diff options
| author | David Sherret <dsherret@users.noreply.github.com> | 2024-10-04 08:16:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-04 08:16:35 +0100 |
| commit | b8a9a4a862e4d61630c5bc8089261c7a177ec97a (patch) | |
| tree | 05f93162e3324e5cbf884cae29dfc9ec853bfccd /cli/args/mod.rs | |
| parent | 779a98cd39b781091427e68b1548d4f3189a8595 (diff) | |
Revert "feat: warn when using --allow-run with no allow list" (#26021)
Although using `--allow-run` without an allow list gives basically no
security, I think we should remove this warning because it gets in the
way and the only way to disable it is via --quiet.
Diffstat (limited to 'cli/args/mod.rs')
| -rw-r--r-- | cli/args/mod.rs | 23 |
1 files changed, 0 insertions, 23 deletions
diff --git a/cli/args/mod.rs b/cli/args/mod.rs index f0cce4ab1..07906a86a 100644 --- a/cli/args/mod.rs +++ b/cli/args/mod.rs @@ -825,8 +825,6 @@ impl CliOptions { } } - warn_insecure_allow_run_flags(&flags); - let maybe_lockfile = maybe_lockfile.filter(|_| !force_global_cache); let deno_dir_provider = Arc::new(DenoDirProvider::new(flags.internal.cache_path.clone())); @@ -1711,27 +1709,6 @@ impl CliOptions { } } -/// Warns for specific uses of `--allow-run`. This function is not -/// intended to catch every single possible insecure use of `--allow-run`, -/// but is just an attempt to discourage some common pitfalls. -fn warn_insecure_allow_run_flags(flags: &Flags) { - let permissions = &flags.permissions; - if permissions.allow_all { - return; - } - let Some(allow_run_list) = permissions.allow_run.as_ref() else { - return; - }; - - // discourage using --allow-run without an allow list - if allow_run_list.is_empty() { - log::warn!( - "{} --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)", - colors::yellow("Warning") - ); - } -} - /// Resolves the path to use for a local node_modules folder. fn resolve_node_modules_folder( cwd: &Path, |