From 32aeec9630dc91162f0408b95dd86e1c26e4c1d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Mon, 11 May 2020 13:13:27 +0200 Subject: refactor: check permissions in SourceFileFetcher (#5011) This PR hot-fixes permission escapes in dynamic imports, workers and runtime compiler APIs. "permissions" parameter was added to public APIs of SourceFileFetcher and appropriate permission checks are performed during loading of local and remote files. --- docs/runtime/compiler_apis.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'docs/runtime/compiler_apis.md') diff --git a/docs/runtime/compiler_apis.md b/docs/runtime/compiler_apis.md index 3a06b0b4a..30d583331 100644 --- a/docs/runtime/compiler_apis.md +++ b/docs/runtime/compiler_apis.md @@ -15,9 +15,11 @@ fully qualified module name, and the value is the text source of the module. If `sources` is passed, Deno will resolve all the modules from within that hash and not attempt to resolve them outside of Deno. If `sources` are not provided, Deno will resolve modules as if the root module had been passed on the command line. -Deno will also cache any of these resources. The `options` argument is a set of -options of type `Deno.CompilerOptions`, which is a subset of the TypeScript -compiler options containing the ones supported by Deno. +Deno will also cache any of these resources. All resolved resources are treated +as dynamic imports and require read or net permissions depending if they're +local or remote. The `options` argument is a set of options of type +`Deno.CompilerOptions`, which is a subset of the TypeScript compiler options +containing the ones supported by Deno. The method resolves with a tuple. The first argument contains any diagnostics (syntax or type errors) related to the code. The second argument is a map where @@ -63,10 +65,12 @@ The `sources` is a hash where the key is the fully qualified module name, and the value is the text source of the module. If `sources` is passed, Deno will resolve all the modules from within that hash and not attempt to resolve them outside of Deno. If `sources` are not provided, Deno will resolve modules as if -the root module had been passed on the command line. Deno will also cache any of -these resources. The `options` argument is a set of options of type -`Deno.CompilerOptions`, which is a subset of the TypeScript compiler options -containing the ones supported by Deno. +the root module had been passed on the command line. All resolved resources are +treated as dynamic imports and require read or net permissions depending if +they're local or remote. Deno will also cache any of these resources. The +`options` argument is a set of options of type `Deno.CompilerOptions`, which is +a subset of the TypeScript compiler options containing the ones supported by +Deno. An example of providing sources: -- cgit v1.2.3