refactor: --unsafely-ignore-certificate-errors (#11629)

9 files changed, 41 insertions, 42 deletions

diff --git a/cli/file_fetcher.rs b/cli/file_fetcher.rs
index e61c3beb9..7029b9620 100644
--- a/cli/file_fetcher.rs
+++ b/cli/file_fetcher.rs
@@ -223,7 +223,7 @@ impl FileFetcher {
     allow_remote: bool,
     root_cert_store: Option<RootCertStore>,
     blob_store: BlobStore,
-    unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+    unsafely_ignore_certificate_errors: Option<Vec<String>>,
   ) -> Result<Self, AnyError> {
     Ok(Self {
       auth_tokens: AuthTokens::new(env::var(DENO_AUTH_TOKENS).ok()),
@@ -236,7 +236,7 @@ impl FileFetcher {
         root_cert_store,
         None,
         None,
-        unsafely_treat_insecure_origin_as_secure,
+        unsafely_ignore_certificate_errors,
       )?,
       blob_store,
     })
diff --git a/cli/flags.rs b/cli/flags.rs
index 36b326c0b..0b060ce37 100644
--- a/cli/flags.rs
+++ b/cli/flags.rs
@@ -164,7 +164,7 @@ pub struct Flags {
   pub repl: bool,
   pub seed: Option<u64>,
   pub unstable: bool,
-  pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
   pub v8_flags: Vec<String>,
   pub version: bool,
   pub watch: bool,
@@ -217,13 +217,13 @@ impl Flags {
       _ => {}
     }
 
-    match &self.unsafely_treat_insecure_origin_as_secure {
+    match &self.unsafely_ignore_certificate_errors {
       Some(ic_allowlist) if ic_allowlist.is_empty() => {
-        args.push("--unsafely-treat-insecure-origin-as-secure".to_string());
+        args.push("--unsafely-ignore_certificate_errors".to_string());
       }
       Some(ic_allowlist) => {
         let s = format!(
-          "--unsafely-treat-insecure-origin-as-secure={}",
+          "--unsafely-ignore_certificate_errors={}",
           ic_allowlist.join(",")
         );
         args.push(s);
@@ -1237,13 +1237,14 @@ fn permission_args<'a, 'b>(app: App<'a, 'b>) -> App<'a, 'b> {
         .validator(crate::flags_allow_net::validator),
     )
     .arg(
-      Arg::with_name("unsafely-treat-insecure-origin-as-secure")
-        .long("unsafely-treat-insecure-origin-as-secure")
+      Arg::with_name("unsafely-ignore-certificate-errors")
+        .long("unsafely-ignore-certificate-errors")
         .min_values(0)
         .takes_value(true)
         .use_delimiter(true)
         .require_equals(true)
-        .help("DANGER: Disables verification of SSL certificates")
+        .value_name("HOSTNAMES")
+        .help("DANGER: Disables verification of TLS certificates")
         .validator(crate::flags_allow_net::validator),
     )
     .arg(
@@ -1906,13 +1907,11 @@ fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
     flags.allow_net = Some(net_allowlist);
   }
 
-  if let Some(ic_wl) =
-    matches.values_of("unsafely-treat-insecure-origin-as-secure")
-  {
+  if let Some(ic_wl) = matches.values_of("unsafely-ignore-certificate-errors") {
     let ic_allowlist: Vec<String> =
       crate::flags_allow_net::parse(ic_wl.map(ToString::to_string).collect())
         .unwrap();
-    flags.unsafely_treat_insecure_origin_as_secure = Some(ic_allowlist);
+    flags.unsafely_ignore_certificate_errors = Some(ic_allowlist);
   }
 
   if let Some(env_wl) = matches.values_of("allow-env") {
@@ -2756,7 +2755,7 @@ mod tests {
         repl: true,
         subcommand: DenoSubcommand::Repl { eval: None },
         allow_net: Some(vec![]),
-        unsafely_treat_insecure_origin_as_secure: None,
+        unsafely_ignore_certificate_errors: None,
         allow_env: Some(vec![]),
         allow_run: Some(vec![]),
         allow_read: Some(vec![]),
@@ -3232,7 +3231,7 @@ mod tests {
   #[test]
   fn install_with_flags() {
     #[rustfmt::skip]
-    let r = flags_from_vec(svec!["deno", "install", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-treat-insecure-origin-as-secure", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--name", "file_server", "--root", "/foo", "--force", "https://deno.land/std/http/file_server.ts", "foo", "bar"]);
+    let r = flags_from_vec(svec!["deno", "install", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-ignore-certificate-errors", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--name", "file_server", "--root", "/foo", "--force", "https://deno.land/std/http/file_server.ts", "foo", "bar"]);
     assert_eq!(
       r.unwrap(),
       Flags {
@@ -3256,7 +3255,7 @@ mod tests {
         seed: Some(1),
         inspect: Some("127.0.0.1:9229".parse().unwrap()),
         allow_net: Some(vec![]),
-        unsafely_treat_insecure_origin_as_secure: Some(vec![]),
+        unsafely_ignore_certificate_errors: Some(vec![]),
         allow_read: Some(vec![]),
         ..Flags::default()
       }
@@ -3402,11 +3401,11 @@ mod tests {
   }
 
