- Removes the __fetch namespace from `deno types`
- Response.redirect should be a static.
- Response.body should not be AsyncIterable.
- Disables the deno_proxy benchmark
- Makes std/examples/curl.ts buffer the body before printing to stdout
I just tried it and found that using application/typescript, the browser will download
the file directly, I think that .ts should be mapped to application/javascript or
text/typescript
This relates directly to [an
issue](https://github.com/denoland/deno_std/issues/620) that I initially
raised in `deno_std` awhile back, and was reminded about it today when
the `oak` project popped up on my github recommended repos.
As of now Deno's http servers are vulnerable to the same underlying
issue of go CVE-2019-16276 due to the fact that it's based off of ported
go code from their old standard library. [Here's the commit that fixed
the
CVE.](6e6f4aaf70)
Long story short, some off the shelf proxies and caching servers allow
for passing unaltered malformed headers to backends that they're
fronting. When they pass invalid headers that they don't understand this
can cause issues with HTTP request smuggling. I believe that to this
date, this is the default behavior of AWS ALBs--meaning any server that
strips whitespace from the tail end of header field names and then
interprets the header, when placed behind an ALB, is susceptible to
request smuggling.
The current behavior is actually specifically called out in [RFC
7230](https://tools.ietf.org/html/rfc7230#section-3.2.4) as something
that MUST result in a rejected message, but the change corresponding to
this PR, is more lenient and what both go and nginx currently do, and is
better than the current behavior.
* Reduce "testing" interfaces
* Use a callback instead of a generator for Deno.runTests()
* Default RunTestsOptions::reportToConsole to true
* Compose TestMessage into a single interface
* Remove DENO_BUILD_MODE and DENO_BUILD_PATH
Also remove outdated docs related to ninja/gn.
* fix
* remove parameter to build_mode()
* remove arg parsing from benchmark.py
Due to structure of "Server" for each open connection there's a pending "read" op. Because connection owned by "Server" are not tracked, calling "Server.close()" doesn't close open connections.
This commit introduces simple tracking of connections for server and ensures owned connections are closed on "Server.close()".
After splitting "failFast" and "exitOnFail" arguments, there was a situation where failing tests did not exit with code 1.
* fixed argument value passed to Deno.runTests() in deno test
* fixed argument value passed to Deno.runTests() in std/testing/runner.ts
* added integration tests for deno test to ensure failFast and exitOnFail work as expected
* don't write test file to file system, but keep it in memory
This PR brings assertOps and assertResources sanitizers to Deno.test() API.
assertOps checks that test doesn't leak async ops, ie. there are no unresolved
promises originating from Deno APIs. Enabled by default, can be disabled using
Deno.TestDefinition.disableOpSanitizer.
assertResources checks that test doesn't leak resources, ie. all resources used
in test are closed. For example; if a file is opened during a test case it must be
explicitly closed before test case finishes. It's most useful for asynchronous
generators. Enabled by default, can be disabled using
Deno.TestDefinition.disableResourceSanitizer.
We've used those sanitizers in internal runtime tests and it proved very useful in
surfacing incorrect tests which resulted in interference between the tests.
All tests have been sanitized.
Closes #4208
Functions that returns a server are now documented with "Create",
and functions that launches one are documented with "Start".
Also added documentation for listenAndServe that respects these
changes.
Fixes #4367
* My original implementation of `fs.appendFile` used an async API, which, though
it would work fine as a polyfill, wasn't an exact match with the Node API. This PR
reworks that API to mimic the Node API fully as a synchronous void function with
an async internal implementation.
* Refactor move of other internal fs `dirent` and `dir` classes to the _fs internal
directory.
Listener and UDPConn are AsyncIterables instead of AsyncIterators.
The [Symbol.asyncIterator]()s are defined as generators and the
next() methods are gone.
"Listener/Socket has been closed" errors are now BadResource.
Following JS ops were moved to separate files in cli/js/ops directory:
- compiler
- dispatch_json
- dispatch_minimal
- errors
- fetch
- fs_events
- os
- random
- repl
- resources
- runtime_compiler
- runtime
- tty
Adds JSDoc to module, improves the typing of the return type, uses
iteration instead of Array forEach, uses the dotall support in Regular
Expression which is now supported in JavaScript, uses destructuring and
nullish coalescing where appropriate.
This updates this example code to follow the new test running conventions.
