From 5f9c1c7da6047ee8612e71f8ef4ca9c950b3a699 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Thu, 21 May 2020 13:06:12 +0200 Subject: fix: disallow http imports for modules loaded over https (#5680) --- cli/tests/disallow_http_from_https.js | 2 ++ cli/tests/disallow_http_from_https.ts | 2 ++ cli/tests/disallow_http_from_https_js.out | 1 + cli/tests/disallow_http_from_https_ts.out | 1 + cli/tests/error_local_static_import_from_remote.js.out | 2 +- cli/tests/error_local_static_import_from_remote.ts.out | 2 +- cli/tests/integration_tests.rs | 14 ++++++++++++++ 7 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 cli/tests/disallow_http_from_https.js create mode 100644 cli/tests/disallow_http_from_https.ts create mode 100644 cli/tests/disallow_http_from_https_js.out create mode 100644 cli/tests/disallow_http_from_https_ts.out (limited to 'cli/tests') diff --git a/cli/tests/disallow_http_from_https.js b/cli/tests/disallow_http_from_https.js new file mode 100644 index 000000000..fd30a023d --- /dev/null +++ b/cli/tests/disallow_http_from_https.js @@ -0,0 +1,2 @@ +// Trying to import "http://", while this file is accessed by "https://" +import "http://localhost:4545/cli/tests/001_hello.js"; diff --git a/cli/tests/disallow_http_from_https.ts b/cli/tests/disallow_http_from_https.ts new file mode 100644 index 000000000..fd30a023d --- /dev/null +++ b/cli/tests/disallow_http_from_https.ts @@ -0,0 +1,2 @@ +// Trying to import "http://", while this file is accessed by "https://" +import "http://localhost:4545/cli/tests/001_hello.js"; diff --git a/cli/tests/disallow_http_from_https_js.out b/cli/tests/disallow_http_from_https_js.out new file mode 100644 index 000000000..7b71cb6bf --- /dev/null +++ b/cli/tests/disallow_http_from_https_js.out @@ -0,0 +1 @@ +error: Modules loaded over https:// are not allowed to import modules over http:// diff --git a/cli/tests/disallow_http_from_https_ts.out b/cli/tests/disallow_http_from_https_ts.out new file mode 100644 index 000000000..7b71cb6bf --- /dev/null +++ b/cli/tests/disallow_http_from_https_ts.out @@ -0,0 +1 @@ +error: Modules loaded over https:// are not allowed to import modules over http:// diff --git a/cli/tests/error_local_static_import_from_remote.js.out b/cli/tests/error_local_static_import_from_remote.js.out index 4e6a9d4e7..c3fda1274 100644 --- a/cli/tests/error_local_static_import_from_remote.js.out +++ b/cli/tests/error_local_static_import_from_remote.js.out @@ -1,2 +1,2 @@ [WILDCARD] -error: Remote module are not allowed to statically import local modules. Use dynamic import instead. +error: Remote modules are not allowed to statically import local modules. Use dynamic import instead. diff --git a/cli/tests/error_local_static_import_from_remote.ts.out b/cli/tests/error_local_static_import_from_remote.ts.out index 4e6a9d4e7..c3fda1274 100644 --- a/cli/tests/error_local_static_import_from_remote.ts.out +++ b/cli/tests/error_local_static_import_from_remote.ts.out @@ -1,2 +1,2 @@ [WILDCARD] -error: Remote module are not allowed to statically import local modules. Use dynamic import instead. +error: Remote modules are not allowed to statically import local modules. Use dynamic import instead. diff --git a/cli/tests/integration_tests.rs b/cli/tests/integration_tests.rs index de894f064..cec081ea6 100644 --- a/cli/tests/integration_tests.rs +++ b/cli/tests/integration_tests.rs @@ -1686,6 +1686,20 @@ itest_ignore!(cafile_info { http_server: true, }); +itest!(disallow_http_from_https_js { + args: "run --quiet --reload --cert tls/RootCA.pem https://localhost:5545/cli/tests/disallow_http_from_https.js", + output: "disallow_http_from_https_js.out", + http_server: true, + exit_code: 1, +}); + +itest!(disallow_http_from_https_ts { + args: "run --quiet --reload --cert tls/RootCA.pem https://localhost:5545/cli/tests/disallow_http_from_https.ts", + output: "disallow_http_from_https_ts.out", + http_server: true, + exit_code: 1, +}); + itest!(fix_js_import_js { args: "run --quiet --reload fix_js_import_js.ts", output: "fix_js_import_js.ts.out", -- cgit v1.2.3