1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-18 13:22:55 -05:00
denoland-deno/tests/testdata/run/lock_write_fetch/main.ts
Bartek Iwańczuk 5504acea67
feat: add --allow-import flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.

By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.

Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:

```ts
deno run -A -r https://fresh.deno.dev
```

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-26 01:50:54 +00:00

54 lines
1.1 KiB
TypeScript

try {
Deno.removeSync("./lock_write_fetch.json");
} catch {
// pass
}
const fetchProc = await new Deno.Command(Deno.execPath(), {
stdout: "null",
stderr: "null",
args: [
"cache",
"--allow-import",
"--reload",
"--lock=lock_write_fetch.json",
"--cert=tls/RootCA.pem",
"run/https_import.ts",
],
}).output();
console.log(`fetch code: ${fetchProc.code}`);
const fetchCheckProc = await new Deno.Command(Deno.execPath(), {
stdout: "null",
stderr: "null",
args: [
"cache",
"--allow-import",
"--lock=lock_write_fetch.json",
"--cert=tls/RootCA.pem",
"run/https_import.ts",
],
}).output();
console.log(`fetch check code: ${fetchCheckProc.code}`);
Deno.removeSync("./lock_write_fetch.json");
const runProc = await new Deno.Command(Deno.execPath(), {
stdout: "null",
stderr: "null",
args: [
"run",
"--allow-import",
"--lock=lock_write_fetch.json",
"--allow-read",
"--cert=tls/RootCA.pem",
"run/https_import.ts",
],
}).output();
console.log(`run code: ${runProc.code}`);
await Deno.stat("./lock_write_fetch.json");
Deno.removeSync("./lock_write_fetch.json");