From bb8ab8d040191201f0f88504c3a66a5669381f4b Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Sun, 14 Mar 2021 12:57:32 +0100
Subject: [PATCH] fix(runtime): mitigate permission prompt stuffing

Flush the tty's input buffer before reading to avoid already typed
characters from being treated as the answer to the permissions prompt.

Fixes #9750.
---
 runtime/permissions.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/runtime/permissions.rs b/runtime/permissions.rs
index 066f3274771ebb..ecd88f5036bc5d 100644
--- a/runtime/permissions.rs
+++ b/runtime/permissions.rs
@@ -641,6 +641,12 @@ fn permission_prompt(message: &str) -> bool {
   if !atty::is(atty::Stream::Stdin) || !atty::is(atty::Stream::Stderr) {
     return false;
   };
+  #[cfg(unix)]
+  unsafe {
+    if -1 == libc::tcflush(libc::STDIN_FILENO, libc::TCIFLUSH) {
+      return false;
+    }
+  }
   let msg = format!(
     "️{}  {}. Grant? [g/d (g = grant, d = deny)] ",
     PERMISSION_EMOJI, message