mirror of
https://github.com/denoland/deno.git
synced 2024-12-22 07:14:47 -05:00
BREAKING: disallow static import of local modules from remote modules (#5050)
This commit changes module loading logic to disallow statically import local module (file:// scheme) from remote modules (http://, https:// schemes).
This commit is contained in:
parent
de2c042482
commit
2872b362ff
7 changed files with 65 additions and 0 deletions
|
@ -112,6 +112,24 @@ fn op_fetch_source_files(
|
|||
async move {
|
||||
let resolved_specifier = ModuleSpecifier::resolve_url(&specifier)
|
||||
.expect("Invalid specifier");
|
||||
// TODO(bartlomieju): duplicated from `state.rs::ModuleLoader::load` - deduplicate
|
||||
// Verify that remote file doesn't try to statically import local file.
|
||||
if let Some(referrer) = ref_specifier_.as_ref() {
|
||||
let referrer_url = referrer.as_url();
|
||||
match referrer_url.scheme() {
|
||||
"http" | "https" => {
|
||||
let specifier_url = resolved_specifier.as_url();
|
||||
match specifier_url.scheme() {
|
||||
"http" | "https" => {},
|
||||
_ => {
|
||||
let e = OpError::permission_denied("Remote module are not allowed to statically import local modules. Use dynamic import instead.".to_string());
|
||||
return Err(e.into());
|
||||
}
|
||||
}
|
||||
},
|
||||
_ => {}
|
||||
}
|
||||
}
|
||||
file_fetcher_
|
||||
.fetch_source_file(&resolved_specifier, ref_specifier_)
|
||||
.await
|
||||
|
|
18
cli/state.rs
18
cli/state.rs
|
@ -287,6 +287,24 @@ impl ModuleLoader for State {
|
|||
if let Err(e) = self.check_dyn_import(&module_specifier) {
|
||||
return async move { Err(e.into()) }.boxed_local();
|
||||
}
|
||||
} else {
|
||||
// Verify that remote file doesn't try to statically import local file.
|
||||
if let Some(referrer) = maybe_referrer.as_ref() {
|
||||
let referrer_url = referrer.as_url();
|
||||
match referrer_url.scheme() {
|
||||
"http" | "https" => {
|
||||
let specifier_url = module_specifier.as_url();
|
||||
match specifier_url.scheme() {
|
||||
"http" | "https" => {}
|
||||
_ => {
|
||||
let e = OpError::permission_denied("Remote module are not allowed to statically import local modules. Use dynamic import instead.".to_string());
|
||||
return async move { Err(e.into()) }.boxed_local();
|
||||
}
|
||||
}
|
||||
}
|
||||
_ => {}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
let mut state = self.borrow_mut();
|
||||
|
|
1
cli/tests/error_local_static_import_from_remote.js
Normal file
1
cli/tests/error_local_static_import_from_remote.js
Normal file
|
@ -0,0 +1 @@
|
|||
import "file:///some/dir/file.js";
|
2
cli/tests/error_local_static_import_from_remote.js.out
Normal file
2
cli/tests/error_local_static_import_from_remote.js.out
Normal file
|
@ -0,0 +1,2 @@
|
|||
[WILDCARD]
|
||||
Remote module are not allowed to statically import local modules. Use dynamic import instead.
|
1
cli/tests/error_local_static_import_from_remote.ts
Normal file
1
cli/tests/error_local_static_import_from_remote.ts
Normal file
|
@ -0,0 +1 @@
|
|||
import "file:///some/dir/file.ts";
|
9
cli/tests/error_local_static_import_from_remote.ts.out
Normal file
9
cli/tests/error_local_static_import_from_remote.ts.out
Normal file
|
@ -0,0 +1,9 @@
|
|||
[WILDCARD]
|
||||
error: Uncaught PermissionDenied: Remote module are not allowed to statically import local modules. Use dynamic import instead.
|
||||
at unwrapResponse ($deno$/ops/dispatch_json.ts:[WILDCARD])
|
||||
at Object.sendAsync ($deno$/ops/dispatch_json.ts:[WILDCARD])
|
||||
at async processImports ($deno$/compiler/imports.ts:[WILDCARD])
|
||||
at async Object.processImports ($deno$/compiler/imports.ts:[WILDCARD])
|
||||
at async compile ([WILDCARD]compiler.ts:[WILDCARD])
|
||||
at async tsCompilerOnMessage ([WILDCARD]compiler.ts:[WILDCARD])
|
||||
at async workerMessageRecvCallback ($deno$/runtime_worker.ts:[WILDCARD])
|
|
@ -1422,6 +1422,22 @@ itest!(error_type_definitions {
|
|||
output: "error_type_definitions.ts.out",
|
||||
});
|
||||
|
||||
itest!(error_local_static_import_from_remote_ts {
|
||||
args: "run --reload http://localhost:4545/cli/tests/error_local_static_import_from_remote.ts",
|
||||
check_stderr: true,
|
||||
exit_code: 1,
|
||||
http_server: true,
|
||||
output: "error_local_static_import_from_remote.ts.out",
|
||||
});
|
||||
|
||||
itest!(error_local_static_import_from_remote_js {
|
||||
args: "run --reload http://localhost:4545/cli/tests/error_local_static_import_from_remote.js",
|
||||
check_stderr: true,
|
||||
exit_code: 1,
|
||||
http_server: true,
|
||||
output: "error_local_static_import_from_remote.js.out",
|
||||
});
|
||||
|
||||
// TODO(bartlomieju) Re-enable
|
||||
itest_ignore!(error_worker_dynamic {
|
||||
args: "run --reload error_worker_dynamic.ts",
|
||||
|
|
Loading…
Reference in a new issue