allow_env = Some(env_permissions);
debug!("env allowlist: {:#?}", &flags.permissions.allow_env);
}

Expand Down
34 changes: 34 additions & 0 deletions tests/specs/permission/process_env_permissions/__test__.jsonc
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"tempDir": true,
"tests": {
"deno_env_wildcard_tests": {
"envs": {
"MYAPP_HELLO": "Hello\tworld,",
"MYAPP_GOODBYE": "farewell",
"OTHER_VAR": "ignore"
},
"steps": [
{
"args": "run --allow-env=MYAPP_* main.js",
"output": "Hello\tworld,\nfarewell\n"
},
{
"args": "run --allow-env=*_HELLO,*_GOODBYE main.js",
"output": "Hello\tworld,\nfarewell\n"
},
{
"args": "run --allow-env=* main.js",
"output": "Hello\tworld,\nfarewell\n"
},
{
"args": "run --allow-env main.js",
"output": "Hello\tworld,\nfarewell\n"
},
{
"args": "run --allow-env=MYAPP_HELLO,MYAPP_GOODBYE main.js",
"output": "Hello\tworld,\nfarewell\n"
}
]
}
}
}
2 changes: 2 additions & 0 deletions tests/specs/permission/process_env_permissions/main.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
console.log(Deno.env.get("MYAPP_HELLO"));
console.log(Deno.env.get("MYAPP_GOODBYE"));