fix(runtime): Improve Error Handling and-Dot Handling in-fqdn! Macro

cli/args/flags.rs

@@ -9738,4 +9738,43 @@ mod tests {
       }
     );
   }
+
+  #[test]
+  fn wildcard_flags() {
+    #[rustfmt::skip]
+        let r = flags_from_vec(svec![
+      "deno",
+      "run",
+      "--allow-read",
+      "--allow-write=notion-next",
+      "--allow-net=api.notion.com,*.amazonaws.com",
+      "--allow-env",
+      "script.ts"
+    ]);
+
+    let flags = r.unwrap();
+    assert_eq!(
+      flags,
+      Flags {
+        subcommand: DenoSubcommand::Run(RunFlags::new_default(
+          "script.ts".to_string()
+        )),
+        permissions: PermissionFlags {
+          allow_env: Some(vec![],),
+          allow_net: Some(vec![
+            "api.notion.com".to_string(),
+            "*.amazonaws.com".to_string(),
+          ],),
+          allow_read: Some(vec![],),
+          allow_write: Some(vec!["notion-next".to_string(),],),
+          ..Default::default()
+        },
+        unstable_config: UnstableConfig {
+          ..Default::default()
+        },
+        code_cache_enabled: true,
+        ..Flags::default()
+      }
+    );
+  }
 }

runtime/permissions/lib.rs

@@ -1,5 +1,6 @@
 // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
 
+use deno_core::anyhow::anyhow;
 use deno_core::anyhow::Context;
 use deno_core::error::custom_error;
 use deno_core::error::type_error;
@@ -16,7 +17,6 @@ use deno_core::url;
 use deno_core::url::Url;
 use deno_core::ModuleSpecifier;
 use deno_terminal::colors;
-use fqdn::fqdn;
 use fqdn::FQDN;
 use once_cell::sync::Lazy;
 use std::borrow::Cow;
@@ -692,8 +692,10 @@ impl Descriptor for WriteDescriptor {
 pub struct NetDescriptor(pub FQDN, pub Option<u16>);
 
 impl NetDescriptor {
-  fn new<T: AsRef<str>>(host: &&(T, Option<u16>)) -> Self {
-    NetDescriptor(fqdn!(host.0.as_ref()), host.1)
+  fn new<T: AsRef<str>>(host: &&(T, Option<u16>)) -> Result<Self, AnyError> {
+    let fqdn = FQDN::from_str(host.0.as_ref())
+      .with_context(|| format!("Failed to parse {}", host.0.as_ref()))?;
+    Ok(NetDescriptor(fqdn, host.1))
   }
 }
 
@@ -733,13 +735,18 @@ impl FromStr for NetDescriptor {
     // Set the scheme to `unknown` to parse the URL, as we really don't know
     // what the scheme is. We only using Url::parse to parse the host and port
     // and don't care about the scheme.
-    let url = url::Url::parse(&format!("unknown://{s}"))?;
+    let url = url::Url::parse(&format!("unknown://{s}"))
+      .with_context(|| format!("Failed to parse {}", s))?;
+
     let hostname = url
       .host_str()
       .ok_or(url::ParseError::EmptyHost)?
       .to_string();
 
-    Ok(NetDescriptor(fqdn!(&hostname), url.port()))
+    let fqdn = FQDN::from_str(&hostname)
+      .with_context(|| format!("Failed to parse {}", hostname))?;
+
+    Ok(NetDescriptor(fqdn, url.port()))
   }
 }
 
