Add permission flags

2024-11-21 20:38:55 +00:00 · 2018-05-29 05:27:41 -04:00 · 2018-05-29 05:27:41 -04:00 · e64e4e3ec8
commit e64e4e3ec8
parent 47cfde452d
4 changed files with 40 additions and 2 deletions
--- a/fetch.go
+++ b/fetch.go
@ -31,6 +31,12 @@ func Fetch(id int32, targetUrl string) []byte {
 			FetchResId: id,
 		}

+		if !Perms.Connect {
+			resMsg.Error = "Permission to connect denied."
+			PubMsg("fetch", resMsg)
+			return
+		}
+
 		resp, err := http.Get(targetUrl)
 		if err != nil {
 			resMsg.Error = err.Error()
--- a/integration_test.go
+++ b/integration_test.go
@ -149,7 +149,8 @@ func TestErrors(t *testing.T) {

 func TestTestsTs(t *testing.T) {
 	integrationTestSetup()
-	cmd := exec.Command(denoFn, "tests.ts")
+	// TODO Need unit test for each of the permissions.
+	cmd := exec.Command(denoFn, "--allow-connect", "--allow-write", "tests.ts")
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	err := cmd.Run()
--- a/main.go
+++ b/main.go
@ -14,6 +14,29 @@ var flagV8Options = flag.Bool("v8-options", false, "Print V8 command line option
 var flagDebug = flag.Bool("debug", false, "Enable debug output.")
 var flagGoProf = flag.String("goprof", "", "Write golang cpu profile to file.")

+var flagAllowWrite = flag.Bool("allow-write", false,
+	"Allow program to write to the fs.")
+var flagAllowConnect = flag.Bool("allow-connect", false,
+	"Allow program to connect to other network addresses.")
+var flagAllowAccept = flag.Bool("allow-accept", false,
+	"Allow program to accept connections.")
+var flagAllowRead = flag.Bool("allow-read", true,
+	"Allow program to read file system.")
+
+var Perms struct {
+	FsRead  bool
+	FsWrite bool
+	Connect bool
+	Accept  bool
+}
+
+func setPerms() {
+	Perms.FsRead = *flagAllowRead
+	Perms.FsWrite = *flagAllowWrite
+	Perms.Connect = *flagAllowConnect
+	Perms.Accept = *flagAllowAccept
+}
+
 func stringAsset(path string) string {
 	data, err := Asset("dist/" + path)
 	check(err)
@ -23,6 +46,7 @@ func stringAsset(path string) string {
 func FlagsParse() []string {
 	flag.Parse()
 	args := flag.Args()
+	setPerms()
 	if *flagV8Options {
 		args = append(args, "--help")
 	}
--- a/os.go
+++ b/os.go
@ -17,7 +17,14 @@ const assetPrefix string = "/$asset$/"
 var fs afero.Fs

 func InitOS() {
-	fs = afero.NewOsFs()
+	if Perms.FsWrite {
+		assert(Perms.FsRead, "Write access requires read access.")
+		fs = afero.NewOsFs()
+	} else if Perms.FsRead {
+		fs = afero.NewReadOnlyFs(afero.NewOsFs())
+	} else {
+		panic("Not implemented.")
+	}

 	Sub("os", func(buf []byte) []byte {
 		msg := &Msg{}