diff options
| author | Leo Kettmeir <crowlkats@toaxl.com> | 2024-09-20 11:10:46 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-20 11:10:46 -0700 |
| commit | 3e053f8f06cfd83bd3f162ee68a0eca849e50d2a (patch) | |
| tree | 969507fb482f8a5ea4f71872f4934035bb598ac1 | |
| parent | 92fc702cec555a08c38509bfb10edd3d163af241 (diff) | |
fix(flags): properly error out for urls (#25770)
Closes https://github.com/denoland/deno/issues/25760
| -rw-r--r-- | cli/args/flags.rs | 18 | ||||
| -rw-r--r-- | runtime/permissions/lib.rs | 4 |
2 files changed, 20 insertions, 2 deletions
diff --git a/cli/args/flags.rs b/cli/args/flags.rs index 691927353..7f67f6702 100644 --- a/cli/args/flags.rs +++ b/cli/args/flags.rs @@ -5084,12 +5084,12 @@ fn permission_args_parse( } if let Some(net_wl) = matches.remove_many::<String>("allow-net") { - let net_allowlist = flags_net::parse(net_wl.collect()).unwrap(); + let net_allowlist = flags_net::parse(net_wl.collect())?; flags.permissions.allow_net = Some(net_allowlist); } if let Some(net_wl) = matches.remove_many::<String>("deny-net") { - let net_denylist = flags_net::parse(net_wl.collect()).unwrap(); + let net_denylist = flags_net::parse(net_wl.collect())?; flags.permissions.deny_net = Some(net_denylist); } @@ -10801,4 +10801,18 @@ mod tests { ["foo,", "bar"] ); } + + #[test] + fn net_flag_with_url() { + let r = flags_from_vec(svec![ + "deno", + "run", + "--allow-net=https://example.com", + "script.ts" + ]); + assert_eq!( + r.unwrap_err().to_string(), + "error: invalid value 'https://example.com': URLs are not supported, only domains and ips" + ); + } } diff --git a/runtime/permissions/lib.rs b/runtime/permissions/lib.rs index b5c870a07..c7ef864db 100644 --- a/runtime/permissions/lib.rs +++ b/runtime/permissions/lib.rs @@ -894,6 +894,10 @@ impl QueryDescriptor for NetDescriptor { // TODO(bartlomieju): rewrite to not use `AnyError` but a specific error implementations impl NetDescriptor { pub fn parse(hostname: &str) -> Result<Self, AnyError> { + if hostname.starts_with("http://") || hostname.starts_with("https://") { + return Err(uri_error(format!("invalid value '{hostname}': URLs are not supported, only domains and ips"))); + } + // If this is a IPv6 address enclosed in square brackets, parse it as such. if hostname.starts_with('[') { if let Some((ip, after)) = hostname.split_once(']') { |