mirror of
https://github.com/denoland/deno.git
synced 2024-12-13 19:12:20 -05:00
5504acea67
This replaces `--allow-net` for import permissions and makes the security sandbox stricter by also checking permissions for statically analyzable imports. By default, this has a value of `--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`, but that can be overridden by providing a different set of hosts. Additionally, when no value is provided, import permissions are inferred from the CLI arguments so the following works because `fresh.deno.dev:443` will be added to the list of allowed imports: ```ts deno run -A -r https://fresh.deno.dev ``` --------- Co-authored-by: David Sherret <dsherret@gmail.com>
190 lines
4.5 KiB
Text
190 lines
4.5 KiB
Text
{
|
|
"tempDir": true,
|
|
"tests": {
|
|
"error_with_new_npm_dep": {
|
|
"steps": [
|
|
{
|
|
"args": "cache add.ts",
|
|
"output": "[WILDCARD]"
|
|
},
|
|
{
|
|
// sub.ts imports from an npm package
|
|
// that's not in the lockfile
|
|
"args": "run --frozen sub.ts",
|
|
"output": "frozen_new_dep_run.out",
|
|
"exitCode": 1
|
|
},
|
|
{
|
|
"args": "cache --frozen sub.ts",
|
|
"output": "frozen_new_dep_cache.out",
|
|
"exitCode": 1
|
|
},
|
|
{
|
|
// update the lockfile
|
|
"args": "cache sub.ts",
|
|
"output": "update_lockfile.out"
|
|
},
|
|
{
|
|
"args": "run --frozen sub.ts",
|
|
"output": "3 - 2 = 1\n"
|
|
}
|
|
]
|
|
},
|
|
"error_with_new_jsr_dep": {
|
|
"steps": [
|
|
{
|
|
"args": "cache jsr.ts",
|
|
"output": "[WILDCARD]"
|
|
},
|
|
{
|
|
"args": "run --frozen jsr2.ts",
|
|
"output": "frozen_new_dep_jsr_run.out",
|
|
"exitCode": 1
|
|
},
|
|
{
|
|
"args": "cache --frozen jsr2.ts",
|
|
"output": "frozen_new_dep_jsr_cache.out",
|
|
"exitCode": 1
|
|
},
|
|
{
|
|
// update the lockfile
|
|
"args": "cache jsr2.ts",
|
|
"output": ""
|
|
},
|
|
{
|
|
"args": "run --frozen jsr2.ts",
|
|
"output": "1 + 2 = 3\n"
|
|
}
|
|
]
|
|
},
|
|
"error_when_package_json_changed": {
|
|
"steps": [
|
|
{
|
|
"args": [
|
|
"eval",
|
|
"Deno.writeTextFileSync('deno.json', `{ \"nodeModulesDir\": \"auto\" }`)"
|
|
],
|
|
"output": "[WILDCARD]"
|
|
},
|
|
{
|
|
"args": "cache add.ts",
|
|
"output": "[WILDCARD]"
|
|
},
|
|
{
|
|
"args": [
|
|
"eval",
|
|
"Deno.writeTextFileSync(\"package.json\", JSON.stringify({ dependencies: { \"@denotest/bin\": \"0.7.0\" } }))"
|
|
],
|
|
"output": ""
|
|
},
|
|
{
|
|
"args": "cache --frozen add.ts",
|
|
"output": "frozen_package_json_changed.out",
|
|
"exitCode": 1
|
|
},
|
|
{
|
|
"args": "install --frozen",
|
|
"output": "frozen_package_json_changed_install.out",
|
|
"exitCode": 1
|
|
}
|
|
]
|
|
},
|
|
"no_error_when_in_lockfile": {
|
|
"steps": [
|
|
{
|
|
"args": "cache add.ts",
|
|
"output": "[WILDCARD]"
|
|
},
|
|
{
|
|
"args": "run --frozen add.ts",
|
|
"output": "1 + 2 = 3\n"
|
|
}
|
|
]
|
|
},
|
|
"errors_if_creates_lockfile": {
|
|
"steps": [
|
|
{
|
|
"args": [
|
|
"eval",
|
|
"Deno.statSync('lock.json')"
|
|
],
|
|
"output": "[WILDCARD]NotFound[WILDCARD]",
|
|
"exitCode": 1
|
|
},
|
|
{
|
|
"args": "run --frozen add.ts",
|
|
"output": "no_lockfile_run.out",
|
|
"exitCode": 1
|
|
}
|
|
]
|
|
},
|
|
|
|
"lockfile_config": {
|
|
"steps": [
|
|
{
|
|
"args": [
|
|
"eval",
|
|
"Deno.writeTextFileSync('deno.json', JSON.stringify({ lock: { frozen: true }, ...JSON.parse(Deno.readTextFileSync('deno.json')) }))"
|
|
],
|
|
"output": ""
|
|
},
|
|
{
|
|
"args": "cache --frozen=false add.ts",
|
|
"output": "[WILDCARD]"
|
|
},
|
|
{
|
|
// sub.ts imports from an npm package
|
|
// that's not in the lockfile
|
|
"args": "run sub.ts",
|
|
"output": "frozen_new_dep_run.out",
|
|
"exitCode": 1
|
|
},
|
|
{
|
|
"args": "cache sub.ts",
|
|
"output": "frozen_new_dep_cache.out",
|
|
"exitCode": 1
|
|
}
|
|
]
|
|
},
|
|
|
|
"non_analyzable_dynamic_npm": {
|
|
"steps": [
|
|
{
|
|
"args": "cache add.ts",
|
|
"output": "[WILDCARD]"
|
|
},
|
|
{
|
|
"args": "run --frozen sub-dynamic.ts",
|
|
"output": "frozen_new_dep_dynamic_npm.out",
|
|
"exitCode": 1
|
|
}
|
|
]
|
|
},
|
|
"non_analyzable_dynamic_jsr": {
|
|
"steps": [
|
|
{
|
|
"args": "cache add.ts",
|
|
"output": "[WILDCARD]"
|
|
},
|
|
{
|
|
"args": "run --frozen --allow-net jsr-dynamic.ts",
|
|
"output": "frozen_new_dep_dynamic_jsr.out",
|
|
"exitCode": 1
|
|
}
|
|
]
|
|
},
|
|
"non_analyzable_dynamic_http": {
|
|
"steps": [
|
|
{
|
|
"args": "cache add.ts",
|
|
"output": "[WILDCARD]"
|
|
},
|
|
{
|
|
"args": "run --frozen --allow-import http-dynamic.ts",
|
|
"output": "frozen_new_dep_dynamic_http.out",
|
|
"exitCode": 1
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|