From 5504acea6751480f1425c88353ad5d36257bdce7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= <biwanczuk@gmail.com>
Date: Thu, 26 Sep 2024 02:50:54 +0100
Subject: feat: add `--allow-import` flag (#25469)

This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.

By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.

Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:

```ts
deno run -A -r https://fresh.deno.dev
```

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
---
 tests/specs/info/missing_module/__test__.jsonc                 | 4 ++++
 tests/specs/info/missing_module/error_009_missing_js_module.js | 1 +
 tests/specs/info/missing_module/info_missing_module.out        | 7 +++++++
 3 files changed, 12 insertions(+)
 create mode 100644 tests/specs/info/missing_module/__test__.jsonc
 create mode 100644 tests/specs/info/missing_module/error_009_missing_js_module.js
 create mode 100644 tests/specs/info/missing_module/info_missing_module.out

(limited to 'tests/specs/info/missing_module')

diff --git a/tests/specs/info/missing_module/__test__.jsonc b/tests/specs/info/missing_module/__test__.jsonc
new file mode 100644
index 000000000..edc151972
--- /dev/null
+++ b/tests/specs/info/missing_module/__test__.jsonc
@@ -0,0 +1,4 @@
+{
+  "args": "info error_009_missing_js_module.js",
+  "output": "info_missing_module.out"
+}
diff --git a/tests/specs/info/missing_module/error_009_missing_js_module.js b/tests/specs/info/missing_module/error_009_missing_js_module.js
new file mode 100644
index 000000000..e6ca88934
--- /dev/null
+++ b/tests/specs/info/missing_module/error_009_missing_js_module.js
@@ -0,0 +1 @@
+import "./bad-module.js";
diff --git a/tests/specs/info/missing_module/info_missing_module.out b/tests/specs/info/missing_module/info_missing_module.out
new file mode 100644
index 000000000..c62d690c1
--- /dev/null
+++ b/tests/specs/info/missing_module/info_missing_module.out
@@ -0,0 +1,7 @@
+local: [WILDCARD]error_009_missing_js_module.js
+type: JavaScript
+dependencies: 0 unique
+size: 26B
+
+file://[WILDCARD]/error_009_missing_js_module.js (26B)
+└── file://[WILDCARD]/bad-module.js (missing)
-- 
cgit v1.2.3