   #[test]
-  fn unsafely_treat_insecure_origin_as_secure() {
+  fn unsafely_ignore_certificate_errors() {
     let r = flags_from_vec(svec![
       "deno",
       "run",
-      "--unsafely-treat-insecure-origin-as-secure",
+      "--unsafely-ignore-certificate-errors",
       "script.ts"
     ]);
     assert_eq!(
@@ -3415,7 +3414,7 @@ mod tests {
         subcommand: DenoSubcommand::Run {
           script: "script.ts".to_string(),
         },
-        unsafely_treat_insecure_origin_as_secure: Some(vec![]),
+        unsafely_ignore_certificate_errors: Some(vec![]),
         ..Flags::default()
       }
     );
@@ -3426,7 +3425,7 @@ mod tests {
     let r = flags_from_vec(svec![
       "deno",
       "run",
-      "--unsafely-treat-insecure-origin-as-secure=deno.land,localhost,::,127.0.0.1,[::1],1.2.3.4",
+      "--unsafely-ignore-certificate-errors=deno.land,localhost,::,127.0.0.1,[::1],1.2.3.4",
       "script.ts"
     ]);
     assert_eq!(
@@ -3435,7 +3434,7 @@ mod tests {
         subcommand: DenoSubcommand::Run {
           script: "script.ts".to_string(),
         },
-        unsafely_treat_insecure_origin_as_secure: Some(svec![
+        unsafely_ignore_certificate_errors: Some(svec![
           "deno.land",
           "localhost",
           "::",
@@ -3927,7 +3926,7 @@ mod tests {
   #[test]
   fn compile_with_flags() {
     #[rustfmt::skip]
-    let r = flags_from_vec(svec!["deno", "compile", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-treat-insecure-origin-as-secure", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--output", "colors", "https://deno.land/std/examples/colors.ts", "foo", "bar"]);
+    let r = flags_from_vec(svec!["deno", "compile", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-ignore-certificate-errors", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--output", "colors", "https://deno.land/std/examples/colors.ts", "foo", "bar"]);
     assert_eq!(
       r.unwrap(),
       Flags {
@@ -3948,7 +3947,7 @@ mod tests {
         cached_only: true,
         location: Some(Url::parse("https://foo/").unwrap()),
         allow_read: Some(vec![]),
-        unsafely_treat_insecure_origin_as_secure: Some(vec![]),
+        unsafely_ignore_certificate_errors: Some(vec![]),
         allow_net: Some(vec![]),
         v8_flags: svec!["--help", "--random-seed=1"],
         seed: Some(1),
diff --git a/cli/main.rs b/cli/main.rs
index 93b3d5021..da40e4528 100644
--- a/cli/main.rs
+++ b/cli/main.rs
@@ -109,9 +109,9 @@ fn create_web_worker_callback(
         .log_level
         .map_or(false, |l| l == log::Level::Debug),
       unstable: program_state.flags.unstable,
-      unsafely_treat_insecure_origin_as_secure: program_state
+      unsafely_ignore_certificate_errors: program_state
         .flags
-        .unsafely_treat_insecure_origin_as_secure
+        .unsafely_ignore_certificate_errors
         .clone(),
       root_cert_store: program_state.root_cert_store.clone(),
       user_agent: version::get_user_agent(),
@@ -193,9 +193,9 @@ pub fn create_main_worker(
       .log_level
       .map_or(false, |l| l == log::Level::Debug),
     unstable: program_state.flags.unstable,
-    unsafely_treat_insecure_origin_as_secure: program_state
+    unsafely_ignore_certificate_errors: program_state
       .flags
-      .unsafely_treat_insecure_origin_as_secure
+      .unsafely_ignore_certificate_errors
       .clone(),
     root_cert_store: program_state.root_cert_store.clone(),
     user_agent: version::get_user_agent(),
diff --git a/cli/program_state.rs b/cli/program_state.rs
index 721ccda9c..0ec233b88 100644
--- a/cli/program_state.rs
+++ b/cli/program_state.rs
@@ -119,15 +119,15 @@ impl ProgramState {
     }
 
     if let Some(insecure_allowlist) =
-      flags.unsafely_treat_insecure_origin_as_secure.as_ref()
+      flags.unsafely_ignore_certificate_errors.as_ref()
     {
       let domains = if insecure_allowlist.is_empty() {
-        "for all domains".to_string()
+        "for all hostnames".to_string()
       } else {
         format!("for: {}", insecure_allowlist.join(", "))
       };
       let msg = format!(
-        "DANGER: SSL ceritificate validation is disabled {}",
+        "DANGER: TLS ceritificate validation is disabled {}",
         domains
       );
       eprintln!("{}", colors::yellow(msg));
@@ -153,7 +153,7 @@ impl ProgramState {
       !flags.no_remote,
       Some(root_cert_store.clone()),
       blob_store.clone(),
-      flags.unsafely_treat_insecure_origin_as_secure.clone(),
+      flags.unsafely_ignore_certificate_errors.clone(),
     )?;
 
