Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: handle InvalidLabelChar in URL validation to prevent panic #24080

Closed
wants to merge 38 commits into from
Closed

fix: handle InvalidLabelChar in URL validation to prevent panic #24080

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift click to select a range
f979e0c
handle InvalidLabelChar in URL validation to prevent panic
yazan-abdalrahman Jun 2, 2024
2d8e29a
ci: trigger CI pipeline
yazan-abdalrahman Jun 3, 2024
ba2b828
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 3, 2024
a5199a3
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 4, 2024
78ddde1
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 4, 2024
1fe2399
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 5, 2024
6d254a1
fix lint issues
yazan-abdalrahman Jun 6, 2024
c8488b6
Merge remote-tracking branch 'origin/fix-url-validation-panic' into f…
yazan-abdalrahman Jun 6, 2024
3a875fd
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 6, 2024
9971b64
handle empty value
yazan-abdalrahman Jun 9, 2024
6a92d09
Merge branch 'main' of https://github.com/yazan-abdalrahman/deno into…
yazan-abdalrahman Jun 9, 2024
5db82f3
fix cyclic dependence
yazan-abdalrahman Jun 10, 2024
f942a31
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 10, 2024
9146e36
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 11, 2024
e8b5b29
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 11, 2024
c20874c
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 11, 2024
7cff4e2
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 11, 2024
a8324ae
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 12, 2024
2a4dc4b
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 12, 2024
3655231
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 13, 2024
41b0cb2
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 13, 2024
94fe173
Merge branch 'main' of https://github.com/yazan-abdalrahman/deno into…
yazan-abdalrahman Jun 20, 2024
5178a56
Merge branch 'main' of https://github.com/yazan-abdalrahman/deno into…
yazan-abdalrahman Jun 23, 2024
d4ed2f9
Merge branch 'main' of https://github.com/yazan-abdalrahman/deno into…
yazan-abdalrahman Jun 24, 2024
7a50fde
fix test failures
yazan-abdalrahman Jun 24, 2024
8701009
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 24, 2024
378a168
Remove file
dsherret Jun 24, 2024
f0642d3
Remove processing a URL &&
yazan-abdalrahman Jun 25, 2024
f156f3f
Merge remote-tracking branch 'origin/fix-url-validation-panic' into f…
yazan-abdalrahman Jun 25, 2024
8012e79
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 25, 2024
731de60
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 25, 2024
81cee0c
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 25, 2024
a566a11
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 26, 2024
57da102
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jun 27, 2024
4f7d572
add support for latin characters for domain and fix IPv6 parsing
yazan-abdalrahman Jul 1, 2024
3978b24
Merge branch 'main' into fix-url-validation-panic
yazan-abdalrahman Jul 1, 2024
e7df56f
Merge remote-tracking branch 'refs/remotes/origin/main' into fix-url-…
yazan-abdalrahman Jul 2, 2024
a1441e4
format
yazan-abdalrahman Jul 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 110,7 @@ faster-hex = "0.9"
fastwebsockets = { version = "0.6", features = ["upgrade", "unstable-split"] }
filetime = "0.2.16"
flate2 = { version = "1.0.26", default-features = false }
fqdn = "0.3.4"
fs3 = "0.5.0"
futures = "0.3.21"
glob = "0.3.1"
Expand Down
39 changes: 39 additions & 0 deletions cli/args/flags.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9845,4 9845,43 @@ mod tests {
}
);
}

#[test]
fn wildcard_flags() {
#[rustfmt::skip]
let r = flags_from_vec(svec![
"deno",
"run",
"--allow-read",
"--allow-write=notion-next",
"--allow-net=api.notion.com,*.amazonaws.com",
"--allow-env",
"script.ts"
]);

let flags = r.unwrap();
assert_eq!(
flags,
Flags {
subcommand: DenoSubcommand::Run(RunFlags::new_default(
"script.ts".to_string()
)),
permissions: PermissionFlags {
allow_env: Some(vec![],),
allow_net: Some(vec![
"api.notion.com".to_string(),
"*.amazonaws.com".to_string(),
],),
allow_read: Some(vec![],),
allow_write: Some(vec!["notion-next".to_string(),],),
..Default::default()
},
unstable_config: UnstableConfig {
..Default::default()
},
code_cache_enabled: true,
..Flags::default()
}
);
}
}
1 change: 1 addition & 0 deletions ext/net/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 17,7 @@ path = "lib.rs"
deno_core.workspace = true
deno_permissions.workspace = true
deno_tls.workspace = true
fqdn.workspace = true
pin-project.workspace = true
rustls-tokio-stream.workspace = true
serde.workspace = true
Expand Down
144 changes: 139 additions & 5 deletions ext/net/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 11,9 @@ mod tcp;

use deno_core::error::AnyError;
use deno_core::OpState;
use deno_permissions::host::split_host_port;
use deno_permissions::host::Host;
use deno_permissions::NetDescriptor;
use deno_tls::rustls::RootCertStore;
use deno_tls::RootCertStoreProvider;
use std::path::Path;
Expand All @@ -19,10 22,46 @@ use std::sync::Arc;

pub const UNSTABLE_FEATURE_NAME: &str = "net";

