Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add --allow-import flag #25469

Merged
merged 43 commits into from
Sep 26, 2024
Merged

feat: add --allow-import flag #25469

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
fbb40ad
feat: Add `--allow-imports` flag
bartlomieju Sep 5, 2024
8170f32
actually make it work for dynamic imports
bartlomieju Sep 5, 2024
9f947cc
merge in main
dsherret Sep 17, 2024
ef0ebc9
Merge branch 'main' into allow_imports
dsherret Sep 19, 2024
d040407
updates
dsherret Sep 19, 2024
ba90b1a
Merge branch 'main' into allow_imports
dsherret Sep 21, 2024
9d42419
Starting to use permissions container more
dsherret Sep 22, 2024
eaff962
Starting to use permissions container more
dsherret Sep 22, 2024
05a39e9
Saving for revert
dsherret Sep 22, 2024
f99c39c
Revert "Saving for revert"
dsherret Sep 22, 2024
282dab6
add permissions for check and cache. Allow reading from the file syst…
dsherret Sep 22, 2024
479d046
Start adding tests and fix it not working for run
dsherret Sep 22, 2024
2b58d88
fix up flags
dsherret Sep 22, 2024
b0c74e0
add 0.0.0.0
dsherret Sep 22, 2024
9e48c18
test jsr_host_from_url
dsherret Sep 22, 2024
240e2c0
add gist.githubusercontent.com
dsherret Sep 22, 2024
3f88938
update test because localhost is allowed by default (though maybe it …
dsherret Sep 22, 2024
43f4624
improve naming
dsherret Sep 22, 2024
4e6b5d2
Merge branch 'main' into allow_imports
dsherret Sep 23, 2024
5630383
Clippy
dsherret Sep 24, 2024
d90489f
Merge branch 'main' into allow_imports
dsherret Sep 24, 2024
b458c3d
Fixing up more tests
dsherret Sep 24, 2024
3927928
Merge branch 'main' into allow_imports
dsherret Sep 25, 2024
1787bf7
Checking in before revert
dsherret Sep 25, 2024
9e53639
Fix worker permissions and update expectations
dsherret Sep 25, 2024
b326096
finish
dsherret Sep 25, 2024
134718f
clippy
dsherret Sep 25, 2024
a232f95
Start removing localhost as allowed by default
dsherret Sep 25, 2024
abb5de4
Merge branch 'main' into allow_imports
dsherret Sep 25, 2024
f1282e5
fix run tests
dsherret Sep 25, 2024
9a164ec
fix lsp caching
dsherret Sep 25, 2024
1124b45
Update and fix more tests
dsherret Sep 25, 2024
2dca777
more test fixes
dsherret Sep 25, 2024
f0d1c05
more fixes
dsherret Sep 25, 2024
d315bf2
Do not load non-jsr remote modules in `deno publish`
dsherret Sep 25, 2024
02120ac
fix publish tests
dsherret Sep 25, 2024
65e1e96
add tests for doc
dsherret Sep 25, 2024
4facd74
fix remaining tests
dsherret Sep 25, 2024
f4b41c5
self review
dsherret Sep 25, 2024
41c63f2
improve help output
dsherret Sep 25, 2024
79b9992
fix check_specifiers test
dsherret Sep 26, 2024
d7e1744
review and update linux test
dsherret Sep 26, 2024
c66b814
fix failing windows test
dsherret Sep 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Start adding tests and fix it not working for run
  • Loading branch information
@dsherret
dsherret committed Sep 22, 2024
commit 479d046019d022b9ebbac9f3495618d8a29d04da
1 change: 1 addition & 0 deletions cli/factory.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -824,6 +824,7 @@ impl CliFactory {
npm_resolver.clone(),
self.permission_desc_parser()?.clone(),
self.root_cert_store_provider().clone(),
self.root_permissions_container()?.clone(),
StorageKeyResolver::from_options(cli_options),
cli_options.sub_command().clone(),
self.create_cli_main_worker_options()?,
Expand Down
1 change: 1 addition & 0 deletions cli/graph_container.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ impl MainModuleGraphContainer {
)
.await?;
graph_permit.commit();
self.root_permissions.mark_loaded_static_graph();
Ok(())
}

