1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-22 07:14:47 -05:00

feat(repl): add --unsafe-ignore-certificate-errors flag (#13045)

This commit is contained in:
VishnuJin 2021-12-10 20:17:55 +05:30 committed by GitHub
parent 0f0dd5b7ec
commit 2bdb528eb8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1171,6 +1171,7 @@ fn repl_subcommand<'a, 'b>() -> App<'a, 'b> {
.takes_value(true)
.value_name("code"),
)
.arg(unsafely_ignore_ceritifcate_errors_arg())
}
fn run_subcommand<'a, 'b>() -> App<'a, 'b> {
@ -1426,17 +1427,7 @@ fn permission_args<'a, 'b>(app: App<'a, 'b>) -> App<'a, 'b> {
.help("Allow network access")
.validator(crate::flags_allow_net::validator),
)
.arg(
Arg::with_name("unsafely-ignore-certificate-errors")
.long("unsafely-ignore-certificate-errors")
.min_values(0)
.takes_value(true)
.use_delimiter(true)
.require_equals(true)
.value_name("HOSTNAMES")
.help("DANGER: Disables verification of TLS certificates")
.validator(crate::flags_allow_net::validator),
)
.arg(unsafely_ignore_ceritifcate_errors_arg())
.arg(
Arg::with_name("allow-env")
.long("allow-env")
@ -1728,6 +1719,18 @@ fn no_remote_arg<'a, 'b>() -> Arg<'a, 'b> {
.help("Do not resolve remote modules")
}
fn unsafely_ignore_ceritifcate_errors_arg<'a, 'b>() -> Arg<'a, 'b> {
Arg::with_name("unsafely-ignore-certificate-errors")
.long("unsafely-ignore-certificate-errors")
.min_values(0)
.takes_value(true)
.use_delimiter(true)
.require_equals(true)
.value_name("HOSTNAMES")
.help("DANGER: Disables verification of TLS certificates")
.validator(crate::flags_allow_net::validator)
}
fn bundle_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
compile_args_parse(flags, matches);
@ -2029,6 +2032,7 @@ fn lint_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
fn repl_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
runtime_args_parse(flags, matches, false, true);
unsafely_ignore_ceritifcate_errors_parse(flags, matches);
flags.repl = true;
flags.subcommand = DenoSubcommand::Repl(ReplFlags {
eval: matches.value_of("eval").map(ToOwned::to_owned),
@ -2184,6 +2188,7 @@ fn compile_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
}
fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
unsafely_ignore_ceritifcate_errors_parse(flags, matches);
if let Some(read_wl) = matches.values_of("allow-read") {
let read_allowlist: Vec<PathBuf> = read_wl.map(PathBuf::from).collect();
flags.allow_read = Some(read_allowlist);
@ -2201,13 +2206,6 @@ fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
flags.allow_net = Some(net_allowlist);
}
if let Some(ic_wl) = matches.values_of("unsafely-ignore-certificate-errors") {
let ic_allowlist: Vec<String> =
crate::flags_allow_net::parse(ic_wl.map(ToString::to_string).collect())
.unwrap();
flags.unsafely_ignore_certificate_errors = Some(ic_allowlist);
}
if let Some(env_wl) = matches.values_of("allow-env") {
let env_allowlist: Vec<String> = env_wl
.map(|env: &str| {
@ -2250,7 +2248,17 @@ fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
flags.prompt = true;
}
}
fn unsafely_ignore_ceritifcate_errors_parse(
flags: &mut Flags,
matches: &clap::ArgMatches,
) {
if let Some(ic_wl) = matches.values_of("unsafely-ignore-certificate-errors") {
let ic_allowlist: Vec<String> =
crate::flags_allow_net::parse(ic_wl.map(ToString::to_string).collect())
.unwrap();
flags.unsafely_ignore_certificate_errors = Some(ic_allowlist);
}
}
fn runtime_args_parse(
flags: &mut Flags,
matches: &clap::ArgMatches,
@ -3242,7 +3250,7 @@ mod tests {
#[test]
fn repl_with_flags() {
#[rustfmt::skip]
let r = flags_from_vec(svec!["deno", "repl", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229"]);
let r = flags_from_vec(svec!["deno", "repl", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--unsafely-ignore-certificate-errors"]);
assert_eq!(
r.unwrap(),
Flags {
@ -3268,6 +3276,7 @@ mod tests {
allow_write: Some(vec![]),
allow_ffi: Some(vec![]),
allow_hrtime: true,
unsafely_ignore_certificate_errors: Some(vec![]),
..Flags::default()
}
);
@ -3891,7 +3900,36 @@ mod tests {
}
#[test]
fn unsafely_ignore_certificate_errors() {
fn repl_with_unsafely_ignore_certificate_errors() {
let r = flags_from_vec(svec![
"deno",
"repl",
"--eval",
"console.log('hello');",
"--unsafely-ignore-certificate-errors"
]);
assert_eq!(
r.unwrap(),
Flags {
repl: true,
subcommand: DenoSubcommand::Repl(ReplFlags {
eval: Some("console.log('hello');".to_string()),
}),
unsafely_ignore_certificate_errors: Some(vec![]),
allow_net: Some(vec![]),
allow_env: Some(vec![]),
allow_run: Some(vec![]),
allow_read: Some(vec![]),
allow_write: Some(vec![]),
allow_ffi: Some(vec![]),
allow_hrtime: true,
..Flags::default()
}
);
}
#[test]
fn run_with_unsafely_ignore_certificate_errors() {
let r = flags_from_vec(svec![
"deno",
"run",
@ -3911,7 +3949,7 @@ mod tests {
}
#[test]
fn unsafely_treat_insecure_origin_as_secure_with_ipv6_address() {
fn run_with_unsafely_treat_insecure_origin_as_secure_with_ipv6_address() {
let r = flags_from_vec(svec![
"deno",
"run",
@ -3937,6 +3975,37 @@ mod tests {
);
}
#[test]
fn repl_with_unsafely_treat_insecure_origin_as_secure_with_ipv6_address() {
let r = flags_from_vec(svec![
"deno",
"repl",
"--unsafely-ignore-certificate-errors=deno.land,localhost,::,127.0.0.1,[::1],1.2.3.4"]);
assert_eq!(
r.unwrap(),
Flags {
repl: true,
subcommand: DenoSubcommand::Repl(ReplFlags { eval: None }),
unsafely_ignore_certificate_errors: Some(svec![
"deno.land",
"localhost",
"::",
"127.0.0.1",
"[::1]",
"1.2.3.4"
]),
allow_net: Some(vec![]),
allow_env: Some(vec![]),
allow_run: Some(vec![]),
allow_read: Some(vec![]),
allow_write: Some(vec![]),
allow_ffi: Some(vec![]),
allow_hrtime: true,
..Flags::default()
}
);
}
#[test]
fn no_remote() {
let r = flags_from_vec(svec!["deno", "run", "--no-remote", "script.ts"]);