#[derive(Clone, Eq, PartialEq, Hash, Debug)]
pub struct NetPermissionHost {
pub host: Host,
pub port: Option<u16>,
}

impl NetPermissionHost {
pub fn from_host_and_maybe_port(
host: &str,
port: Option<u16>,
) -> Result<Self, AnyError> {
let lowercased = host.to_lowercase();
let extracted_host = lowercased.as_str();
let (host_str, mut port_) = split_host_port(extracted_host)?;
let host =
Host::from_host_and_origin_host(host_str.as_str(), extracted_host)?;

if host.is_ipv6()
&& (!extracted_host.contains('[') || !extracted_host.contains(']'))
{
port_ = None;
}

let final_port = if let Some(port_) = port_ {
Some(port_)
} else {
port
};

Ok(NetPermissionHost {
host,
port: final_port,
})
}
}

pub trait NetPermissions {
fn check_net<T: AsRef<str>>(
fn check_net(
&mut self,
_host: &(T, Option<u16>),
_host: &NetPermissionHost,
_api_name: &str,
) -> Result<(), AnyError>;
fn check_read(&mut self, _p: &Path, _api_name: &str) -> Result<(), AnyError>;
Expand All @@ -32,12 71,18 @@ pub trait NetPermissions {

impl NetPermissions for deno_permissions::PermissionsContainer {
#[inline(always)]
fn check_net<T: AsRef<str>>(
fn check_net(
&mut self,
host: &(T, Option<u16>),
host: &NetPermissionHost,
api_name: &str,
) -> Result<(), AnyError> {
deno_permissions::PermissionsContainer::check_net(self, host, api_name)
let _host = host.clone().host;
let _port = host.clone().port;
deno_permissions::PermissionsContainer::check_net(
self,
&NetDescriptor(_host, _port),
api_name,
)
}

#[inline(always)]
Expand Down Expand Up @@ -178,3 223,92 @@ mod ops_unix {
stub_op!(op_net_recv_unixpacket);
stub_op!(op_net_send_unixpacket<P>);
}

#[cfg(test)]
mod tests {
use super::NetPermissionHost;
use deno_permissions::host::Host;
use fqdn::FQDN;
use std::net::Ipv4Addr;
use std::net::Ipv6Addr;
use std::str::FromStr;

#[test]
fn test_net_permission_host_parsing() {
// Parsing host address without a port
assert_eq!(
NetPermissionHost::from_host_and_maybe_port("deno.land.", None).unwrap(),
NetPermissionHost {
host: Host::FQDN(FQDN::from_str("deno.land").unwrap()),
port: None
}
);

// Parsing host address with a port
assert_eq!(
NetPermissionHost::from_host_and_maybe_port("deno.land:80", None)
.unwrap(),
NetPermissionHost {
host: Host::FQDN(FQDN::from_str("deno.land").unwrap()),
port: Some(80)
}
);

// Parsing an IPv4 address
assert_eq!(
NetPermissionHost::from_host_and_maybe_port("127.0.0.1", None).unwrap(),
NetPermissionHost {
host: Host::Ipv4(Ipv4Addr::new(127, 0, 0, 1)),
port: None
}
);

// Parsing an IPv4 address with a port
assert_eq!(
NetPermissionHost::from_host_and_maybe_port("127.0.0.1:80", None)
.unwrap(),
NetPermissionHost {
host: Host::Ipv4(Ipv4Addr::new(127, 0, 0, 1)),
port: Some(80)
}
);

// Parsing an IPv6 address
assert_eq!(
NetPermissionHost::from_host_and_maybe_port(
"[2606:4700:4700::1111]",
None
)
.unwrap(),
NetPermissionHost {
host: Host::Ipv6(Ipv6Addr::new(
0x2606, 0x4700, 0x4700, 0, 0, 0, 0, 0x1111
)),
port: None
}
);

// Parsing an IPv6 address with a port
assert_eq!(
NetPermissionHost::from_host_and_maybe_port(
"[2606:4700:4700::1111]:80",
None
)
.unwrap(),
NetPermissionHost {
host: Host::Ipv6(Ipv6Addr::new(
0x2606, 0x4700, 0x4700, 0, 0, 0, 0, 0x1111
)),
port: Some(80)
}
);

// Parsing invalid host with special characters
assert_eq!(
NetPermissionHost::from_host_and_maybe_port("[email protected].", None)
.unwrap_err()
.to_string(),
"Failed to parse host: [email protected].\n"
);
}
}
Loading
Loading