diff options
| author | Nayeem Rahman <nayeemrmn99@gmail.com> | 2020-12-30 22:35:28 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-30 23:35:28 +0100 |
| commit | 22e0ee92a6618db0168b9dfce6c598b6df207a4c (patch) | |
| tree | d2d2a4ad13c168948cadaebf8c70f2f2ef0c0888 /cli | |
| parent | bcdc2da4c75869480b960d437747feb0feff04c2 (diff) | |
BREAKING(unstable): Use hosts for net allowlists (#8845)
Allowlist checking already uses hosts but for some reason
requests, revokes and the runtime permissions API use URLs.
- BREAKING(lib.deno.unstable.d.ts): Change
NetPermissionDescriptor::url to NetPermissionDescriptor::host
- fix(runtime/permissions): Don't add whole URLs to the
allowlist on request
- fix(runtime/permissions): Harden strength semantics:
({ name: "net", host: "127.0.0.1" } is stronger than
{ name: "net", host: "127.0.0.1:8000" }) for blocklisting
- refactor(runtime/permissions): Use tuples for hosts, make
the host optional in Permissions::{query_net, request_net, revoke_net}()
Diffstat (limited to 'cli')
| -rw-r--r-- | cli/dts/lib.deno.unstable.d.ts | 11 | ||||
| -rw-r--r-- | cli/tests/error_015_dynamic_import_permissions.out | 2 | ||||
| -rw-r--r-- | cli/tests/error_worker_permissions_remote.ts.out | 2 | ||||
| -rw-r--r-- | cli/tests/unit/permissions_test.ts | 4 |
4 files changed, 9 insertions, 10 deletions
diff --git a/cli/dts/lib.deno.unstable.d.ts b/cli/dts/lib.deno.unstable.d.ts index 3b9754387..b3933762e 100644 --- a/cli/dts/lib.deno.unstable.d.ts +++ b/cli/dts/lib.deno.unstable.d.ts @@ -1085,13 +1085,12 @@ declare namespace Deno { export interface NetPermissionDescriptor { name: "net"; - /** Optional url associated with this descriptor. + /** Optional host string of the form `"<hostname>[:<port>]"`. Examples: * - * If specified: must be a valid url. Expected format: <scheme>://<host_or_ip>[:port][/path] - * If the scheme is unknown, callers should specify some scheme, such as x:// na:// unknown:// - * - * See: https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml */ - url?: string; + * "github.com" + * "deno.land:8080" + */ + host?: string; } export interface EnvPermissionDescriptor { diff --git a/cli/tests/error_015_dynamic_import_permissions.out b/cli/tests/error_015_dynamic_import_permissions.out index 577dbcc5c..b3d628990 100644 --- a/cli/tests/error_015_dynamic_import_permissions.out +++ b/cli/tests/error_015_dynamic_import_permissions.out @@ -1 +1 @@ -error: Uncaught (in promise) TypeError: network access to "http://localhost:4545/cli/tests/subdir/mod4.js", run again with the --allow-net flag +error: Uncaught (in promise) TypeError: network access to "localhost:4545", run again with the --allow-net flag diff --git a/cli/tests/error_worker_permissions_remote.ts.out b/cli/tests/error_worker_permissions_remote.ts.out index 6cf63fa22..5bbc58b34 100644 --- a/cli/tests/error_worker_permissions_remote.ts.out +++ b/cli/tests/error_worker_permissions_remote.ts.out @@ -1,3 +1,3 @@ [WILDCARD] -error: Uncaught (in worker "") network access to "http://localhost:4545/cli/tests/subdir/worker_types.ts", run again with the --allow-net flag +error: Uncaught (in worker "") network access to "localhost:4545", run again with the --allow-net flag [WILDCARD] diff --git a/cli/tests/unit/permissions_test.ts b/cli/tests/unit/permissions_test.ts index dee8aa195..3c36f0186 100644 --- a/cli/tests/unit/permissions_test.ts +++ b/cli/tests/unit/permissions_test.ts @@ -13,9 +13,9 @@ unitTest(async function permissionInvalidName(): Promise<void> { }, Error); }); -unitTest(async function permissionNetInvalidUrl(): Promise<void> { +unitTest(async function permissionNetInvalidHost(): Promise<void> { await assertThrowsAsync(async () => { - await Deno.permissions.query({ name: "net", url: ":" }); + await Deno.permissions.query({ name: "net", host: ":" }); }, URIError); }); |