     let lockfile = if let Some(filename) = &flags.lock {
diff --git a/cli/standalone.rs b/cli/standalone.rs
index ded3c88e8..013e2e60f 100644
--- a/cli/standalone.rs
+++ b/cli/standalone.rs
@@ -57,7 +57,7 @@ pub struct Metadata {
   pub log_level: Option<Level>,
   pub ca_stores: Option<Vec<String>>,
   pub ca_data: Option<Vec<u8>>,
-  pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
 }
 
 pub const MAGIC_TRAILER: &[u8; 8] = b"d3n0l4nd";
@@ -253,8 +253,8 @@ pub async fn run(
     debug_flag: metadata.log_level.map_or(false, |l| l == log::Level::Debug),
     user_agent: version::get_user_agent(),
     unstable: metadata.unstable,
-    unsafely_treat_insecure_origin_as_secure: metadata
-      .unsafely_treat_insecure_origin_as_secure,
+    unsafely_ignore_certificate_errors: metadata
+      .unsafely_ignore_certificate_errors,
     root_cert_store: Some(root_cert_store),
     seed: metadata.seed,
     js_error_create_fn: None,
diff --git a/cli/tests/cafile_ts_fetch_unsafe_ssl.ts.out b/cli/tests/cafile_ts_fetch_unsafe_ssl.ts.out
index f0b63833a..66b3258ee 100644
--- a/cli/tests/cafile_ts_fetch_unsafe_ssl.ts.out
+++ b/cli/tests/cafile_ts_fetch_unsafe_ssl.ts.out
@@ -1,2 +1,2 @@
-DANGER: SSL ceritificate validation is disabled for all domains
+DANGER: TLS ceritificate validation is disabled for all hostnames
 Hello
diff --git a/cli/tests/cafile_url_imports_unsafe_ssl.ts.out b/cli/tests/cafile_url_imports_unsafe_ssl.ts.out
index 3f6a0c07f..2a3df0ea4 100644
--- a/cli/tests/cafile_url_imports_unsafe_ssl.ts.out
+++ b/cli/tests/cafile_url_imports_unsafe_ssl.ts.out
@@ -1,3 +1,3 @@
-DANGER: SSL ceritificate validation is disabled for: localhost
+DANGER: TLS ceritificate validation is disabled for: localhost
 Hello
 success
diff --git a/cli/tests/integration/mod.rs b/cli/tests/integration/mod.rs
index 76bda70a7..392101e54 100644
--- a/cli/tests/integration/mod.rs
+++ b/cli/tests/integration/mod.rs
@@ -475,14 +475,14 @@ fn broken_stdout() {
 // });
 
 itest!(cafile_url_imports_unsafe_ssl {
-  args: "run --quiet --reload --unsafely-treat-insecure-origin-as-secure=localhost cafile_url_imports.ts",
+  args: "run --quiet --reload --unsafely-ignore-certificate-errors=localhost cafile_url_imports.ts",
   output: "cafile_url_imports_unsafe_ssl.ts.out",
   http_server: true,
 });
 
 itest!(cafile_ts_fetch_unsafe_ssl {
   args:
-    "run --quiet --reload --allow-net --unsafely-treat-insecure-origin-as-secure cafile_ts_fetch.ts",
+    "run --quiet --reload --allow-net --unsafely-ignore-certificate-errors cafile_ts_fetch.ts",
   output: "cafile_ts_fetch_unsafe_ssl.ts.out",
   http_server: true,
 });
diff --git a/cli/tools/standalone.rs b/cli/tools/standalone.rs
index 2eaf50161..18d887588 100644
--- a/cli/tools/standalone.rs
+++ b/cli/tools/standalone.rs
@@ -99,8 +99,8 @@ pub fn create_standalone_binary(
     location: flags.location.clone(),
     permissions: flags.clone().into(),
     v8_flags: flags.v8_flags.clone(),
-    unsafely_treat_insecure_origin_as_secure: flags
-      .unsafely_treat_insecure_origin_as_secure
+    unsafely_ignore_certificate_errors: flags
+      .unsafely_ignore_certificate_errors
       .clone(),
     log_level: flags.log_level,
     ca_stores: flags.ca_stores,
@@ -226,8 +226,8 @@ pub fn compile_to_runtime_flags(
     lock: None,
     log_level: flags.log_level,
     no_check: false,
-    unsafely_treat_insecure_origin_as_secure: flags
-      .unsafely_treat_insecure_origin_as_secure,
+    unsafely_ignore_certificate_errors: flags
+      .unsafely_ignore_certificate_errors,
     no_remote: false,
     prompt: flags.prompt,
     reload: false,