diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2020-05-02 15:51:08 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-02 15:51:08 +0200 |
| commit | 2872b362ff76273d897d75bb8a3ddd5510c182f4 (patch) | |
| tree | 7b1061aacca70eec34be3e307719f5113d932b57 | |
| parent | de2c042482741dc23f7d975458a1fba95863de53 (diff) | |
BREAKING: disallow static import of local modules from remote modules (#5050)
This commit changes module loading logic to disallow statically import
local module (file:// scheme) from remote modules (http://, https://
schemes).
| -rw-r--r-- | cli/ops/compiler.rs | 18 | ||||
| -rw-r--r-- | cli/state.rs | 18 | ||||
| -rw-r--r-- | cli/tests/error_local_static_import_from_remote.js | 1 | ||||
| -rw-r--r-- | cli/tests/error_local_static_import_from_remote.js.out | 2 | ||||
| -rw-r--r-- | cli/tests/error_local_static_import_from_remote.ts | 1 | ||||
| -rw-r--r-- | cli/tests/error_local_static_import_from_remote.ts.out | 9 | ||||
| -rw-r--r-- | cli/tests/integration_tests.rs | 16 |
7 files changed, 65 insertions, 0 deletions
diff --git a/cli/ops/compiler.rs b/cli/ops/compiler.rs index 1029070a8..c66b56d43 100644 --- a/cli/ops/compiler.rs +++ b/cli/ops/compiler.rs @@ -112,6 +112,24 @@ fn op_fetch_source_files( async move { let resolved_specifier = ModuleSpecifier::resolve_url(&specifier) .expect("Invalid specifier"); + // TODO(bartlomieju): duplicated from `state.rs::ModuleLoader::load` - deduplicate + // Verify that remote file doesn't try to statically import local file. + if let Some(referrer) = ref_specifier_.as_ref() { + let referrer_url = referrer.as_url(); + match referrer_url.scheme() { + "http" | "https" => { + let specifier_url = resolved_specifier.as_url(); + match specifier_url.scheme() { + "http" | "https" => {}, + _ => { + let e = OpError::permission_denied("Remote module are not allowed to statically import local modules. Use dynamic import instead.".to_string()); + return Err(e.into()); + } + } + }, + _ => {} + } + } file_fetcher_ .fetch_source_file(&resolved_specifier, ref_specifier_) .await diff --git a/cli/state.rs b/cli/state.rs index 8003ea732..6cc915738 100644 --- a/cli/state.rs +++ b/cli/state.rs @@ -287,6 +287,24 @@ impl ModuleLoader for State { if let Err(e) = self.check_dyn_import(&module_specifier) { return async move { Err(e.into()) }.boxed_local(); } + } else { + // Verify that remote file doesn't try to statically import local file. + if let Some(referrer) = maybe_referrer.as_ref() { + let referrer_url = referrer.as_url(); + match referrer_url.scheme() { + "http" | "https" => { + let specifier_url = module_specifier.as_url(); + match specifier_url.scheme() { + "http" | "https" => {} + _ => { + let e = OpError::permission_denied("Remote module are not allowed to statically import local modules. Use dynamic import instead.".to_string()); + return async move { Err(e.into()) }.boxed_local(); + } + } + } + _ => {} + } + } } let mut state = self.borrow_mut(); diff --git a/cli/tests/error_local_static_import_from_remote.js b/cli/tests/error_local_static_import_from_remote.js new file mode 100644 index 000000000..eb7fd23ba --- /dev/null +++ b/cli/tests/error_local_static_import_from_remote.js @@ -0,0 +1 @@ +import "file:///some/dir/file.js"; diff --git a/cli/tests/error_local_static_import_from_remote.js.out b/cli/tests/error_local_static_import_from_remote.js.out new file mode 100644 index 000000000..99e4b94c7 --- /dev/null +++ b/cli/tests/error_local_static_import_from_remote.js.out @@ -0,0 +1,2 @@ +[WILDCARD] +Remote module are not allowed to statically import local modules. Use dynamic import instead. diff --git a/cli/tests/error_local_static_import_from_remote.ts b/cli/tests/error_local_static_import_from_remote.ts new file mode 100644 index 000000000..a831db0c4 --- /dev/null +++ b/cli/tests/error_local_static_import_from_remote.ts @@ -0,0 +1 @@ +import "file:///some/dir/file.ts"; diff --git a/cli/tests/error_local_static_import_from_remote.ts.out b/cli/tests/error_local_static_import_from_remote.ts.out new file mode 100644 index 000000000..de20b9d81 --- /dev/null +++ b/cli/tests/error_local_static_import_from_remote.ts.out @@ -0,0 +1,9 @@ +[WILDCARD] +error: Uncaught PermissionDenied: Remote module are not allowed to statically import local modules. Use dynamic import instead. + at unwrapResponse ($deno$/ops/dispatch_json.ts:[WILDCARD]) + at Object.sendAsync ($deno$/ops/dispatch_json.ts:[WILDCARD]) + at async processImports ($deno$/compiler/imports.ts:[WILDCARD]) + at async Object.processImports ($deno$/compiler/imports.ts:[WILDCARD]) + at async compile ([WILDCARD]compiler.ts:[WILDCARD]) + at async tsCompilerOnMessage ([WILDCARD]compiler.ts:[WILDCARD]) + at async workerMessageRecvCallback ($deno$/runtime_worker.ts:[WILDCARD]) diff --git a/cli/tests/integration_tests.rs b/cli/tests/integration_tests.rs index fbaab7674..7827d386a 100644 --- a/cli/tests/integration_tests.rs +++ b/cli/tests/integration_tests.rs @@ -1422,6 +1422,22 @@ itest!(error_type_definitions { output: "error_type_definitions.ts.out", }); +itest!(error_local_static_import_from_remote_ts { + args: "run --reload http://localhost:4545/cli/tests/error_local_static_import_from_remote.ts", + check_stderr: true, + exit_code: 1, + http_server: true, + output: "error_local_static_import_from_remote.ts.out", +}); + +itest!(error_local_static_import_from_remote_js { + args: "run --reload http://localhost:4545/cli/tests/error_local_static_import_from_remote.js", + check_stderr: true, + exit_code: 1, + http_server: true, + output: "error_local_static_import_from_remote.js.out", +}); + // TODO(bartlomieju) Re-enable itest_ignore!(error_worker_dynamic { args: "run --reload error_worker_dynamic.ts", |