From 22e0ee92a6618db0168b9dfce6c598b6df207a4c Mon Sep 17 00:00:00 2001 From: Nayeem Rahman Date: Wed, 30 Dec 2020 22:35:28 +0000 Subject: BREAKING(unstable): Use hosts for net allowlists (#8845) Allowlist checking already uses hosts but for some reason requests, revokes and the runtime permissions API use URLs. - BREAKING(lib.deno.unstable.d.ts): Change NetPermissionDescriptor::url to NetPermissionDescriptor::host - fix(runtime/permissions): Don't add whole URLs to the allowlist on request - fix(runtime/permissions): Harden strength semantics: ({ name: "net", host: "127.0.0.1" } is stronger than { name: "net", host: "127.0.0.1:8000" }) for blocklisting - refactor(runtime/permissions): Use tuples for hosts, make the host optional in Permissions::{query_net, request_net, revoke_net}() --- cli/tests/error_015_dynamic_import_permissions.out | 2 +- cli/tests/error_worker_permissions_remote.ts.out | 2 +- cli/tests/unit/permissions_test.ts | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'cli/tests') diff --git a/cli/tests/error_015_dynamic_import_permissions.out b/cli/tests/error_015_dynamic_import_permissions.out index 577dbcc5c..b3d628990 100644 --- a/cli/tests/error_015_dynamic_import_permissions.out +++ b/cli/tests/error_015_dynamic_import_permissions.out @@ -1 +1 @@ -error: Uncaught (in promise) TypeError: network access to "http://localhost:4545/cli/tests/subdir/mod4.js", run again with the --allow-net flag +error: Uncaught (in promise) TypeError: network access to "localhost:4545", run again with the --allow-net flag diff --git a/cli/tests/error_worker_permissions_remote.ts.out b/cli/tests/error_worker_permissions_remote.ts.out index 6cf63fa22..5bbc58b34 100644 --- a/cli/tests/error_worker_permissions_remote.ts.out +++ b/cli/tests/error_worker_permissions_remote.ts.out @@ -1,3 +1,3 @@ [WILDCARD] -error: Uncaught (in worker "") network access to "http://localhost:4545/cli/tests/subdir/worker_types.ts", run again with the --allow-net flag +error: Uncaught (in worker "") network access to "localhost:4545", run again with the --allow-net flag [WILDCARD] diff --git a/cli/tests/unit/permissions_test.ts b/cli/tests/unit/permissions_test.ts index dee8aa195..3c36f0186 100644 --- a/cli/tests/unit/permissions_test.ts +++ b/cli/tests/unit/permissions_test.ts @@ -13,9 +13,9 @@ unitTest(async function permissionInvalidName(): Promise { }, Error); }); -unitTest(async function permissionNetInvalidUrl(): Promise { +unitTest(async function permissionNetInvalidHost(): Promise { await assertThrowsAsync(async () => { - await Deno.permissions.query({ name: "net", url: ":" }); + await Deno.permissions.query({ name: "net", host: ":" }); }, URIError); }); -- cgit v1.2.3