diff options
| -rw-r--r-- | cli/flags.rs | 113 |
1 files changed, 91 insertions, 22 deletions
diff --git a/cli/flags.rs b/cli/flags.rs index 31180a47e..a879be299 100644 --- a/cli/flags.rs +++ b/cli/flags.rs @@ -1171,6 +1171,7 @@ fn repl_subcommand<'a, 'b>() -> App<'a, 'b> { .takes_value(true) .value_name("code"), ) + .arg(unsafely_ignore_ceritifcate_errors_arg()) } fn run_subcommand<'a, 'b>() -> App<'a, 'b> { @@ -1426,17 +1427,7 @@ fn permission_args<'a, 'b>(app: App<'a, 'b>) -> App<'a, 'b> { .help("Allow network access") .validator(crate::flags_allow_net::validator), ) - .arg( - Arg::with_name("unsafely-ignore-certificate-errors") - .long("unsafely-ignore-certificate-errors") - .min_values(0) - .takes_value(true) - .use_delimiter(true) - .require_equals(true) - .value_name("HOSTNAMES") - .help("DANGER: Disables verification of TLS certificates") - .validator(crate::flags_allow_net::validator), - ) + .arg(unsafely_ignore_ceritifcate_errors_arg()) .arg( Arg::with_name("allow-env") .long("allow-env") @@ -1728,6 +1719,18 @@ fn no_remote_arg<'a, 'b>() -> Arg<'a, 'b> { .help("Do not resolve remote modules") } +fn unsafely_ignore_ceritifcate_errors_arg<'a, 'b>() -> Arg<'a, 'b> { + Arg::with_name("unsafely-ignore-certificate-errors") + .long("unsafely-ignore-certificate-errors") + .min_values(0) + .takes_value(true) + .use_delimiter(true) + .require_equals(true) + .value_name("HOSTNAMES") + .help("DANGER: Disables verification of TLS certificates") + .validator(crate::flags_allow_net::validator) +} + fn bundle_parse(flags: &mut Flags, matches: &clap::ArgMatches) { compile_args_parse(flags, matches); @@ -2029,6 +2032,7 @@ fn lint_parse(flags: &mut Flags, matches: &clap::ArgMatches) { fn repl_parse(flags: &mut Flags, matches: &clap::ArgMatches) { runtime_args_parse(flags, matches, false, true); + unsafely_ignore_ceritifcate_errors_parse(flags, matches); flags.repl = true; flags.subcommand = DenoSubcommand::Repl(ReplFlags { eval: matches.value_of("eval").map(ToOwned::to_owned), @@ -2184,6 +2188,7 @@ fn compile_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) { } fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) { + unsafely_ignore_ceritifcate_errors_parse(flags, matches); if let Some(read_wl) = matches.values_of("allow-read") { let read_allowlist: Vec<PathBuf> = read_wl.map(PathBuf::from).collect(); flags.allow_read = Some(read_allowlist); @@ -2201,13 +2206,6 @@ fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) { flags.allow_net = Some(net_allowlist); } - if let Some(ic_wl) = matches.values_of("unsafely-ignore-certificate-errors") { - let ic_allowlist: Vec<String> = - crate::flags_allow_net::parse(ic_wl.map(ToString::to_string).collect()) - .unwrap(); - flags.unsafely_ignore_certificate_errors = Some(ic_allowlist); - } - if let Some(env_wl) = matches.values_of("allow-env") { let env_allowlist: Vec<String> = env_wl .map(|env: &str| { @@ -2250,7 +2248,17 @@ fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) { flags.prompt = true; } } - +fn unsafely_ignore_ceritifcate_errors_parse( + flags: &mut Flags, + matches: &clap::ArgMatches, +) { + if let Some(ic_wl) = matches.values_of("unsafely-ignore-certificate-errors") { + let ic_allowlist: Vec<String> = + crate::flags_allow_net::parse(ic_wl.map(ToString::to_string).collect()) + .unwrap(); + flags.unsafely_ignore_certificate_errors = Some(ic_allowlist); + } +} fn runtime_args_parse( flags: &mut Flags, matches: &clap::ArgMatches, @@ -3242,7 +3250,7 @@ mod tests { #[test] fn repl_with_flags() { #[rustfmt::skip] - let r = flags_from_vec(svec!["deno", "repl", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229"]); + let r = flags_from_vec(svec!["deno", "repl", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--unsafely-ignore-certificate-errors"]); assert_eq!( r.unwrap(), Flags { @@ -3268,6 +3276,7 @@ mod tests { allow_write: Some(vec![]), allow_ffi: Some(vec![]), allow_hrtime: true, + unsafely_ignore_certificate_errors: Some(vec![]), ..Flags::default() } ); @@ -3891,7 +3900,36 @@ mod tests { } #[test] - fn unsafely_ignore_certificate_errors() { + fn repl_with_unsafely_ignore_certificate_errors() { + let r = flags_from_vec(svec![ + "deno", + "repl", + "--eval", + "console.log('hello');", + "--unsafely-ignore-certificate-errors" + ]); + assert_eq!( + r.unwrap(), + Flags { + repl: true, + subcommand: DenoSubcommand::Repl(ReplFlags { + eval: Some("console.log('hello');".to_string()), + }), + unsafely_ignore_certificate_errors: Some(vec![]), + allow_net: Some(vec![]), + allow_env: Some(vec![]), + allow_run: Some(vec![]), + allow_read: Some(vec![]), + allow_write: Some(vec![]), + allow_ffi: Some(vec![]), + allow_hrtime: true, + ..Flags::default() + } + ); + } + + #[test] + fn run_with_unsafely_ignore_certificate_errors() { let r = flags_from_vec(svec![ "deno", "run", @@ -3911,7 +3949,7 @@ mod tests { } #[test] - fn unsafely_treat_insecure_origin_as_secure_with_ipv6_address() { + fn run_with_unsafely_treat_insecure_origin_as_secure_with_ipv6_address() { let r = flags_from_vec(svec![ "deno", "run", @@ -3938,6 +3976,37 @@ mod tests { } #[test] + fn repl_with_unsafely_treat_insecure_origin_as_secure_with_ipv6_address() { + let r = flags_from_vec(svec![ + "deno", + "repl", + "--unsafely-ignore-certificate-errors=deno.land,localhost,::,127.0.0.1,[::1],1.2.3.4"]); + assert_eq!( + r.unwrap(), + Flags { + repl: true, + subcommand: DenoSubcommand::Repl(ReplFlags { eval: None }), + unsafely_ignore_certificate_errors: Some(svec![ + "deno.land", + "localhost", + "::", + "127.0.0.1", + "[::1]", + "1.2.3.4" + ]), + allow_net: Some(vec![]), + allow_env: Some(vec![]), + allow_run: Some(vec![]), + allow_read: Some(vec![]), + allow_write: Some(vec![]), + allow_ffi: Some(vec![]), + allow_hrtime: true, + ..Flags::default() + } + ); + } + + #[test] fn no_remote() { let r = flags_from_vec(svec!["deno", "run", "--no-remote", "script.ts"]); assert_eq!( |