1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-22 06:09:25 -05:00
Commit graph

429 commits

Author SHA1 Message Date
Andrew Stucki
1e478d73e3
Drop headers with trailing whitespace in header name (#4642)
This relates directly to [an
issue](https://github.com/denoland/deno_std/issues/620) that I initially
raised in `deno_std` awhile back, and was reminded about it today when
the `oak` project popped up on my github recommended repos.

As of now Deno's http servers are vulnerable to the same underlying
issue of go CVE-2019-16276 due to the fact that it's based off of ported
go code from their old standard library. [Here's the commit that fixed
the
CVE.](6e6f4aaf70)

Long story short, some off the shelf proxies and caching servers allow
for passing unaltered malformed headers to backends that they're
fronting. When they pass invalid headers that they don't understand this
can cause issues with HTTP request smuggling. I believe that to this
date, this is the default behavior of AWS ALBs--meaning any server that
strips whitespace from the tail end of header field names and then
interprets the header, when placed behind an ALB, is susceptible to
request smuggling.

The current behavior is actually specifically called out in [RFC
7230](https://tools.ietf.org/html/rfc7230#section-3.2.4) as something
that MUST result in a rejected message, but the change corresponding to
this PR, is more lenient and what both go and nginx currently do, and is
better than the current behavior.
2020-04-06 09:58:46 -04:00
Andreas
703c0b7c17
feat(std/flags): pass key and value to unknown (#4637) 2020-04-06 09:27:10 -04:00
Khải
788a6abfd3
fix(std/testing): formatting bigint (#4626) 2020-04-04 13:13:37 -04:00
Nayeem Rahman
faa0f520cf
doc: Improve the style guide (#4627) 2020-04-04 13:11:43 -04:00
dubiousjim
a5fc505edb
fix erroneous assert (#4608) 2020-04-03 13:49:05 -04:00
Ryan Dahl
13db64fbc6
Remove /std/media_types (#4594) 2020-04-03 12:11:52 -04:00
Ryan Dahl
c8fc29fcca
Revert "Respond with 400 on request parse failure" (#4593)
readRequest should not write a response.

This reverts commit 017a611131.
2020-04-02 15:20:17 -04:00
Ryan Dahl
12c6b2395b
Move encode, decode helpers to /std/encoding/utf8.ts, delete /std/strings/ (#4565)
also removes std/encoding/mod.ts and std/archive/mod.ts which are useless.
2020-04-01 15:23:39 -04:00
木杉
3a0b617503
std(media_types): change .ts content type to application/typescript (#4563) 2020-04-01 15:04:36 -04:00
Ryan Dahl
578138a930
Remove std/strings/pad.ts because String.prototype.padStart exists (#4564) 2020-04-01 20:28:16 +02:00
Khải
fa7929ad2c
fix(file_server): use media_types for Content-Type header (#4555) 2020-04-01 12:51:01 -04:00
木杉
5ac2c4aa2e
fix(#4550): setCookie should append cookies (#4558) 2020-04-01 09:37:11 -04:00
Nayeem Rahman
270e87d9db
refactor(cli/js/testing): Reduce testing interfaces (#4451)
* Reduce "testing" interfaces
* Use a callback instead of a generator for Deno.runTests()
* Default RunTestsOptions::reportToConsole to true
* Compose TestMessage into a single interface
2020-04-01 10:47:23 +02:00
Nayeem Rahman
017a611131
feat(std/http/server): Respond with 400 on request parse failure (#4551) 2020-04-01 10:24:05 +02:00
Ondřej Žára
a86b07f2df
used native padStart/End where possible (#4537) 2020-03-31 12:34:13 +02:00
uki00a
a98512af9a
fix(std/encoding/csv): enable skipped tests (#4520) 2020-03-30 11:37:58 -04:00
Kitson Kelly
7670a13f8a
feat: Add common to std/path (#4527) 2020-03-30 11:36:55 -04:00
Niklas Eicker
92f1c71a6f
doc: Fix some typos and improve a few sentences in the std manual (#4522) 2020-03-29 22:23:57 -04:00
Kitson Kelly
bced52505f
Update to Prettier 2 and use ES Private Fields (#4498) 2020-03-28 13:03:49 -04:00
Ryan Dahl
5837ce464c
upgrade: rusty_v8 to v0.3.9 (#4505) 2020-03-28 10:00:14 -04:00
Bartek Iwańczuk
30bcf6a2ea
Revert "avoid using same port number for test (#4147)"
Ref #4467

This reverts commit 60cee4f045.
2020-03-24 12:24:58 -04:00
uki00a
b2478f3a21
docs: update manual about how to run tests for std (#4462) 2020-03-24 15:34:50 +01:00
Yusuke Sakurai
c337d2c434
clean up textproto code in std (#4458)
- moved and renamed append() into bytes from ws and textproto
- renamed textproto/readder_tests.ts -> textproto/test.ts
2020-03-22 14:49:09 -04:00
uki00a
07ea145ec4
re-enable a test (#4461) 2020-03-22 14:41:42 -04:00
Akshat Agarwal
b8a5c29bf8
BREAKING CHANGE Rename Deno.run's args to cmd (#4444)
This is to avoid confusion with Deno.args which does not include the 
executable to be run.
2020-03-21 17:44:18 -04:00
Yusuke Sakurai
60cee4f045
avoid using same port number for test (#4147) 2020-03-21 09:53:47 -04:00
Ryan Dahl
0adc86f105
Remove DENO_BUILD_MODE and DENO_BUILD_PATH (#4431)
* Remove DENO_BUILD_MODE and DENO_BUILD_PATH

Also remove outdated docs related to ninja/gn.

