jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-02 17:01:08 +00:00
Code Issues Actions 26 Packages Projects Releases Wiki Activity
40,658 Commits 67 Branches 878 Tags 2.1 GiB
ad0bcb9c02
Commit Graph

4 Commits

Author SHA1 Message Date
RafaelGSS
205f1e643e permission: handle fs path traversal 
PR-URL: https://github.com/nodejs-private/node-private/pull/403
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1952978
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
CVE-ID: CVE-2023-30584
 2023-06-20 17:31:47 -03:00
Daeyeon Jeong
4eec3626f2
permission: resolve reference to absolute path only for fs permission 
For other candidate permissions, such as "net" or "env", this patch
will pass the reference without resolving it to an absolute path.

Signed-off-by: Daeyeon Jeong <daeyeon.dev@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/47930
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
 2023-05-11 14:50:44 +00:00
Rafael Gonzaga
6fd147c4b0
permission: drop process.permission.deny 
PR-URL: https://github.com/nodejs/node/pull/47335
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
 2023-04-04 17:14:04 +00:00
Rafael Gonzaga
00c222593e
src,process: add permission model 
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs/node/pull/44004
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
 2023-02-23 18:11:51 +00:00