feat: add `--allow-import` flag (#25469)

This replaces `--allow-net` for import permissions and makes the security sandbox stricter by also checking permissions for statically analyzable imports. By default, this has a value of `--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`, but that can be overridden by providing a different set of hosts. Additionally, when no value is provided, import permissions are inferred from the CLI arguments so the following works because `fresh.deno.dev:443` will be added to the list of allowed imports: ```ts deno run -A -r https://fresh.deno.dev ``` --------- Co-authored-by: David Sherret <dsherret@gmail.com>
author: Bartek Iwańczuk <biwanczuk@gmail.com> 2024-09-26 02:50:54 +0100
committer: GitHub <noreply@github.com> 2024-09-26 01:50:54 +0000
commit: 5504acea6751480f1425c88353ad5d36257bdce7 (patch)
tree: fa02e6c546eae469aac894bfc71600ab4eccad28 /tests/testdata/run/error_015_dynamic_import_permissions.js
parent: 05415bb9de475aa8646985a545f30fe93136207e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/testdata/run/error_015_dynamic_import_permissions.js b/tests/testdata/run/error_015_dynamic_import_permissions.js
index 47961cf63..bdf423b59 100644
--- a/tests/testdata/run/error_015_dynamic_import_permissions.js
+++ b/tests/testdata/run/error_015_dynamic_import_permissions.js
@@ -1,3 +1,3 @@
 (async () => {
-  await import("" + "http://localhost:4545/subdir/mod4.js");
+  await import("" + "http://example.com/subdir/mod4.js");
 })();
author	Bartek Iwańczuk <biwanczuk@gmail.com>	2024-09-26 02:50:54 +0100
committer	GitHub <noreply@github.com>	2024-09-26 01:50:54 +0000
commit	5504acea6751480f1425c88353ad5d36257bdce7 (patch)
tree	fa02e6c546eae469aac894bfc71600ab4eccad28 /tests/testdata/run/error_015_dynamic_import_permissions.js
parent	05415bb9de475aa8646985a545f30fe93136207e (diff)