Skip to content

Commit d0a4740

Browse files
kt3kkt3k
committed
check net permission with hostname parameter
1 parent 55d5033 commit d0a4740

File tree

2 files changed

+28
-12
lines changed

2 files changed

+28
-12
lines changed

ext/node/lib.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -312,7 +312,7 @@ deno_core::extension!(deno_node,
312312
ops::crypto::x509::op_node_x509_get_serial_number,
313313
ops::crypto::x509::op_node_x509_key_usage,
314314
ops::crypto::x509::op_node_x509_public_key,
315-
ops::dns::op_getaddrinfo,
315+
ops::dns::op_getaddrinfo<P>,
316316
ops::fs::op_node_fs_exists_sync<P>,
317317
ops::fs::op_node_fs_exists<P>,
318318
ops::fs::op_node_cp_sync<P>,

ext/node/ops/dns.rs

Lines changed: 27 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,13 @@
11
// Copyright 2018-2025 the Deno authors. MIT license.
22

3+
use std::cell::RefCell;
4+
use std::rc::Rc;
35
use std::str::FromStr;
46

57
use deno_core::op2;
8+
use deno_core::OpState;
9+
use deno_error::JsError;
10+
use deno_permissions::PermissionCheckError;
611
use hyper_util::client::legacy::connect::dns::GaiResolver;
712
use hyper_util::client::legacy::connect::dns::Name;
813
use serde::Serialize;
@@ -15,26 +20,37 @@ struct GetAddrInfoResult {
1520
address: String,
1621
}
1722

18-
#[derive(Debug, thiserror::Error, deno_error::JsError)]
19-
#[class(generic)]
20-
#[error("Could not resolve the hostname '{hostname}'")]
21-
pub struct GetAddrInfoError {
22-
hostname: String,
23+
#[derive(Debug, thiserror::Error, JsError)]
24+
pub enum GetAddrInfoError {
25+
#[class(inherit)]
26+
#[error(transparent)]
27+
Permission(#[from] PermissionCheckError),
28+
#[class(type)]
29+
#[error("Could not resolve the hostname \"{0}\"")]
30+
Resolution(String),
2331
}
2432

2533
#[op2(async, stack_trace)]
2634
#[serde]
27-
pub async fn op_getaddrinfo(
35+
pub async fn op_getaddrinfo<P>(
36+
state: Rc<RefCell<OpState>>,
2837
#[string] hostname: String,
29-
) -> Result<Vec<GetAddrInfoResult>, GetAddrInfoError> {
38+
) -> Result<Vec<GetAddrInfoResult>, GetAddrInfoError>
39+
where
40+
P: crate::NodePermissions + 'static,
41+
{
42+
{
43+
let mut state_ = state.borrow_mut();
44+
let permissions = state_.borrow_mut::<P>();
45+
permissions.check_net((hostname.as_str(), None), "lookup")?;
46+
}
3047
let mut resolver = GaiResolver::new();
31-
let name = Name::from_str(&hostname).map_err(|_| GetAddrInfoError {
32-
hostname: hostname.clone(),
33-
})?;
48+
let name = Name::from_str(&hostname)
49+
.map_err(|_| GetAddrInfoError::Resolution(hostname.clone()))?;
3450
resolver
3551
.call(name)
3652
.await
37-
.map_err(|_| GetAddrInfoError { hostname })
53+
.map_err(|_| GetAddrInfoError::Resolution(hostname))
3854
.map(|addrs| {
3955
addrs
4056
.into_iter()

0 commit comments

Comments
 (0)