Place this script at the very top of your entry file so that you can enfore that you are always using an allow-list for each of the permission flags deno provides.
it will exit with error code 1 if:
- you use
--allow-all
- if you use any flag without providing a list:
--allow-write
instead of--allow-write=./tmp
- you use
--allow-hrtime
hrtime
- This one does not use a list but I've included it because Deno's documentation states that "High-resolution time can be used in timing attacks and fingerprinting".
This script was written for Deno's permissions as of version v1.32.3.
I originally posted this as a discussion topic here: denoland/deno#18576
This is what the error message would look like when running with --allow-all
ERROR: No opened ended permissions allowed.
You must use an allow list for the following permissions:
--allow-env
--allow-run
--allow-net
--allow-write
--allow-read
--allow-sys
--allow-ffi
Restricted use of 'hrtime'. Please remove --allow-hrtime