Revert "feat: warn when using --allow-run with no allow list" (#26021)

Although using `--allow-run` without an allow list gives basically no
security, I think we should remove this warning because it gets in the
way and the only way to disable it is via --quiet.

6 files changed, 0 insertions, 34 deletions

diff --git a/cli/args/mod.rs b/cli/args/mod.rs
index f0cce4ab1..07906a86a 100644
--- a/cli/args/mod.rs
+++ b/cli/args/mod.rs
@@ -825,8 +825,6 @@ impl CliOptions {
       }
     }
 
-    warn_insecure_allow_run_flags(&flags);
-
     let maybe_lockfile = maybe_lockfile.filter(|_| !force_global_cache);
     let deno_dir_provider =
       Arc::new(DenoDirProvider::new(flags.internal.cache_path.clone()));
@@ -1711,27 +1709,6 @@ impl CliOptions {
   }
 }
 
-/// Warns for specific uses of `--allow-run`. This function is not
-/// intended to catch every single possible insecure use of `--allow-run`,
-/// but is just an attempt to discourage some common pitfalls.
-fn warn_insecure_allow_run_flags(flags: &Flags) {
-  let permissions = &flags.permissions;
-  if permissions.allow_all {
-    return;
-  }
-  let Some(allow_run_list) = permissions.allow_run.as_ref() else {
-    return;
-  };
-
-  // discourage using --allow-run without an allow list
-  if allow_run_list.is_empty() {
-    log::warn!(
-      "{} --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)",
-      colors::yellow("Warning")
-    );
-  }
-}
-
 /// Resolves the path to use for a local node_modules folder.
 fn resolve_node_modules_folder(
   cwd: &Path,
diff --git a/tests/specs/permission/deny_run_binary_absolute_path/main.out b/tests/specs/permission/deny_run_binary_absolute_path/main.out
index fef29eae7..45b228387 100644
--- a/tests/specs/permission/deny_run_binary_absolute_path/main.out
+++ b/tests/specs/permission/deny_run_binary_absolute_path/main.out
@@ -1,4 +1,3 @@
-Warning --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)
 NotCapable: Requires run access to "deno", run again with the --allow-run flag
     at [WILDCARD] {
   name: "NotCapable"
diff --git a/tests/specs/run/allow_run_insecure_warnings/__test__.jsonc b/tests/specs/run/allow_run_insecure_warnings/__test__.jsonc
deleted file mode 100644
index b64146ee9..000000000
--- a/tests/specs/run/allow_run_insecure_warnings/__test__.jsonc
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-  "tests": {
-    "no_allow_list": {
-      "args": "run --allow-run main.ts",
-      "output": "no_allow_list.out"
-    }
-  }
-}
diff --git a/tests/specs/run/allow_run_insecure_warnings/main.ts b/tests/specs/run/allow_run_insecure_warnings/main.ts
deleted file mode 100644
index e69de29bb..000000000
--- a/tests/specs/run/allow_run_insecure_warnings/main.ts
+++ /dev/null
diff --git a/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out b/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out
deleted file mode 100644
index 293b4446a..000000000
--- a/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out
+++ /dev/null
@@ -1 +0,0 @@
-Warning --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)
diff --git a/tests/testdata/run/deny_some_permission_args.out b/tests/testdata/run/deny_some_permission_args.out
index be2e832fe..abb5274ee 100644
--- a/tests/testdata/run/deny_some_permission_args.out
+++ b/tests/testdata/run/deny_some_permission_args.out
@@ -1,4 +1,3 @@
-Warning --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)
 PermissionStatus { state: "granted", onchange: null, partial: true }
 PermissionStatus { state: "denied", onchange: null }
 PermissionStatus { state: "granted", onchange: null }