language-servers/deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-09-27 04:39:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Move to allowlist and blocklist (#6282)

Browse source
This commit is contained in:
Luca Casonato 2020-06-13 19:09:39 +02:00 committed by GitHub
parent 77545219a6
commit 0ffc99a61d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 137 additions and 132 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/getting_started/command_line_interface.md
View file

@ -110,7 +110,7 @@ resolution, compilation configuration etc.
--config <FILE> Load tsconfig.json configuration file
--importmap <FILE> UNSTABLE: Load import map file
--no-remote Do not resolve remote modules
--reload=<CACHE_BLACKLIST> Reload source code cache (recompile TypeScript)
--reload=<CACHE_BLOCKLIST> Reload source code cache (recompile TypeScript)
--unstable Enable unstable APIs
```

16
docs/getting_started/permissions.md
View file

@ -23,26 +23,26 @@ The following permissions are available:
- **--allow-hrtime** Allow high resolution time measurement. High resolution
time can be used in timing attacks and fingerprinting.
- **--allow-net=\<allow-net\>** Allow network access. You can specify an
optional, comma separated list of domains to provide a whitelist of allowed
optional, comma separated list of domains to provide a allow-list of allowed
domains.
- **--allow-plugin** Allow loading plugins. Please note that --allow-plugin is
an unstable feature.
- **--allow-read=\<allow-read\>** Allow file system read access. You can specify
an optional, comma separated list of directories or files to provide a
whitelist of allowed file system access.
allow-list of allowed file system access.
- **--allow-run** Allow running subprocesses. Be aware that subprocesses are not
run in a sandbox and therefore do not have the same security restrictions as
the deno process. Therefore, use with caution.
- **--allow-write=\<allow-write\>** Allow file system write access. You can
specify an optional, comma separated list of directories or files to provide a
whitelist of allowed file system access.
allow-list of allowed file system access.
### Permissions whitelist
### Permissions allow-list
Deno also allows you to control the granularity of some permissions with
whitelists.
allow-lists.
This example restricts file system access by whitelisting only the `/usr`
This example restricts file system access by allow-listing only the `/usr`
directory, however the execution fails as the process was attempting to access a
file in the `/etc` directory:
@ -54,7 +54,7 @@ error: Uncaught PermissionDenied: read access to "/etc/passwd", run again with t
...
```
Try it out again with the correct permissions by whitelisting `/etc` instead:
Try it out again with the correct permissions by allow-listing `/etc` instead:
```shell
deno run --allow-read=/etc https://deno.land/std/examples/cat.ts /etc/passwd
@ -70,7 +70,7 @@ _fetch.ts_:
const result = await fetch("https://deno.land/");
```
This is an example on how to whitelist hosts/urls:
This is an example on how to allow-list hosts/urls:
```shell
deno run --allow-net=github.com,deno.land fetch.ts