grant net permission for ips when net perms given to hostname

Author: kt3k

ext/node/lib.rs

@@ -87,6 +87,7 @@ pub trait NodePermissions {
     path: &str,
     api_name: Option<&str>,
   ) -> Result<PathBuf, PermissionCheckError>;
+  fn grant_net(&mut self, host: &str, port: Option<u16>);
 }
 
 impl NodePermissions for deno_permissions::PermissionsContainer {
@@ -147,6 +148,11 @@ impl NodePermissions for deno_permissions::PermissionsContainer {
   ) -> Result<(), PermissionCheckError> {
     deno_permissions::PermissionsContainer::check_sys(self, kind, api_name)
   }
+
+  fn grant_net(&mut self, host: &str, port: Option<u16>) {
+    // ignore the result when host parsing fails
+    _ = deno_permissions::PermissionsContainer::grant_net(self, host, port);
+  }
 }
 
 #[allow(clippy::disallowed_types)]

ext/node/ops/dns.rs

@@ -44,6 +44,7 @@ where
     let permissions = state_.borrow_mut::<P>();
     permissions.check_net((hostname.as_str(), None), "lookup")?;
   }
+
   let mut resolver = GaiResolver::new();
   let name = Name::from_str(&hostname)
     .map_err(|_| GetAddrInfoError::Resolution(hostname.clone()))?;
@@ -52,14 +53,19 @@ where
     .await
     .map_err(|_| GetAddrInfoError::Resolution(hostname))
     .map(|addrs| {
+      let mut state_ = state.borrow_mut();
+      let permissions = state_.borrow_mut::<P>();
       addrs
         .into_iter()
-        .map(|addr| GetAddrInfoResult {
-          family: match addr {
-            std::net::SocketAddr::V4(_) => 4,
-            std::net::SocketAddr::V6(_) => 6,
-          },
-          address: addr.ip().to_string(),
+        .map(|addr| {
+          permissions.grant_net(&addr.ip().to_string(), None);
+          GetAddrInfoResult {
+            family: match addr {
+              std::net::SocketAddr::V4(_) => 4,
+              std::net::SocketAddr::V6(_) => 6,
+            },
+            address: addr.ip().to_string(),
+          }
         })
         .collect::<Vec<_>>()
     })

runtime/permissions/lib.rs

@@ -3344,6 +3344,20 @@ impl PermissionsContainer {
       ),
     )
   }
+
+  pub fn grant_net(
+    &self,
+    host: &str,
+    port: Option<u16>,
+  ) -> Result<bool, NetDescriptorParseError> {
+    Ok(
+      self
+        .inner
+        .lock()
+        .net
+        .insert_granted(Some(&NetDescriptor(Host::parse(host)?, port))),
+    )
+  }
 }
 
 const fn unit_permission_from_flag_bools(

runtime/snapshot.rs

@@ -121,6 +121,9 @@ impl deno_node::NodePermissions for Permissions {
   ) -> Result<(), PermissionCheckError> {
     unreachable!("snapshotting!")
   }
+  fn grant_net(&mut self, _host: &str, _port: Option<u16>) {
+    unreachable!("snapshotting!")
+  }
 }
 
 impl deno_net::NetPermissions for Permissions {