mirror of
https://github.com/denoland/deno.git
synced 2024-11-21 15:04:11 -05:00
5504acea67
This replaces `--allow-net` for import permissions and makes the security sandbox stricter by also checking permissions for statically analyzable imports. By default, this has a value of `--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`, but that can be overridden by providing a different set of hosts. Additionally, when no value is provided, import permissions are inferred from the CLI arguments so the following works because `fresh.deno.dev:443` will be added to the list of allowed imports: ```ts deno run -A -r https://fresh.deno.dev ``` --------- Co-authored-by: David Sherret <dsherret@gmail.com>
40 lines
920 B
Text
40 lines
920 B
Text
{
|
|
"tests": {
|
|
"info": {
|
|
"args": "info --allow-import main.ts",
|
|
"output": "fail.out",
|
|
"exitCode": 10
|
|
},
|
|
"info_no_lock": {
|
|
"args": "info --allow-import --no-lock main.ts",
|
|
"output": "info.nolock.out"
|
|
},
|
|
"bench": {
|
|
"args": "bench --allow-import",
|
|
"output": "fail.out",
|
|
"exitCode": 10
|
|
},
|
|
"bench_no_lock": {
|
|
"args": "bench --allow-import --no-lock",
|
|
"output": "bench.nolock.out"
|
|
},
|
|
"doc": {
|
|
"args": "doc --allow-import main.ts",
|
|
"exitCode": 10,
|
|
"output": "fail.out"
|
|
},
|
|
"doc_no_lock": {
|
|
"args": "doc --allow-import --no-lock main.ts",
|
|
"output": "doc.nolock.out"
|
|
},
|
|
"test": {
|
|
"args": "test --allow-import",
|
|
"exitCode": 10,
|
|
"output": "fail.out"
|
|
},
|
|
"test_no_lock": {
|
|
"args": "test --allow-import --no-lock",
|
|
"output": "test.nolock.out"
|
|
}
|
|
}
|
|
}
|