@@ -1101,30 +1108,65 @@ impl UnaryPermission<WriteDescriptor> {
     self.check_desc(None, false, api_name, || None)
   }
 }
-
 impl UnaryPermission<NetDescriptor> {
   pub fn query<T: AsRef<str>>(
     &self,
     host: Option<&(T, Option<u16>)>,
   ) -> PermissionState {
-    self.query_desc(
-      host.map(|h| NetDescriptor::new(&h)).as_ref(),
-      AllowPartial::TreatAsPartialGranted,
-    )
+    let net_desc_result = match host {
+      Some(&(ref host_str, port_option)) => {
+        NetDescriptor::new(&&(host_str.as_ref(), port_option))
+      }
+      None => Err(anyhow!("Host information is missing")),
+    };
+    match net_desc_result {
+      Ok(net_desc) => {
+        self.query_desc(Some(&net_desc), AllowPartial::TreatAsPartialGranted)
+      }
+
+      Err(err) => {
+        log::error!("Error creating NetDescriptor: {}", err);
+        PermissionState::Prompt
+      }
+    }
   }
 
   pub fn request<T: AsRef<str>>(
     &mut self,
     host: Option<&(T, Option<u16>)>,
   ) -> PermissionState {
-    self.request_desc(host.map(|h| NetDescriptor::new(&h)).as_ref(), || None)
+    let net_desc_result = match host {
+      Some(&(ref host_str, port_option)) => {
+        NetDescriptor::new(&&(host_str.as_ref(), port_option))
+      }
+      None => Err(anyhow!("Host information is missing")),
+    };
+    match net_desc_result {
+      Ok(net_desc) => self.request_desc(Some(&net_desc), || None),
+      Err(err) => {
+        log::error!("Error creating NetDescriptor: {}", err);
+        PermissionState::Prompt
+      }
+    }
   }
 
   pub fn revoke<T: AsRef<str>>(
     &mut self,
     host: Option<&(T, Option<u16>)>,
   ) -> PermissionState {
-    self.revoke_desc(host.map(|h| NetDescriptor::new(&h)).as_ref())
+    let net_desc_result = match host {
+      Some(&(ref host_str, port_option)) => {
+        NetDescriptor::new(&&(host_str.as_ref(), port_option))
+      }
+      None => Err(anyhow!("Host information is missing")),
+    };
+    match net_desc_result {
+      Ok(net_desc) => self.revoke_desc(Some(&net_desc)),
+      Err(err) => {
+        log::error!("Error creating NetDescriptor: {}", err);
+        PermissionState::Prompt
+      }
+    }
   }
 
   pub fn check<T: AsRef<str>>(
@@ -1133,7 +1175,16 @@ impl UnaryPermission<NetDescriptor> {
     api_name: Option<&str>,
   ) -> Result<(), AnyError> {
     skip_check_if_is_permission_fully_granted!(self);
-    self.check_desc(Some(&NetDescriptor::new(&host)), false, api_name, || None)
+    let net_desc_result = NetDescriptor::new(&&(host.0.as_ref(), host.1));
+    match net_desc_result {
+      Ok(net_desc) => {
+        self.check_desc(Some(&net_desc), false, api_name, || None)
+      }
+      Err(err) => {
+        log::error!("Error creating NetDescriptor: {}", err);
+        Err(err)
+      }
+    }
   }
 
   pub fn check_url(
@@ -1142,18 +1193,31 @@ impl UnaryPermission<NetDescriptor> {
     api_name: Option<&str>,
   ) -> Result<(), AnyError> {
     skip_check_if_is_permission_fully_granted!(self);
+
     let hostname = url
       .host_str()
-      .ok_or_else(|| uri_error("Missing host"))?
+      .ok_or_else(|| anyhow!("Missing host"))?
       .to_string();
-    let host = &(&hostname, url.port_or_known_default());
-    let display_host = match url.port() {
-      None => hostname.clone(),
-      Some(port) => format!("{hostname}:{port}"),
-    };
-    self.check_desc(Some(&NetDescriptor::new(&host)), false, api_name, || {
-      Some(format!("\"{}\"", display_host))
-    })
+    let port = url.port_or_known_default();
+    let host = &&(hostname.clone(), port);
+
+    let net_desc_result = NetDescriptor::new(host);
+
+    match net_desc_result {
+      Ok(net_desc) => {
+        let display_host = match url.port() {
+          None => hostname.clone(),
+          Some(port) => format!("{}:{}", hostname, port),
+        };
+        self.check_desc(Some(&net_desc), false, api_name, || {
+          Some(format!("\"{}\"", display_host))
+        })
+      }
+      Err(err) => {
+        log::error!("Error creating NetDescriptor: {}", err);
+        Err(err)
+      }
+    }
   }
 
