(couchdb) 02/02: Restrict Deno to write to stdout only, read stdin and main.js only.

ronny Fri, 03 Nov 2023 13:28:07 -0700

This is an automated email from the ASF dual-hosted git repository.

ronny pushed a commit to branch couchdb-deno
in repository https://gitbox.apache.org/repos/asf/couchdb.git


commit 441990807ebdfba001a8db202ce993fec3c091ef
Author: Nick Vatamaniuc <vatam...@gmail.com>
AuthorDate: Thu Mar 2 15:30:10 2023 -0500

    Restrict Deno to write to stdout only, read stdin and main.js only.
---
 dev/run | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev/run b/dev/run
index 3d5b3d7ce..4919ab0e0 100755
--- a/dev/run
+++ b/dev/run
@@ -686,8 +686,8 @@ def set_boot_env(ctx):
     qs_javascript = toposixpath("%s %s" % (couchjs, mainjs))
     qs_coffescript = toposixpath("%s %s" % (couchjs, coffeejs))
 
-    qs_deno = toposixpath("%s %s" % ("deno run --allow-write", denojs))
-
+    deno_cmd = f"deno run --allow-write=- --allow-read=-,{denojs}"
+    qs_deno = toposixpath("%s %s" % (deno_cmd, denojs))
     os.environ["COUCHDB_QUERY_SERVER_JAVASCRIPT"] = qs_javascript
     os.environ["COUCHDB_QUERY_SERVER_COFFEESCRIPT"] = qs_coffescript

(couchdb) 02/02: Restrict Deno to write to stdout only, read stdin and main.js only.

Reply via email to