diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2024-09-26 02:50:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-26 01:50:54 +0000 |
| commit | 5504acea6751480f1425c88353ad5d36257bdce7 (patch) | |
| tree | fa02e6c546eae469aac894bfc71600ab4eccad28 /runtime/permissions.rs | |
| parent | 05415bb9de475aa8646985a545f30fe93136207e (diff) | |
feat: add `--allow-import` flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.
By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.
Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:
```ts
deno run -A -r https://fresh.deno.dev
```
---------
Co-authored-by: David Sherret <dsherret@gmail.com>
Diffstat (limited to 'runtime/permissions.rs')
| -rw-r--r-- | runtime/permissions.rs | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/runtime/permissions.rs b/runtime/permissions.rs index a28ba35b1..9b2737b4f 100644 --- a/runtime/permissions.rs +++ b/runtime/permissions.rs @@ -12,6 +12,7 @@ use deno_permissions::AllowRunDescriptorParseResult; use deno_permissions::DenyRunDescriptor; use deno_permissions::EnvDescriptor; use deno_permissions::FfiDescriptor; +use deno_permissions::ImportDescriptor; use deno_permissions::NetDescriptor; use deno_permissions::PathQueryDescriptor; use deno_permissions::ReadDescriptor; @@ -75,6 +76,13 @@ impl deno_permissions::PermissionDescriptorParser NetDescriptor::parse(text) } + fn parse_import_descriptor( + &self, + text: &str, + ) -> Result<ImportDescriptor, AnyError> { + ImportDescriptor::parse(text) + } + fn parse_env_descriptor( &self, text: &str, |