Restrict Deno to write to stdout only, read stdin and main.js only.couchdb-deno

author: Nick Vatamaniuc <vatamane@gmail.com> 2023-03-02 15:30:10 -0500
committer: Nick Vatamaniuc <vatamane@gmail.com> 2023-03-02 15:30:10 -0500
commit: bb57223734e8af46ea8ed27c2274a19a1188789c (patch)
tree: 909aa43204caba77d4846776aa598e2219813f72
parent: 177219f68daf5926c46cb8c75ddfa757beaa6afa (diff)
download: couchdb-deno.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/dev/run b/dev/run
index a0dd5b380..1c77b0d77 100755
--- a/dev/run
+++ b/dev/run
@@ -610,8 +610,8 @@ def set_boot_env(ctx):
     qs_javascript = toposixpath("%s %s" % (couchjs, mainjs))
     qs_coffescript = toposixpath("%s %s" % (couchjs, coffeejs))
 
-    qs_deno = toposixpath("%s %s" % ("deno run --allow-write", denojs))
-
+    deno_cmd = f"deno run --allow-write=- --allow-read=-,{denojs}"
+    qs_deno = toposixpath("%s %s" % (deno_cmd, denojs))
     os.environ["COUCHDB_QUERY_SERVER_JAVASCRIPT"] = qs_javascript
     os.environ["COUCHDB_QUERY_SERVER_COFFEESCRIPT"] = qs_coffescript
author	Nick Vatamaniuc <vatamane@gmail.com>	2023-03-02 15:30:10 -0500
committer	Nick Vatamaniuc <vatamane@gmail.com>	2023-03-02 15:30:10 -0500
commit	bb57223734e8af46ea8ed27c2274a19a1188789c (patch)
tree	909aa43204caba77d4846776aa598e2219813f72
parent	177219f68daf5926c46cb8c75ddfa757beaa6afa (diff)
download	couchdb-deno.tar.gz