2018-06-15 13:33:23 +02:00
|
|
|
# Deno Roadmap
|
|
|
|
|
|
|
|
API and Feature requests should be submitted as PRs to this document.
|
|
|
|
|
2018-09-22 08:43:44 -04:00
|
|
|
## Security Model (partially implemented)
|
2018-06-29 14:14:26 +02:00
|
|
|
|
2018-10-04 02:01:21 -07:00
|
|
|
- We want to be secure by default; user should be able to run untrusted code,
|
2018-06-29 14:14:26 +02:00
|
|
|
like the web.
|
2018-10-04 02:01:21 -07:00
|
|
|
- Threat model:
|
|
|
|
- Modifiying/deleting local files
|
|
|
|
- Leaking private information
|
|
|
|
- Disallowed default:
|
|
|
|
- Network access
|
|
|
|
- Local write access
|
|
|
|
- Non-JS extensions
|
|
|
|
- Subprocesses
|
|
|
|
- Env access
|
|
|
|
- Allowed default:
|
|
|
|
- Local read access.
|
|
|
|
- argv, stdout, stderr, stdin access always allowed.
|
|
|
|
- Maybe: temp dir write access. (But what if they create symlinks there?)
|
|
|
|
- The user gets prompted when the software tries to do something it doesn't have
|
2018-06-29 14:14:26 +02:00
|
|
|
the privilege for.
|
2018-10-04 02:01:21 -07:00
|
|
|
- Have an option to get a stack trace when access is requested.
|
|
|
|
- Worried that granting access per file will give a false sense of security due
|
2018-06-29 14:14:26 +02:00
|
|
|
to monkey patching techniques. Access should be granted per program (js
|
|
|
|
context).
|
|
|
|
|
2018-07-03 21:18:42 +02:00
|
|
|
Example security prompts. Options are: YES, NO, PRINT STACK
|
2018-10-04 02:01:21 -07:00
|
|
|
|
2018-07-03 21:18:42 +02:00
|
|
|
```
|
|
|
|
Program requests write access to "~/.ssh/id_rsa". Grant? [yNs]
|
|
|
|
http://gist.github.com/asdfasd.js requests network access to "www.facebook.com". Grant? [yNs]
|
|
|
|
Program requests access to environment variables. Grant? [yNs]
|
|
|
|
Program requests to spawn `rm -rf /`. Grant? [yNs]
|
|
|
|
```
|
2018-06-29 14:14:26 +02:00
|
|
|
|
2018-10-04 02:01:21 -07:00
|
|
|
- cli flags to grant access ahead of time --allow-all --allow-write --allow-net
|
2018-06-29 14:14:26 +02:00
|
|
|
--allow-env --allow-exec
|
2018-10-04 02:01:21 -07:00
|
|
|
- in version two we will add ability to give finer grain access
|
2018-06-29 14:14:26 +02:00
|
|
|
--allow-net=facebook.com
|
|
|
|
|
2018-10-18 02:05:33 -04:00
|
|
|
## Top-level Await (Not Implemented)
|
2018-06-15 13:33:23 +02:00
|
|
|
|
2018-10-11 18:43:47 +09:00
|
|
|
[#471](https://github.com/denoland/deno/issues/471)
|
2018-06-15 13:33:23 +02:00
|
|
|
|
2018-10-04 02:01:21 -07:00
|
|
|
This will be put off until at least deno2 Milestone1 is complete. One of the
|
|
|
|
major problems is that top-level await calls are not syntactically valid
|
|
|
|
TypeScript.
|
2018-08-29 16:32:42 -04:00
|
|
|
|
2018-10-18 02:05:33 -04:00
|
|
|
### [Broken] List dependencies of a program.
|
2018-08-29 16:32:42 -04:00
|
|
|
|
2018-10-18 02:05:33 -04:00
|
|
|
Currently broken: https://github.com/denoland/deno/issues/1011
|
2018-08-29 16:32:42 -04:00
|
|
|
|
|
|
|
```
|
2018-10-18 02:05:33 -04:00
|
|
|
% deno --deps http://gist.com/blah.js
|
|
|
|
http://gist.com/blah.js
|
|
|
|
http://gist.com/dep.js
|
|
|
|
https://github.com/denoland/deno/master/testing.js
|
|
|
|
%
|
2018-08-29 16:32:42 -04:00
|
|
|
```
|