From a7d67e3a7a6b2c66f366dd3448b82cbc297a4e77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Tue, 17 Sep 2024 23:32:52 +0100 Subject: [PATCH] feat: update warning message for --allow-run with no list (#25693) Ref https://github.com/denoland/deno/pull/25215#discussion_r1762064605 --- cli/args/mod.rs | 2 +- tests/specs/permission/deny_run_binary_absolute_path/main.out | 2 +- tests/specs/run/allow_run_insecure_warnings/no_allow_list.out | 2 +- tests/testdata/run/deny_some_permission_args.out | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cli/args/mod.rs b/cli/args/mod.rs index db8cf149e6..0851dfd6c7 100644 --- a/cli/args/mod.rs +++ b/cli/args/mod.rs @@ -1705,7 +1705,7 @@ fn warn_insecure_allow_run_flags(flags: &Flags) { // discourage using --allow-run without an allow list if allow_run_list.is_empty() { log::warn!( - "{} --allow-run can be trivially exploited. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)", + "{} --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)", colors::yellow("Warning") ); } diff --git a/tests/specs/permission/deny_run_binary_absolute_path/main.out b/tests/specs/permission/deny_run_binary_absolute_path/main.out index 7f11e7880d..fef29eae75 100644 --- a/tests/specs/permission/deny_run_binary_absolute_path/main.out +++ b/tests/specs/permission/deny_run_binary_absolute_path/main.out @@ -1,4 +1,4 @@ -Warning --allow-run can be trivially exploited. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses) +Warning --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses) NotCapable: Requires run access to "deno", run again with the --allow-run flag at [WILDCARD] { name: "NotCapable" diff --git a/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out b/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out index 277d0036cb..293b4446ad 100644 --- a/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out +++ b/tests/specs/run/allow_run_insecure_warnings/no_allow_list.out @@ -1 +1 @@ -Warning --allow-run can be trivially exploited. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses) +Warning --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses) diff --git a/tests/testdata/run/deny_some_permission_args.out b/tests/testdata/run/deny_some_permission_args.out index fe3e57d697..be2e832fec 100644 --- a/tests/testdata/run/deny_some_permission_args.out +++ b/tests/testdata/run/deny_some_permission_args.out @@ -1,4 +1,4 @@ -Warning --allow-run can be trivially exploited. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses) +Warning --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses) PermissionStatus { state: "granted", onchange: null, partial: true } PermissionStatus { state: "denied", onchange: null } PermissionStatus { state: "granted", onchange: null }