* fix

* remove parameter to build_mode()

* remove arg parsing from benchmark.py
2020-03-20 21:48:34 -04:00
Nayeem Rahman
b22f48970f
refactor(std/http/server): Remove bad error handling (#4435) 2020-03-20 12:12:27 -04:00
dubiousjim
1c6f177d19
use prebuilt "not implemented" error (#4442) 2020-03-20 12:10:02 -04:00
Samrith Shankar
798904b0f2
Add require-await lint rule (#4401) 2020-03-20 09:38:34 -04:00
Nayeem Rahman
35f6e2e45d
fix(std/http): Properly await ops in a server test (#4436) 2020-03-20 09:46:48 +01:00
Nayeem Rahman
b7e6a31a42
fix(std/http): Fix respond error test on Windows (#4408) 2020-03-19 19:15:21 -04:00
Bartek Iwańczuk
3ef34673c9
std(http/server): close open connections on server close (#3679)
Due to structure of "Server" for each open connection there's a pending "read" op. Because connection owned by "Server" are not tracked, calling "Server.close()" doesn't close open connections.

This commit introduces simple tracking of connections for server and ensures owned connections are closed on "Server.close()".
2020-03-19 16:04:26 +01:00
Nikolai Vavilov
8c1c929034
fix: stack traces for modules imported via std/node's require (#4035) 2020-03-19 10:42:07 -04:00
Bartek Iwańczuk
74c37e759a
remove std/testing/runner.ts, use deno test for std/ tests (#4397)
This introduces BREAKING CHANGE by removing "std/testing/runner.ts".

Std tests are now run using "deno test" subcommand.
2020-03-19 14:49:06 +01:00
Bartek Iwańczuk
8de4a05f2a
fix: std/testing/runner.ts and deno test (#4392)
After splitting "failFast" and "exitOnFail" arguments, there was a situation where failing tests did not exit with code 1.

* fixed argument value passed to Deno.runTests() in deno test
* fixed argument value passed to Deno.runTests() in std/testing/runner.ts
* added integration tests for deno test to ensure failFast and exitOnFail work as expected
* don't write test file to file system, but keep it in memory
2020-03-19 14:26:47 +01:00
Kitson Kelly
5b10ab0984
feat: Add helper functions for permissions to std (#4258) 2020-03-19 11:32:49 +01:00
Bartek Iwańczuk
b0b27c4310
refactor: rename Deno.TestDefinition.skip to ignore (#4400) 2020-03-19 10:58:12 +01:00
Bartek Iwańczuk
6e2df8c64f
feat: Deno.test() sanitizes ops and resources (#4399)
This PR brings assertOps and assertResources sanitizers to Deno.test() API.

assertOps checks that test doesn't leak async ops, ie. there are no unresolved
promises originating from Deno APIs. Enabled by default, can be disabled using 
Deno.TestDefinition.disableOpSanitizer.

assertResources checks that test doesn't leak resources, ie. all resources used
in test are closed. For example; if a file is opened during a test case it must be
explicitly closed before test case finishes. It's most useful for asynchronous
generators. Enabled by default, can be disabled using 
Deno.TestDefinition.disableResourceSanitizer.

We've used those sanitizers in internal runtime tests and it proved very useful in
surfacing incorrect tests which resulted in interference between the tests.

All tests have been sanitized.

Closes #4208
2020-03-18 19:25:55 -04:00
Ryan Dahl
6bd940abfd
Update manual (#4412) 2020-03-17 17:56:33 -07:00
Kitson Kelly
9050d36d57
std: Provide types for React and ReactDOM (#4376)
Introduces `std/types` which is designed to provide types for common
libraries that are compatible with Deno.
2020-03-17 13:28:07 +01:00
Chris Knight
62942749e6
test: Fix broken test and remove redundant test file (#4390) 2020-03-16 12:40:36 +01:00
Bartek Iwańczuk
1edb20b399
refactor: add no-return-await lint rule (#4384) 2020-03-16 10:22:16 +01:00
Chris Knight
620dd9724d
refactor: move existing fs implementation to internal _fs directory (#4381) 2020-03-15 11:48:46 -04:00
Yoshiya Hinosawa
ec3f44581b
docs: fix Deno.compile examples in manual.md (#4380) 2020-03-15 15:30:11 +01:00
Nayeem Rahman
6471d4cfab
refactor(std): Uncomment disabled tests, use skip option (#4378) 2020-03-15 13:03:25 +01:00
Chris Knight
a159165fe5
Node polyfill for fs.chown and fs.close (#4377) 2020-03-14 23:01:34 -04:00
dubiousjim
6cc40b0865
BREAKING CHANGE FileInfo.len renamed to FileName.size (#4338) 2020-03-14 22:57:42 -04:00
Chris Knight
ea4f3ab852
feat: add chmod Node polyfill and related file system constants (#4358) 2020-03-14 17:46:39 -04:00
crowlKats
9648d3da14
Add node querystring polyfill (#4370) 2020-03-14 16:43:49 -04:00