mirror of
https://github.com/denoland/deno.git
synced 2024-12-22 07:14:47 -05:00
Revert "feat: warn when using --allow-run with no allow list" (#26021)
Although using `--allow-run` without an allow list gives basically no security, I think we should remove this warning because it gets in the way and the only way to disable it is via --quiet.
This commit is contained in:
parent
779a98cd39
commit
b8a9a4a862
6 changed files with 0 additions and 34 deletions
|
@ -825,8 +825,6 @@ impl CliOptions {
|
|||
}
|
||||
}
|
||||
|
||||
warn_insecure_allow_run_flags(&flags);
|
||||
|
||||
let maybe_lockfile = maybe_lockfile.filter(|_| !force_global_cache);
|
||||
let deno_dir_provider =
|
||||
Arc::new(DenoDirProvider::new(flags.internal.cache_path.clone()));
|
||||
|
@ -1711,27 +1709,6 @@ impl CliOptions {
|
|||
}
|
||||
}
|
||||
|
||||
/// Warns for specific uses of `--allow-run`. This function is not
|
||||
/// intended to catch every single possible insecure use of `--allow-run`,
|
||||
/// but is just an attempt to discourage some common pitfalls.
|
||||
fn warn_insecure_allow_run_flags(flags: &Flags) {
|
||||
let permissions = &flags.permissions;
|
||||
if permissions.allow_all {
|
||||
return;
|
||||
}
|
||||
let Some(allow_run_list) = permissions.allow_run.as_ref() else {
|
||||
return;
|
||||
};
|
||||
|
||||
// discourage using --allow-run without an allow list
|
||||
if allow_run_list.is_empty() {
|
||||
log::warn!(
|
||||
"{} --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)",
|
||||
colors::yellow("Warning")
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/// Resolves the path to use for a local node_modules folder.
|
||||
fn resolve_node_modules_folder(
|
||||
cwd: &Path,
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
Warning --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)
|
||||
NotCapable: Requires run access to "deno", run again with the --allow-run flag
|
||||
at [WILDCARD] {
|
||||
name: "NotCapable"
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
{
|
||||
"tests": {
|
||||
"no_allow_list": {
|
||||
"args": "run --allow-run main.ts",
|
||||
"output": "no_allow_list.out"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
Warning --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)
|
|
@ -1,4 +1,3 @@
|
|||
Warning --allow-run without an allow list is susceptible to exploits. Prefer specifying an allow list (https://docs.deno.com/runtime/fundamentals/security/#running-subprocesses)
|
||||
PermissionStatus { state: "granted", onchange: null, partial: true }
|
||||
PermissionStatus { state: "denied", onchange: null }
|
||||
PermissionStatus { state: "granted", onchange: null }
|
||||
|
|
Loading…
Reference in a new issue