From 1a472ad06bdc55b1fa0c0f26ca2d24d709f2e0c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Wed, 7 Dec 2022 20:21:18 +0100 Subject: feat(repl): run "deno repl" with no permissions (#16795) This commit changes "deno repl" command to run with no permissions by default and accept "--allow-*" flags. This change is dictated by the fact that currently there is no way to run REPL with limited permissions. Technically it's a breaking change in the CLI command, but there's agreement in the team that it has merit and it's a good solution. Running just "deno" command still starts the REPL with full permissions allowed, but now a banner is printed to inform users about that: --- cli/tests/inspector_tests.rs | 1 + cli/tests/repl_tests.rs | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'cli/tests') diff --git a/cli/tests/inspector_tests.rs b/cli/tests/inspector_tests.rs index 8e5a8d1f6..0cf8cc3bb 100644 --- a/cli/tests/inspector_tests.rs +++ b/cli/tests/inspector_tests.rs @@ -557,6 +557,7 @@ mod inspector { async fn inspector_runtime_evaluate_does_not_crash() { let child = util::deno_cmd() .arg("repl") + .arg("--allow-read") .arg(inspect_flag_with_unique_port("--inspect")) .stdin(std::process::Stdio::piped()) .stdout(std::process::Stdio::piped()) diff --git a/cli/tests/repl_tests.rs b/cli/tests/repl_tests.rs index 136148d9f..4524b4097 100644 --- a/cli/tests/repl_tests.rs +++ b/cli/tests/repl_tests.rs @@ -460,9 +460,9 @@ mod repl { #[test] fn import() { - let (out, _) = util::run_and_collect_output( + let (out, _) = util::run_and_collect_output_with_args( true, - "repl", + vec![], Some(vec!["import('./subdir/auto_print_hello.ts')"]), Some(vec![("NO_COLOR".to_owned(), "1".to_owned())]), false, @@ -472,9 +472,9 @@ mod repl { #[test] fn import_declarations() { - let (out, _) = util::run_and_collect_output( + let (out, _) = util::run_and_collect_output_with_args( true, - "repl", + vec!["repl", "--allow-read"], Some(vec!["import './subdir/auto_print_hello.ts';"]), Some(vec![("NO_COLOR".to_owned(), "1".to_owned())]), false, @@ -796,7 +796,7 @@ mod repl { fn eval_file_flag_multiple_files() { let (out, err) = util::run_and_collect_output_with_args( true, - vec!["repl", "--eval-file=http://127.0.0.1:4545/repl/import_type.ts,./tsc/d.ts,http://127.0.0.1:4545/type_definitions/foo.js"], + vec!["repl", "--allow-read", "--eval-file=http://127.0.0.1:4545/repl/import_type.ts,./tsc/d.ts,http://127.0.0.1:4545/type_definitions/foo.js"], Some(vec!["b.method1=v4", "b.method1()+foo.toUpperCase()"]), None, true, -- cgit v1.2.3