diff options
| author | David Sherret <dsherret@users.noreply.github.com> | 2024-09-17 00:08:02 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-16 23:08:02 +0000 |
| commit | b0525edd6fb2fa414407ec73c981051d692d1c26 (patch) | |
| tree | 0e21ef4b2667f6882d6c52f24d27cc26d3696403 /tests | |
| parent | f7ddea3af7a9f4dfef23aa544f05348dabbad20d (diff) | |
feat: warn when using `--allow-run` with no allow list (#25215)
Diffstat (limited to 'tests')
10 files changed, 23 insertions, 11 deletions
diff --git a/tests/napi/cleanup_hook_test.js b/tests/napi/cleanup_hook_test.js index 017674ad4..2c1f73e12 100644 --- a/tests/napi/cleanup_hook_test.js +++ b/tests/napi/cleanup_hook_test.js @@ -17,9 +17,7 @@ if (import.meta.main) { "--config", Deno.realPathSync("../config/deno.json"), "--no-lock", - "--allow-read", - "--allow-run", - "--allow-ffi", + "-A", "--unstable-ffi", import.meta.url, ], diff --git a/tests/specs/permission/deny_run_binary_absolute_path/main.out b/tests/specs/permission/deny_run_binary_absolute_path/main.out index 45b228387..7f11e7880 100644 --- a/tests/specs/permission/deny_run_binary_absolute_path/main.out +++ b/tests/specs/permission/deny_run_binary_absolute_path/main.out @@ -1,3 +1,4 @@ +Warning --allow-run can be trivially exploited. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses) NotCapable: Requires run access to "deno", run again with the --allow-run flag at [WILDCARD] { name: "NotCapable" diff --git a/tests/specs/permission/path_not_permitted/main.out b/tests/specs/permission/path_not_permitted/main.out index b057d0a63..02e5b937f 100644 --- a/tests/specs/permission/path_not_permitted/main.out +++ b/tests/specs/permission/path_not_permitted/main.out @@ -1,10 +1,10 @@ Running... -NotCapable: Requires run access to "deno", run again with the --allow-run flag +NotCapable: Requires run access to "binary", run again with the --allow-run flag [WILDCARD] at file:///[WILDLINE]/sub.ts:15:5 { name: "NotCapable" } -NotCapable: Requires run access to "deno", run again with the --allow-run flag +NotCapable: Requires run access to "binary", run again with the --allow-run flag [WILDCARD] at file:///[WILDLINE]/sub.ts:23:22 { name: "NotCapable" diff --git a/tests/specs/permission/path_not_permitted/main.ts b/tests/specs/permission/path_not_permitted/main.ts index 0cc141e7a..0587db916 100644 --- a/tests/specs/permission/path_not_permitted/main.ts +++ b/tests/specs/permission/path_not_permitted/main.ts @@ -1,4 +1,4 @@ -const binaryName = Deno.build.os === "windows" ? "deno.exe" : "deno"; +const binaryName = Deno.build.os === "windows" ? "binary.exe" : "binary"; Deno.copyFileSync(Deno.execPath(), binaryName); console.log("Running..."); @@ -9,9 +9,12 @@ new Deno.Command( "run", "--allow-write", "--allow-read", - `--allow-run=deno`, + `--allow-run=binary`, "sub.ts", ], + env: { + PATH: Deno.cwd(), + }, stderr: "inherit", stdout: "inherit", }, diff --git a/tests/specs/permission/path_not_permitted/sub.ts b/tests/specs/permission/path_not_permitted/sub.ts index ea527a938..e501b5b7b 100644 --- a/tests/specs/permission/path_not_permitted/sub.ts +++ b/tests/specs/permission/path_not_permitted/sub.ts @@ -1,4 +1,4 @@ -const binaryName = Deno.build.os === "windows" ? "deno.exe" : "deno"; +const binaryName = Deno.build.os === "windows" ? "binary.exe" : "binary"; const pathSep = Deno.build.os === "windows" ? "\\" : "/"; Deno.mkdirSync("subdir"); @@ -6,7 +6,7 @@ Deno.copyFileSync(binaryName, "subdir/" + binaryName); try { const commandResult = new Deno.Command( - "deno", + "binary", { env: { "PATH": Deno.cwd() + pathSep + "subdir" }, stdout: "inherit", @@ -22,7 +22,7 @@ try { try { const child = Deno.run( { - cmd: ["deno"], + cmd: ["binary"], env: { "PATH": Deno.cwd() + pathSep + "subdir" }, stdout: "inherit", stderr: "inherit", diff --git a/tests/specs/run/allow_run_insecure_warnings/__test__.jsonc b/tests/specs/run/allow_run_insecure_warnings/__test__.jsonc new file mode 100644 index 000000000..b64146ee9 --- /dev/null +++ b/tests/specs/run/allow_run_insecure_warnings/__test__.jsonc @@ -0,0 +1,8 @@ +{ + "tests": { + "no_allow_list": { + "args": "run --allow-run main.ts", + "output": "no_allow_list.out" + } + } +} diff --git a/tests/specs/run/allow_run_insecure_warnings/main.ts b/tests/specs/run/allow_run_insecure_warnings/main.ts new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/tests/specs/run/allow_run_insecure_warnings/main.ts diff --git a/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out b/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out new file mode 100644 index 000000000..277d0036c --- /dev/null +++ b/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out @@ -0,0 +1 @@ +Warning --allow-run can be trivially exploited. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses) diff --git a/tests/specs/test/captured_output/__test__.jsonc b/tests/specs/test/captured_output/__test__.jsonc index d620f61aa..f56c54555 100644 --- a/tests/specs/test/captured_output/__test__.jsonc +++ b/tests/specs/test/captured_output/__test__.jsonc @@ -1,5 +1,5 @@ { - "args": "test --allow-run --allow-read captured_output.ts", + "args": "test -A captured_output.ts", "output": "main.out", "envs": { "NO_COLOR": "1" }, "exitCode": 0 diff --git a/tests/testdata/run/deny_some_permission_args.out b/tests/testdata/run/deny_some_permission_args.out index abb5274ee..fe3e57d69 100644 --- a/tests/testdata/run/deny_some_permission_args.out +++ b/tests/testdata/run/deny_some_permission_args.out @@ -1,3 +1,4 @@ +Warning --allow-run can be trivially exploited. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses) PermissionStatus { state: "granted", onchange: null, partial: true } PermissionStatus { state: "denied", onchange: null } PermissionStatus { state: "granted", onchange: null } |