tests/testdata/allow_run_allowlist_resolution.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

// Testing the following (but with `deno` instead of `echo`):
// | `deno run --allow-run=echo`         | `which path == "/usr/bin/echo"` at startup | `which path != "/usr/bin/echo"` at startup |
// |-------------------------------------|--------------------------------------------|--------------------------------------------|
// | **`Deno.Command("echo")`**          | ✅                                          | ✅                                          |
// | **`Deno.Command("/usr/bin/echo")`** | ✅                                          | ❌                                          |

// | `deno run --allow-run=/usr/bin/echo | `which path == "/usr/bin/echo"` at runtime | `which path != "/usr/bin/echo"` at runtime |
// |-------------------------------------|--------------------------------------------|--------------------------------------------|
// | **`Deno.Command("echo")`**          | ✅                                          | ❌                                          |
// | **`Deno.Command("/usr/bin/echo")`** | ✅                                          | ✅                                          |

const execPath = Deno.execPath();
const execPathParent = execPath.replace(/[/\\][^/\\]+$/, "");

const testUrl = `data:application/typescript;base64,${
  btoa(`
  console.log(await Deno.permissions.query({ name: "run", command: "deno" }));
  console.log(await Deno.permissions.query({ name: "run", command: "${
    execPath.replaceAll("\\", "\\\\")
  }" }));
  Deno.env.set("PATH", "");
  console.log(await Deno.permissions.query({ name: "run", command: "deno" }));
  console.log(await Deno.permissions.query({ name: "run", command: "${
    execPath.replaceAll("\\", "\\\\")
  }" }));
`)
}`;

const process1 = await new Deno.Command(Deno.execPath(), {
  args: [
    "run",
    "--quiet",
    "--allow-env",
    "--allow-run=deno",
    testUrl,
  ],
  stderr: "null",
  env: { "PATH": execPathParent },
}).output();
console.log(new TextDecoder().decode(process1.stdout));

const process2 = await new Deno.Command(Deno.execPath(), {
  args: [
    "run",
    "--quiet",
    "--allow-env",
    "--allow-run=deno",
    testUrl,
  ],
  stderr: "null",
  env: { "PATH": "" },
}).output();
console.log(new TextDecoder().decode(process2.stdout));

const process3 = await new Deno.Command(Deno.execPath(), {
  args: [
    "run",
    "--quiet",
    "--allow-env",
    `--allow-run=${execPath}`,
    testUrl,
  ],
  stderr: "null",
  env: { "PATH": execPathParent },
}).output();
console.log(new TextDecoder().decode(process3.stdout));