Options
All
  • Public
  • Public/Protected
  • All
Menu

Module "guard"

Index

Type aliases

GuardGrant

GuardGrant: Deno.PermissionName | Deno.PermissionDescriptor

A Deno permission name or a full permission descriptor.

See https://github.com/denoland/deno/blob/master/cli/js/lib.deno.unstable.d.ts

Private PermissionDescriptorStatus

PermissionDescriptorStatus: Deno.PermissionStatus & Deno.PermissionDescriptor

A permission descriptor merged with it's status.

See https://github.com/denoland/deno/blob/master/cli/js/lib.deno.unstable.d.ts

Variables

Const DENIED

DENIED: Deno.PermissionState = "denied"

Const ENV

ENV: Deno.PermissionName = "env"

The "powerful feature" "env" which needs permission.

See:

Note that the definition of PermissionName in the above spec is swapped out for a set of Deno permissions which are not web-compatible.

Const GRANTED

GRANTED: Deno.PermissionState = "granted"

Const HRTIME

HRTIME: Deno.PermissionName = "hrtime"

The "powerful feature" "hrtime" which needs permission.

See:

Note that the definition of PermissionName in the above spec is swapped out for a set of Deno permissions which are not web-compatible.

Private Const HTTP_PROTOCOL

HTTP_PROTOCOL: RegExp = /^https?\:\/\//

Regex for matching HTTP/HTTPS protocols.

Const NET

NET: Deno.PermissionName = "net"

The "powerful feature" "net" which needs permission.

See:

Note that the definition of PermissionName in the above spec is swapped out for a set of Deno permissions which are not web-compatible.

Const PLUGIN

PLUGIN: Deno.PermissionName = "plugin"

The "powerful feature" "plugin" which needs permission.

See:

Note that the definition of PermissionName in the above spec is swapped out for a set of Deno permissions which are not web-compatible.

Const PROMPT

PROMPT: Deno.PermissionState = "prompt"

Const READ

READ: Deno.PermissionName = "read"

The "powerful feature" "read" which needs permission.

See:

Note that the definition of PermissionName in the above spec is swapped out for a set of Deno permissions which are not web-compatible.

Const RUN

RUN: Deno.PermissionName = "run"

The "powerful feature" "run" which needs permission.

See:

Note that the definition of PermissionName in the above spec is swapped out for a set of Deno permissions which are not web-compatible.

Const WRITE

WRITE: Deno.PermissionName = "write"

The "powerful feature" "write" which needs permission.

See:

Note that the definition of PermissionName in the above spec is swapped out for a set of Deno permissions which are not web-compatible.

Private Const permissionNameToFlagMap

permissionNameToFlagMap: Map<Deno.PermissionName, string> = new Map(topLevelPermissions.map(({ name }) => [name, `--allow-${name}`]),)

A map of top-level permissions to their flag.

Private Const permissionsWithWhitelists

permissionsWithWhitelists: Deno.PermissionName[] = [READ, NET, WRITE]

A list of top-level permissions that support an optional whitelist.

Private Const topLevelPermissions

topLevelPermissions: Deno.PermissionDescriptor[] = [{ name: RUN },{ name: READ },{ name: WRITE },{ name: NET },{ name: ENV },{ name: PLUGIN },{ name: HRTIME },]

A list of all top-level permissions as descriptors.

Functions

Private Const getPermissionDescriptorStatus

  • Adds the current grant status to each the provided permission descriptors.

    Parameters

    • permissionDescriptors: Deno.PermissionDescriptor[]

    Returns Promise<PermissionDescriptorStatus[]>

    The requested permission statuses.

Private Const getPermissionWhitelist

  • getPermissionWhitelist(__namedParameters?: { path: any; url: any }): string
  • Returns a permission's whitelist value if it exists, otherwise an empty string ("") is returned.

    Parameters

    • Default value __namedParameters: { path: any; url: any } = {}
      • path: any
      • url: any

    Returns string

Private Const getUnscopedPermissions

  • getUnscopedPermissions(granted: Deno.PermissionDescriptor[]): Deno.PermissionDescriptor[]
  • Filters the provided permissions to those which support a whitelist but have be left with top-level scope.

    Parameters

    • granted: Deno.PermissionDescriptor[]

    Returns Deno.PermissionDescriptor[]

guard

  • Provides a set of defences for your application.

    This is done by verifying:

    1. No unnecessary permissions have been set at runtime.
    2. Requested / required permissions have been set at runtime.

    Optional configuration parameters for the guard include:

    • granted - a list of Deno permission names or descriptors that should be permitted by the guard. Default: [].
    • exitOnMissing - a flag to determine whether the guard should stop the process when permissions listed in the granted array have not been granted. Default: false.
    • exitOnExtra - a flag to determine whether the guard should stop the process when permissions not listed in the granted array have been granted. Default: true.
    • log - a flag to determine the guard should log any warnings or errors to the console. Default: false.

    If the guard determines to stop the process, the exit code will be 1, i.e. Deno.exit(1).

    As the Deno Permissions API is currently tagged as "unstable", this method will currently only perform the above defenses if the process is started with the --unstable flag. Once the API becomes stable, this flag will no longer be required. If the flag is not provided, guard will simply return as a no-op, so it is safe to use the guard in applications that won't be passed the --unstable flag.

    Parameters

    Returns Promise<void>

Private Const handleMissingGrantedPermissions

  • Handles the optional logging and process exiting for scenarios in which configured / required permissions are missing.

    Parameters

    Returns void

Private Const handleUngrantedTopLevelPermissions

  • Handles the optional logging and process exiting for scenarios in which insecure and ungranted top-level permissions have been set.

    Parameters

    Returns void

Private Const handleUnscopedPermissions

  • handleUnscopedPermissions(permissions: Deno.PermissionDescriptor[]): void
  • Handles the optional logging of recommendations when a top-level permission has been requested that supports whitelisting.

    Parameters

    • permissions: Deno.PermissionDescriptor[]

    Returns void

Generated using TypeDoc