Dynamic import should respect permissions (#2764)

author: Ryan Dahl <ry@tinyclouds.org> 2019-08-13 14:51:15 -0400
committer: GitHub <noreply@github.com> 2019-08-13 14:51:15 -0400
commit: 1f8b1a587c397dd01e058820769580323a0f7330 (patch)
tree: a600f22f4639d8ac319276b3d58580c3431f2d4f /cli/ops.rs
parent: 1947f572d735096c1ccd7de2c386b8289c287701 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/cli/ops.rs b/cli/ops.rs
index 166610bac..7a68dee55 100644
--- a/cli/ops.rs
+++ b/cli/ops.rs
@@ -497,7 +497,12 @@ fn op_fetch_source_file(
   let specifier = inner.specifier().unwrap();
   let referrer = inner.referrer().unwrap();
 
-  let resolved_specifier = state.resolve(specifier, referrer, false)?;
+  // TODO(ry) Maybe a security hole. Only the compiler worker should have access
+  // to this. Need a test to demonstrate the hole.
+  let is_dyn_import = false;
+
+  let resolved_specifier =
+    state.resolve(specifier, referrer, false, is_dyn_import)?;
 
   let fut = state
     .file_fetcher
@@ -750,7 +755,7 @@ fn op_fetch(
   let req = msg_util::deserialize_request(header, body)?;
 
   let url_ = url::Url::parse(url).map_err(ErrBox::from)?;
-  state.check_net_url(url_)?;
+  state.check_net_url(&url_)?;
 
   let client = http_util::get_client();
author	Ryan Dahl <ry@tinyclouds.org>	2019-08-13 14:51:15 -0400
committer	GitHub <noreply@github.com>	2019-08-13 14:51:15 -0400
commit	1f8b1a587c397dd01e058820769580323a0f7330 (patch)
tree	a600f22f4639d8ac319276b3d58580c3431f2d4f /cli/ops.rs
parent	1947f572d735096c1ccd7de2c386b8289c287701 (diff)