Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(perm): allow-net with port 80 #21221

Merged
merged 2 commits into from
Dec 1, 2023
Merged

fix(perm): allow-net with port 80 #21221

merged 2 commits into from
Dec 1, 2023
+14 −3

Conversation

irbull
Copy link
Contributor

@irbull irbull commented Nov 16, 2023

This change-set adds a test case that demonstrates an issues with allow-net. If allow-net specifies a host and port, and the port is 80, then all ports are allowed.

This doesn't appear to happen with other well known ports.

This test demonstrates the problem reported in #21220.

@CLAassistant
Copy link

CLAassistant commented Nov 16, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@irbull irbull changed the title [WIP] Test case that demonstrates allow-net issue fix(perm): allow-net with port 80 Nov 16, 2023
@irbull
Copy link
Contributor Author

irbull commented Nov 16, 2023

I've updated the PR with the following commit:

When setting `allow-net` to a host and port, if the port is 80, then
all ports are allowed. During the parsing of the host and port,
the scheme was assumed to be `http` which makes the port redundant.
In this case, Url::parse assumed `None` for the port, which allowed
for all ports.

This change-set uses the term `unknown` for the scheme as this has
no effect on the parsing of the host and port and ensures that the
specified port is used.

Fixes https://github.com/denoland/deno/issues/21220

@irbull irbull marked this pull request as ready for review November 16, 2023 19:22
@irbull
Copy link
Contributor Author

irbull commented Nov 16, 2023

Looks like when you call Url::parse on http:// the parse will return an error (EmptyHost) but if you use a custom scheme unknown:// it won't.

@irbull
fix(perm): allow-net with port 80

Verified

This commit was signed with the committer’s verified signature.
KinectTheUnknown David-Joseph Xayavong
GPG key ID: B1EA99A6C5178449
Verified
Learn about vigilant mode
bf08744 
When setting `allow-net` to a host and port, if the port is 80, then
all ports are allowed. During the parsing of the host and port,
the scheme was assumed to be `http` which makes the port redundant.
In this case, Url::parse assumed `None` for the port, which allowed
for all ports.

This change-set uses the term `unknown` for the scheme as this has
no effect on the parsing of the host and port and ensures that the
specified port is used.

Finally, when extracting the hsotname, return a `ParseError::EmptyHost`
if the host is not specified. This behaviour is consistent with
Url::parse when an `http` scheme is set.

Fixes denoland#21220
@irbull
Copy link
Contributor Author

irbull commented Nov 16, 2023

Updated the change-set to explicitly return a url::ParseError::EmptyHost if the host is not set. This is what Url::Parse does for well known schemes. It's also probably a bit safer anyways, instead of blindly calling unwrap.

@irbull
Copy link
Contributor Author

irbull commented Nov 18, 2023

The tests appear to run locally for me, so we should be able to kick this off again on the infra. Do you want me to rebase this change-set on main?

@bartlomieju
Copy link
Member

Hey @irbull, sorry for a slow turnaround. Someone will review the PR this week.

@irbull
Copy link
Contributor Author

irbull commented Nov 28, 2023

No worries. I'm actually travelling right now. Let me know if you'd like me to rebase this first?

@bartlomieju
Copy link
Member

No worries. I'm actually travelling right now. Let me know if you'd like me to rebase this first?

No need, looks fine 👍

@irbull
Copy link
Contributor Author

irbull commented Nov 28, 2023

The test failures here seem to come from the integration tests for the server and the server not being shut down properly. I saw these too, but others were also suggesting that a transient issue in the tests may have been at play then. I rebased locally and ran the tests again today and I don't see this, although I'm running them on Mac not Windows.

@crowlKats
Merge branch 'main' into allow-net-port

Verified

This commit was signed with the committer’s verified signature.
KinectTheUnknown David-Joseph Xayavong
GPG key ID: B1EA99A6C5178449
Verified
Learn about vigilant mode
7509a69
crowlKats
crowlKats approved these changes Dec 1, 2023
View reviewed changes
Copy link
Member

@crowlKats crowlKats left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks

@crowlKats crowlKats merged commit e087851 into denoland:main Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crowlKats crowlKats

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@irbull @CLAassistant @bartlomieju @crowlKats