Expand Down
2 changes: 2 additions & 0 deletions cli/standalone/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -687,6 +687,7 @@ pub async fn run(
Permissions::from_options(desc_parser.as_ref(), &permissions)?;
PermissionsContainer::new(desc_parser, permissions)
};
permissions.mark_loaded_static_graph();
let feature_checker = Arc::new({
let mut checker = FeatureChecker::default();
checker.set_exit_cb(Box::new(crate::unstable_exit_cb));
Expand All @@ -713,6 +714,7 @@ pub async fn run(
npm_resolver,
permission_desc_parser,
root_cert_store_provider,
permissions.clone(),
StorageKeyResolver::empty(),
crate::args::DenoSubcommand::Run(Default::default()),
CliMainWorkerOptions {
Expand Down
17 changes: 15 additions & 2 deletions cli/tools/info.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -644,8 +644,21 @@ impl<'a> GraphDisplayContext<'a> {
ModuleError::InvalidTypeAssertion { .. } => {
self.build_error_msg(specifier, "(invalid import attribute)")
}
ModuleError::LoadingErr(_, _, _) => {
self.build_error_msg(specifier, "(loading error)")
ModuleError::LoadingErr(_, _, err) => {
use deno_graph::ModuleLoadError::*;
let message = match err {
HttpsChecksumIntegrity(_) => "(checksum integrity error)",
Decode(_) => "(loading decode error)",
Loader(err) => match deno_core::error::get_custom_error_class(err) {
Some("NotCapable") => "(not capable, requires --allow-imports)",
_ => "(loading error)",
},
Jsr(_) => "(loading error)",
NodeUnknownBuiltinModule(_) => "(unknown node built-in error)",
Npm(_) => "(npm loading error)",
TooManyRedirects => "(too many redirects error)",
};
self.build_error_msg(specifier, message.as_ref())
}
ModuleError::ParseErr(_, _) => {
self.build_error_msg(specifier, "(parsing error)")
Expand Down
15 changes: 7 additions & 8 deletions cli/worker.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ struct SharedWorkerState {
npm_resolver: Arc<dyn CliNpmResolver>,
permission_desc_parser: Arc<RuntimePermissionDescriptorParser>,
root_cert_store_provider: Arc<dyn RootCertStoreProvider>,
root_permissions: PermissionsContainer,
shared_array_buffer_store: SharedArrayBufferStore,
storage_key_resolver: StorageKeyResolver,
options: CliMainWorkerOptions,
Expand Down Expand Up @@ -432,6 +433,7 @@ impl CliMainWorkerFactory {
npm_resolver: Arc<dyn CliNpmResolver>,
permission_parser: Arc<RuntimePermissionDescriptorParser>,
root_cert_store_provider: Arc<dyn RootCertStoreProvider>,
root_permissions: PermissionsContainer,
storage_key_resolver: StorageKeyResolver,
subcommand: DenoSubcommand,
options: CliMainWorkerOptions,
Expand All @@ -452,6 +454,7 @@ impl CliMainWorkerFactory {
npm_resolver,
permission_desc_parser: permission_parser,
root_cert_store_provider,
root_permissions,
shared_array_buffer_store: Default::default(),
storage_key_resolver,
options,
Expand Down Expand Up @@ -481,7 +484,7 @@ impl CliMainWorkerFactory {
&self,
mode: WorkerExecutionMode,
main_module: ModuleSpecifier,
permissions: PermissionsContainer,
dynamic_permissions: PermissionsContainer,
custom_extensions: Vec<Extension>,
stdio: deno_runtime::deno_io::Stdio,
) -> Result<CliMainWorker, AnyError> {
Expand Down Expand Up @@ -532,10 +535,8 @@ impl CliMainWorkerFactory {

let ModuleLoaderAndSourceMapGetter { module_loader } =
shared.module_loader_factory.create_for_main(
PermissionsContainer::allow_all(
self.shared.permission_desc_parser.clone(),
),
permissions.clone(),
self.shared.root_permissions.clone(),
dynamic_permissions.clone(),
);
let maybe_inspector_server = shared.maybe_inspector_server.clone();

Expand Down Expand Up @@ -633,11 +634,9 @@ impl CliMainWorkerFactory {
v8_code_cache: shared.code_cache.clone(),
};

permissions.mark_loaded_static_graph();

let mut worker = MainWorker::bootstrap_from_options(
main_module.clone(),
permissions,
dynamic_permissions,
options,
);

Expand Down
4 changes: 4 additions & 0 deletions runtime/permissions/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2146,6 +2146,10 @@ impl PermissionsContainer {
"data" => Ok(()),
"blob" => Ok(()),
_ => {
if inner.import.is_allow_all() {
return Ok(()); // avoid allocation below
}

let desc = self
.descriptor_parser
.parse_import_descriptor_from_url(specifier)?;
Expand Down
28 changes: 28 additions & 0 deletions tests/specs/permission/allow_imports/__test__.jsonc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{
"tests": {
"info": {
"args": "info main.ts",
"output": "info.out"
},
"cache": {
"args": "cache main.ts",
"output": "cache.out",
"exitCode": 1
},
"check": {
"args": "check main.ts",
"output": "check.out",
"exitCode": 1
},
"compile": {
"args": "compile main.ts",
"output": "compile.out",
"exitCode": 1
},
"run": {
"args": "run main.ts",
"output": "run.out",
"exitCode": 1
}
}
}
2 changes: 2 additions & 0 deletions tests/specs/permission/allow_imports/cache.out
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
error: Requires import access to "example.com:443", run again with the --allow-import flag
at file:///[WILDLINE]/allow_imports/main.ts:1:8
2 changes: 2 additions & 0 deletions tests/specs/permission/allow_imports/check.out
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
error: Requires import access to "example.com:443", run again with the --allow-import flag
at file:///[WILDLINE]/allow_imports/main.ts:1:8
2 changes: 2 additions & 0 deletions tests/specs/permission/allow_imports/compile.out
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
error: Requires import access to "example.com:443", run again with the --allow-import flag
at file:///[WILDLINE]/allow_imports/main.ts:1:8
7 changes: 7 additions & 0 deletions tests/specs/permission/allow_imports/info.out
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
local: [WILDLINE]main.ts
type: TypeScript
dependencies: 0 unique
size: [WILDLINE]

file:///[WILDLINE]/allow_imports/main.ts ([WILDLINE])
└── https://example.com/malicious_string (not capable, requires --allow-imports)
1 change: 1 addition & 0 deletions tests/specs/permission/allow_imports/main.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
import "https://example.com/malicious_string";
2 changes: 2 additions & 0 deletions tests/specs/permission/allow_imports/run.out
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
error: Requires import access to "example.com:443", run again with the --allow-import flag
at file:///[WILDLINE]/allow_imports/main.ts:1:8