Deno: listenTls allow-read whitelist not working

Created on 23 May 2020  路  2Comments  路  Source: denoland/deno 
// test.ts
console.log(`cert: ${(await Deno.open('./server.cert')).rid}`);

Deno.listenTls({
  port: 8888,
  hostname: '0.0.0.0',
  certFile: './server.cert',
  keyFile: './server.key'
});

````

C:\workspace\deno>deno --version
deno 1.0.2
v8 8.4.300
typescript 3.9.2

C:\workspace\deno>deno run --allow-net=0.0.0.0:8888 --allow-read=. test.ts
cert: 3
error: Uncaught PermissionDenied: read access to "./server.cert", run again with the --allow-read flag
at unwrapResponse ($deno$/ops/dispatch_json.ts:43:11)
at Object.sendSync ($deno$/ops/dispatch_json.ts:72:10)
at Object.listenTls ($deno$/ops/tls.ts:67:10)
at Object.listenTls ($deno$/tls.ts:51:22)
at file:///C:/workspace/deno/test.ts:3:16

C:\workspace\deno>deno run --allow-net=0.0.0.0:8888 --allow-read test.ts
cert: 3

C:\workspace\deno>
```

bug cli
Source
picture hastri

All 2 comments

Also connectTls

Deno.connectTls({
  port: 80,
  hostname: "127.0.0.1",
  certFile: "./server.cert",
});

$ deno run --allow-net --allow-read=. mod.ts 
error: Uncaught PermissionDenied: read access to "./server.cert", run again with the --allow-read flag
...

It's because certFile path is not canonicalized before checking for permission. Kinda similar to #5742. I'm gonna make a PR for these two functions.

tumile picture tumile on 28 May 2020
👍1

Resolved by #5642.

tumile picture tumile on 28 May 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

metakeule picture metakeule  路  3Comments
davidbarratt picture davidbarratt  路  3Comments
ry picture ry  路  3Comments
somombo picture somombo  路  3Comments
zugende picture zugende  路  3Comments