diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2024-09-26 02:50:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-26 01:50:54 +0000 |
| commit | 5504acea6751480f1425c88353ad5d36257bdce7 (patch) | |
| tree | fa02e6c546eae469aac894bfc71600ab4eccad28 /tests/specs/cert | |
| parent | 05415bb9de475aa8646985a545f30fe93136207e (diff) | |
feat: add `--allow-import` flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.
By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.
Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:
```ts
deno run -A -r https://fresh.deno.dev
```
---------
Co-authored-by: David Sherret <dsherret@gmail.com>
Diffstat (limited to 'tests/specs/cert')
4 files changed, 6 insertions, 6 deletions
diff --git a/tests/specs/cert/cafile_ts_fetch/__test__.jsonc b/tests/specs/cert/cafile_ts_fetch/__test__.jsonc index 8ace23f25..35573839c 100644 --- a/tests/specs/cert/cafile_ts_fetch/__test__.jsonc +++ b/tests/specs/cert/cafile_ts_fetch/__test__.jsonc @@ -1,6 +1,6 @@ { "steps": [{ - "args": "run --quiet --reload --allow-net --cert RootCA.pem cafile_ts_fetch.ts", + "args": "run --quiet --reload --allow-net --allow-import --cert RootCA.pem cafile_ts_fetch.ts", "flaky": true, "output": "cafile_ts_fetch.ts.out" }, { @@ -8,11 +8,11 @@ "flaky": true, "output": "cafile_ts_fetch.ts.out" }, { - "args": "info --quiet --cert RootCA.pem https://localhost:5545/cert/cafile_info.ts", + "args": "info --quiet --allow-import --cert RootCA.pem https://localhost:5545/cert/cafile_info.ts", "flaky": true, "output": "cafile_info.ts.out" }, { - "args": "cache --quiet --cert RootCA.pem http://localhost:4545/cert/cafile_url_imports.ts", + "args": "cache --quiet --allow-import --cert RootCA.pem http://localhost:4545/cert/cafile_url_imports.ts", "flaky": true, "output": "" }] diff --git a/tests/specs/cert/cafile_url_imports/__test__.jsonc b/tests/specs/cert/cafile_url_imports/__test__.jsonc index f52bb7068..4375f6027 100644 --- a/tests/specs/cert/cafile_url_imports/__test__.jsonc +++ b/tests/specs/cert/cafile_url_imports/__test__.jsonc @@ -1,5 +1,5 @@ { - "args": "run --quiet --reload --cert RootCA.pem cafile_url_imports.ts", + "args": "run --quiet --reload --allow-import --cert RootCA.pem cafile_url_imports.ts", "flaky": true, "output": "cafile_url_imports.ts.out" } diff --git a/tests/specs/cert/cafile_url_imports_unsafe_ssl/__test__.jsonc b/tests/specs/cert/cafile_url_imports_unsafe_ssl/__test__.jsonc index 526649aa1..67df193b6 100644 --- a/tests/specs/cert/cafile_url_imports_unsafe_ssl/__test__.jsonc +++ b/tests/specs/cert/cafile_url_imports_unsafe_ssl/__test__.jsonc @@ -1,5 +1,5 @@ { - "args": "run --quiet --reload --unsafely-ignore-certificate-errors=localhost cafile_url_imports.ts", + "args": "run --quiet --allow-import --reload --unsafely-ignore-certificate-errors=localhost cafile_url_imports.ts", "flaky": true, "output": "cafile_url_imports_unsafe_ssl.ts.out" } diff --git a/tests/specs/cert/localhost_unsafe_ssl/__test__.jsonc b/tests/specs/cert/localhost_unsafe_ssl/__test__.jsonc index 90ca827dc..f0c1895f4 100644 --- a/tests/specs/cert/localhost_unsafe_ssl/__test__.jsonc +++ b/tests/specs/cert/localhost_unsafe_ssl/__test__.jsonc @@ -1,5 +1,5 @@ { - "args": "run --quiet --reload --allow-net --unsafely-ignore-certificate-errors=deno.land cafile_url_imports.ts", + "args": "run --quiet --reload --allow-import --allow-net --unsafely-ignore-certificate-errors=deno.land cafile_url_imports.ts", "output": "localhost_unsafe_ssl.ts.out", "exitCode": 1 } |