The code as is, when ran produces the following output:
```
➜ dencro git:(master) ✗ deno test
Compile file:///Users/hswolff/Sites/dencro/test.ts
running 2 tests
OK oneTest (2.00ms)
OK t2 (0.00ms)
test result: OK 2 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out (2.00ms)
running 2 tests
OK oneTest (0.00ms)
OK t2 (0.00ms)
test result: OK 2 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out (0.00ms)
➜ dencro git:(master) ✗
```
Removing `await Deno.runTests();` just causes the tests to run once.
- Added `ServerRequest.finalize()`: consuming all unread body stream and trailers.
- This is cleanup method for reading next request from same keep-alive connection.
- Needed when handler didn't consume all body and trailers even after responding.
- refactor: `ServerRequest._bodyStream()`, `ServerRequestBody` are removed.
- Now using `bodyReader()` and `chunkedBodyReader()` instead.
- fix: Trailers should only be read `transfer-encoding` is `chunked` and `trailer` header is set and its value is valid.
- fix: use `Headers.append()` on reading trailers.
- fix: delete `trailer` field from headers after reading trailers.
- reorg: Several functions related to IO are moved into `http/io.ts`
Node's os module exports a number of methods that evaluate to themselves
when coerced to a primitive.
I.e., `"" + os.arch` and `os.arch()` evaluate to the same string, and
now Deno's shims do too.
For some reason, the unit tests for Deno.remove() were not being imported to
unit_tests.ts and, consequently, not being executed. Thus, I imported them,
refactored some existent ones and wrote new ones for the symlink removal case.
Since the creation of a symlink is not implemented for Windows yet, assertions
that consider this state were added when the tests are executed in this OS.
This flag was added to evaluate performance relative to tokio's threaded
runtime. Although it's faster in the HTTP benchmark, it's clear the runtime
is not the only perf problem.
Removing this flag will simplify further refactors, in particular
adopting the #[tokio::main] macro. This will be done in a follow up.
Ultimately we expect to move to the current thread runtime with Isolates
pinned to specific threads, but that will be a much larger refactor. The
--current-thread just complicates that effort.
Before:
```
▶ target/debug/deno https://deno.land/std/examples/echo_server.ts
error: Uncaught PermissionDenied: run again with the --allow-net flag
► $deno$/dispatch_json.ts:40:11
at DenoError ($deno$/errors.ts:20:5)
at unwrapResponse ($deno$/dispatch_json.ts:40:11)
at sendSync ($deno$/dispatch_json.ts:67:10)
at listen ($deno$/net.ts:170:15)
at https://deno.land/std/examples/echo_server.ts:4:23
```
```
▶ target/debug/deno --allow-read=/usr https://deno.land/std/examples/cat.ts /etc/passwd
error: Uncaught PermissionDenied: run again with the --allow-read flag
► $deno$/dispatch_json.ts:40:11
at DenoError ($deno$/errors.ts:20:5)
at unwrapResponse ($deno$/dispatch_json.ts:40:11)
at sendAsync ($deno$/dispatch_json.ts:91:10)
```
After:
```
▶ target/debug/deno https://deno.land/std/examples/echo_server.ts
error: Uncaught PermissionDenied: network access to "0.0.0.0:8080", run again with the --allow-net flag
► $deno$/dispatch_json.ts:40:11
at DenoError ($deno$/errors.ts:20:5)
at unwrapResponse ($deno$/dispatch_json.ts:40:11)
at sendSync ($deno$/dispatch_json.ts:67:10)
at listen ($deno$/net.ts:170:15)
at https://deno.land/std/examples/echo_server.ts:4:23
```
```
▶ target/debug/deno --allow-read=/usr https://deno.land/std/examples/cat.ts /etc/passwd
error: Uncaught PermissionDenied: read access to "/etc/passwd", run again with the --allow-read flag
► $deno$/dispatch_json.ts:40:11
at DenoError ($deno$/errors.ts:20:5)
at unwrapResponse ($deno$/dispatch_json.ts:40:11)
at sendAsync ($deno$/dispatch_json.ts:91:10)
```
- Remove ability to specify run arguments like `--allow-net` after the
script argument. It's too hacky to make work with clap.
- Remove `--v8-options`, instead use `--v8-flags=--help`
- Give more descriptive names to unit tests in flags.rs
- Assume argv and subcommand into DenoFlags struct so the output of
flags module is only DenoFlags rather than the tuple (subcommand, flags,
argv).
- Improve CLI help text
- Make `deno run` specific args like `--allow-net` only show up in 'deno
help run' instead of as global flags in `deno help`.
- Removes `deno version` to simplify our implementation and be closer to
clap defaults. `deno -V` now only shows Deno's version and not V8's nor
TypeScript. `Deno.versions` can be used to see that information.
- Prevent clap from auto-detecting terminal width and attempting to wrap
text.