diff options
Diffstat (limited to 'cli/flags.rs')
| -rw-r--r-- | cli/flags.rs | 89 |
1 files changed, 86 insertions, 3 deletions
diff --git a/cli/flags.rs b/cli/flags.rs index 1c7eaf9a0..36b326c0b 100644 --- a/cli/flags.rs +++ b/cli/flags.rs @@ -164,6 +164,7 @@ pub struct Flags { pub repl: bool, pub seed: Option<u64>, pub unstable: bool, + pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>, pub v8_flags: Vec<String>, pub version: bool, pub watch: bool, @@ -216,6 +217,20 @@ impl Flags { _ => {} } + match &self.unsafely_treat_insecure_origin_as_secure { + Some(ic_allowlist) if ic_allowlist.is_empty() => { + args.push("--unsafely-treat-insecure-origin-as-secure".to_string()); + } + Some(ic_allowlist) => { + let s = format!( + "--unsafely-treat-insecure-origin-as-secure={}", + ic_allowlist.join(",") + ); + args.push(s); + } + _ => {} + } + match &self.allow_env { Some(env_allowlist) if env_allowlist.is_empty() => { args.push("--allow-env".to_string()); @@ -1222,6 +1237,16 @@ fn permission_args<'a, 'b>(app: App<'a, 'b>) -> App<'a, 'b> { .validator(crate::flags_allow_net::validator), ) .arg( + Arg::with_name("unsafely-treat-insecure-origin-as-secure") + .long("unsafely-treat-insecure-origin-as-secure") + .min_values(0) + .takes_value(true) + .use_delimiter(true) + .require_equals(true) + .help("DANGER: Disables verification of SSL certificates") + .validator(crate::flags_allow_net::validator), + ) + .arg( Arg::with_name("allow-env") .long("allow-env") .min_values(0) @@ -1879,7 +1904,15 @@ fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) { crate::flags_allow_net::parse(net_wl.map(ToString::to_string).collect()) .unwrap(); flags.allow_net = Some(net_allowlist); - debug!("net allowlist: {:#?}", &flags.allow_net); + } + + if let Some(ic_wl) = + matches.values_of("unsafely-treat-insecure-origin-as-secure") + { + let ic_allowlist: Vec<String> = + crate::flags_allow_net::parse(ic_wl.map(ToString::to_string).collect()) + .unwrap(); + flags.unsafely_treat_insecure_origin_as_secure = Some(ic_allowlist); } if let Some(env_wl) = matches.values_of("allow-env") { @@ -2723,6 +2756,7 @@ mod tests { repl: true, subcommand: DenoSubcommand::Repl { eval: None }, allow_net: Some(vec![]), + unsafely_treat_insecure_origin_as_secure: None, allow_env: Some(vec![]), allow_run: Some(vec![]), allow_read: Some(vec![]), @@ -3198,7 +3232,7 @@ mod tests { #[test] fn install_with_flags() { #[rustfmt::skip] - let r = flags_from_vec(svec!["deno", "install", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--name", "file_server", "--root", "/foo", "--force", "https://deno.land/std/http/file_server.ts", "foo", "bar"]); + let r = flags_from_vec(svec!["deno", "install", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-treat-insecure-origin-as-secure", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--name", "file_server", "--root", "/foo", "--force", "https://deno.land/std/http/file_server.ts", "foo", "bar"]); assert_eq!( r.unwrap(), Flags { @@ -3222,6 +3256,7 @@ mod tests { seed: Some(1), inspect: Some("127.0.0.1:9229".parse().unwrap()), allow_net: Some(vec![]), + unsafely_treat_insecure_origin_as_secure: Some(vec![]), allow_read: Some(vec![]), ..Flags::default() } @@ -3367,6 +3402,53 @@ mod tests { } #[test] + fn unsafely_treat_insecure_origin_as_secure() { + let r = flags_from_vec(svec![ + "deno", + "run", + "--unsafely-treat-insecure-origin-as-secure", + "script.ts" + ]); + assert_eq!( + r.unwrap(), + Flags { + subcommand: DenoSubcommand::Run { + script: "script.ts".to_string(), + }, + unsafely_treat_insecure_origin_as_secure: Some(vec![]), + ..Flags::default() + } + ); + } + + #[test] + fn unsafely_treat_insecure_origin_as_secure_with_ipv6_address() { + let r = flags_from_vec(svec![ + "deno", + "run", + "--unsafely-treat-insecure-origin-as-secure=deno.land,localhost,::,127.0.0.1,[::1],1.2.3.4", + "script.ts" + ]); + assert_eq!( + r.unwrap(), + Flags { + subcommand: DenoSubcommand::Run { + script: "script.ts".to_string(), + }, + unsafely_treat_insecure_origin_as_secure: Some(svec![ + "deno.land", + "localhost", + "::", + "127.0.0.1", + "[::1]", + "1.2.3.4" + ]), + ..Flags::default() + } + ); + } + + #[test] fn no_remote() { let r = flags_from_vec(svec!["deno", "run", "--no-remote", "script.ts"]); assert_eq!( @@ -3845,7 +3927,7 @@ mod tests { #[test] fn compile_with_flags() { #[rustfmt::skip] - let r = flags_from_vec(svec!["deno", "compile", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--output", "colors", "https://deno.land/std/examples/colors.ts", "foo", "bar"]); + let r = flags_from_vec(svec!["deno", "compile", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-treat-insecure-origin-as-secure", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--output", "colors", "https://deno.land/std/examples/colors.ts", "foo", "bar"]); assert_eq!( r.unwrap(), Flags { @@ -3866,6 +3948,7 @@ mod tests { cached_only: true, location: Some(Url::parse("https://foo/").unwrap()), allow_read: Some(vec![]), + unsafely_treat_insecure_origin_as_secure: Some(vec![]), allow_net: Some(vec![]), v8_flags: svec!["--help", "--random-seed=1"], seed: Some(1), |