feat: warn when using `--allow-run` with no allow list (#25215)

author: David Sherret <dsherret@users.noreply.github.com> 2024-09-17 00:08:02 +0100
committer: GitHub <noreply@github.com> 2024-09-16 23:08:02 +0000
commit: b0525edd6fb2fa414407ec73c981051d692d1c26 (patch)
tree: 0e21ef4b2667f6882d6c52f24d27cc26d3696403 /tests/specs/run
parent: f7ddea3af7a9f4dfef23aa544f05348dabbad20d (diff)
3 files changed, 9 insertions, 0 deletions
diff --git a/tests/specs/run/allow_run_insecure_warnings/__test__.jsonc b/tests/specs/run/allow_run_insecure_warnings/__test__.jsonc
new file mode 100644
index 000000000..b64146ee9
--- /dev/null
+++ b/tests/specs/run/allow_run_insecure_warnings/__test__.jsonc
@@ -0,0 +1,8 @@
+{
+  "tests": {
+    "no_allow_list": {
+      "args": "run --allow-run main.ts",
+      "output": "no_allow_list.out"
+    }
+  }
+}
diff --git a/tests/specs/run/allow_run_insecure_warnings/main.ts b/tests/specs/run/allow_run_insecure_warnings/main.ts
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/tests/specs/run/allow_run_insecure_warnings/main.ts
diff --git a/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out b/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out
new file mode 100644
index 000000000..277d0036c
--- /dev/null
+++ b/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out
@@ -0,0 +1 @@
+Warning --allow-run can be trivially exploited. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)
author	David Sherret <dsherret@users.noreply.github.com>	2024-09-17 00:08:02 +0100
committer	GitHub <noreply@github.com>	2024-09-16 23:08:02 +0000
commit	b0525edd6fb2fa414407ec73c981051d692d1c26 (patch)
tree	0e21ef4b2667f6882d6c52f24d27cc26d3696403 /tests/specs/run
parent	f7ddea3af7a9f4dfef23aa544f05348dabbad20d (diff)