diff options
Diffstat (limited to 'cli/args/mod.rs')
| -rw-r--r-- | cli/args/mod.rs | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/cli/args/mod.rs b/cli/args/mod.rs index 0e4004a53..db8cf149e 100644 --- a/cli/args/mod.rs +++ b/cli/args/mod.rs @@ -809,6 +809,8 @@ impl CliOptions { } } + warn_insecure_allow_run_flags(&flags); + let maybe_lockfile = maybe_lockfile.filter(|_| !force_global_cache); let deno_dir_provider = Arc::new(DenoDirProvider::new(flags.cache_path.clone())); @@ -1688,6 +1690,27 @@ impl CliOptions { } } +/// Warns for specific uses of `--allow-run`. This function is not +/// intended to catch every single possible insecure use of `--allow-run`, +/// but is just an attempt to discourage some common pitfalls. +fn warn_insecure_allow_run_flags(flags: &Flags) { + let permissions = &flags.permissions; + if permissions.allow_all { + return; + } + let Some(allow_run_list) = permissions.allow_run.as_ref() else { + return; + }; + + // discourage using --allow-run without an allow list + if allow_run_list.is_empty() { + log::warn!( + "{} --allow-run can be trivially exploited. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)", + colors::yellow("Warning") + ); + } +} + /// Resolves the path to use for a local node_modules folder. fn resolve_node_modules_folder( cwd: &Path, |