diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2024-09-26 02:50:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-26 01:50:54 +0000 |
| commit | 5504acea6751480f1425c88353ad5d36257bdce7 (patch) | |
| tree | fa02e6c546eae469aac894bfc71600ab4eccad28 /tests/specs/lockfile | |
| parent | 05415bb9de475aa8646985a545f30fe93136207e (diff) | |
feat: add `--allow-import` flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.
By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.
Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:
```ts
deno run -A -r https://fresh.deno.dev
```
---------
Co-authored-by: David Sherret <dsherret@gmail.com>
Diffstat (limited to 'tests/specs/lockfile')
7 files changed, 17 insertions, 17 deletions
diff --git a/tests/specs/lockfile/adding_redirect/__test__.jsonc b/tests/specs/lockfile/adding_redirect/__test__.jsonc index d53beedbd..75933a6b4 100644 --- a/tests/specs/lockfile/adding_redirect/__test__.jsonc +++ b/tests/specs/lockfile/adding_redirect/__test__.jsonc @@ -1,13 +1,13 @@ { "tempDir": true, "steps": [{ - "args": "run 1.ts", + "args": "run --allow-import 1.ts", "output": "[WILDCARD]" }, { "args": "task --quiet cat deno.lock", "output": "lock01.out" }, { - "args": "run 2.ts", + "args": "run --allow-import 2.ts", "output": "[WILDCARD]" }, { "args": "task --quiet cat deno.lock", diff --git a/tests/specs/lockfile/auto_discover_lockfile/__test__.jsonc b/tests/specs/lockfile/auto_discover_lockfile/__test__.jsonc index 50213381a..27f6d9787 100644 --- a/tests/specs/lockfile/auto_discover_lockfile/__test__.jsonc +++ b/tests/specs/lockfile/auto_discover_lockfile/__test__.jsonc @@ -1,5 +1,5 @@ { - "args": "run main.ts", + "args": "run --allow-import main.ts", "output": "main.out", "exitCode": 10 } diff --git a/tests/specs/lockfile/config_file_lock_boolean/__test__.jsonc b/tests/specs/lockfile/config_file_lock_boolean/__test__.jsonc index 65679a1c8..651ed113d 100644 --- a/tests/specs/lockfile/config_file_lock_boolean/__test__.jsonc +++ b/tests/specs/lockfile/config_file_lock_boolean/__test__.jsonc @@ -1,12 +1,12 @@ { "tests": { "true": { - "args": "run --config=true.json main.ts", + "args": "run --allow-import --config=true.json main.ts", "output": "true.main.out", "exitCode": 10 }, "false": { - "args": "run --config=false.json main.ts", + "args": "run --allow-import --config=false.json main.ts", "output": "false.main.out" } } diff --git a/tests/specs/lockfile/config_file_lock_path/__test__.jsonc b/tests/specs/lockfile/config_file_lock_path/__test__.jsonc index defb113b3..5c901e709 100644 --- a/tests/specs/lockfile/config_file_lock_path/__test__.jsonc +++ b/tests/specs/lockfile/config_file_lock_path/__test__.jsonc @@ -1,12 +1,12 @@ { "tests": { "error_bad_checksum": { - "args": "run --config=config_file_lock_path.json http://localhost:4545/run/019_media_types.ts", + "args": "run --allow-import --config=config_file_lock_path.json http://localhost:4545/run/019_media_types.ts", "output": "config_file_lock_path.out", "exitCode": 10 }, "lock_flag_override": { - "args": "run --lock=run/lock_check_ok2.json --config=config_file_lock_path.json http://localhost:4545/run/019_media_types.ts", + "args": "run --allow-import --lock=run/lock_check_ok2.json --config=config_file_lock_path.json http://localhost:4545/run/019_media_types.ts", "output": "019_media_types.ts.out" } } diff --git a/tests/specs/lockfile/frozen_lockfile/__test__.jsonc b/tests/specs/lockfile/frozen_lockfile/__test__.jsonc index 36a1fc71e..8179052e1 100644 --- a/tests/specs/lockfile/frozen_lockfile/__test__.jsonc +++ b/tests/specs/lockfile/frozen_lockfile/__test__.jsonc @@ -180,7 +180,7 @@ "output": "[WILDCARD]" }, { - "args": "run --frozen --allow-net http-dynamic.ts", + "args": "run --frozen --allow-import http-dynamic.ts", "output": "frozen_new_dep_dynamic_http.out", "exitCode": 1 } diff --git a/tests/specs/lockfile/no_declaration_files/__test__.jsonc b/tests/specs/lockfile/no_declaration_files/__test__.jsonc index 3238416b0..3c8282825 100644 --- a/tests/specs/lockfile/no_declaration_files/__test__.jsonc +++ b/tests/specs/lockfile/no_declaration_files/__test__.jsonc @@ -1,7 +1,7 @@ { "tempDir": true, "steps": [{ - "args": "cache --lock --frozen=false main.ts", + "args": "cache --allow-import --lock --frozen=false main.ts", "output": "main.cache.out" }, { "args": [ diff --git a/tests/specs/lockfile/no_lock/__test__.jsonc b/tests/specs/lockfile/no_lock/__test__.jsonc index 75821ac64..d8172a7ca 100644 --- a/tests/specs/lockfile/no_lock/__test__.jsonc +++ b/tests/specs/lockfile/no_lock/__test__.jsonc @@ -1,39 +1,39 @@ { "tests": { "info": { - "args": "info main.ts", + "args": "info --allow-import main.ts", "output": "fail.out", "exitCode": 10 }, "info_no_lock": { - "args": "info --no-lock main.ts", + "args": "info --allow-import --no-lock main.ts", "output": "info.nolock.out" }, "bench": { - "args": "bench", + "args": "bench --allow-import", "output": "fail.out", "exitCode": 10 }, "bench_no_lock": { - "args": "bench --no-lock", + "args": "bench --allow-import --no-lock", "output": "bench.nolock.out" }, "doc": { - "args": "doc main.ts", + "args": "doc --allow-import main.ts", "exitCode": 10, "output": "fail.out" }, "doc_no_lock": { - "args": "doc --no-lock main.ts", + "args": "doc --allow-import --no-lock main.ts", "output": "doc.nolock.out" }, "test": { - "args": "test", + "args": "test --allow-import", "exitCode": 10, "output": "fail.out" }, "test_no_lock": { - "args": "test --no-lock", + "args": "test --allow-import --no-lock", "output": "test.nolock.out" } } |