   pub fn check_all(&mut self) -> Result<(), AnyError> {
@@ -3290,4 +3354,60 @@ mod tests {
     )
     .is_err());
   }
+
+  #[test]
+  fn test_net_descriptor_valid() {
+    let host: (String, Option<u16>) = ("foo.bar.com.".to_string(), Some(1));
+    let result = NetDescriptor::new(&&host);
+    assert!(result.is_ok());
+    let net_descriptor = result.unwrap();
+    assert_eq!(net_descriptor.0.to_string(), "foo.bar.com");
+    assert_eq!(net_descriptor.1, Some(1));
+  }
+
+  #[test]
+  fn test_net_descriptor_invalid_with_special_characters() {
+    let host: (String, Option<u16>) = ("foo@bar.com.".to_string(), Some(1));
+    let result = NetDescriptor::new(&&host);
+    assert!(result.is_err());
+    let expected_error_message = "Failed to parse foo@bar.com.";
+    assert_eq!(result.unwrap_err().to_string(), expected_error_message);
+  }
+
+  #[test]
+  fn test_net_descriptor_from_str_valid() {
+    let url_string = "example.com:8080";
+    let result = NetDescriptor::from_str(url_string);
+    assert!(result.is_ok());
+    let net_descriptor = result.unwrap();
+    assert_eq!(net_descriptor.0.to_string(), "example.com");
+    assert_eq!(net_descriptor.1, Some(8080));
+  }
+
+  #[test]
+  fn test_permission_query_invalid_hostname() {
+    let permission = UnaryPermission::<NetDescriptor>::default();
+    let invalid_host: (String, Option<u16>) =
+      ("foo@bar.com.".to_string(), Some(443));
+    let state = permission.query(Some(&invalid_host));
+    assert_eq!(state, PermissionState::Prompt);
+  }
+
+  #[test]
+  fn test_request_invalid_domain() {
+    let mut permission = UnaryPermission::<NetDescriptor>::default();
+    let invalid_host: (String, Option<u16>) =
+      ("foo@bar.com.".to_string(), Some(443));
+    let result = permission.request(Some(&invalid_host));
+    assert_eq!(result, PermissionState::Prompt);
+  }
+
+  #[test]
+  fn test_revoke_invalid_domain() {
+    let mut permission = UnaryPermission::<NetDescriptor>::default();
+    let invalid_host: (String, Option<u16>) =
+      ("foo@bar.com.".to_string(), Some(443));
+    let result = permission.revoke(Some(&invalid_host));
+    assert_eq!(result, PermissionState::Prompt);
+  }
 }

tests/specs/run/net_descriptor_invalid_with_special_characters/__test__.jsonc

@@ -0,0 +1,15 @@
+{
+  "tempDir": true,
+  "steps": [
+    {
+      "args": " run  --allow-read --allow-env  --allow-write=notion-next --allow-net=api.notion.com,www.google.com,*.amazon.com  main.js",
+      "output": "err_i.out",
+      "exitCode": 1
+    },
+    {
+      "args": " run  --allow-net main.js",
+      "output": "err_ii.out",
+      "exitCode": 1
+    }
+  ]
+}

tests/specs/run/net_descriptor_invalid_with_special_characters/err_i.out

@@ -0,0 +1,4 @@
+error: Failed to parse *.amazon.com
+
+Caused by:
+    invalid char found in FQDN

tests/specs/run/net_descriptor_invalid_with_special_characters/err_ii.out

@@ -0,0 +1,2 @@
+error: Uncaught (in promise) Error: No such host is known. (os error 11001)
+    at async Object.connect (ext:deno_net/01_net.js:587:55)

tests/specs/run/net_descriptor_invalid_with_special_characters/main.js

@@ -0,0 +1,2 @@
+Deno.connect({ hostname: "api.notion.com.", port: 443 });
+Deno.connect({ hostname: "*.amazon.com.", port: 443 });