jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-04-28 13:40:37 +00:00
Code Issues Actions 20 Packages Projects Releases Wiki Activity
main
node/test/parallel/test-cli-permission-deny-fs.js
Rafael Gonzaga be04d06488
src,lib: stabilize permission model 
Move permission model from 1.1 (Active Development)
to 2.0 (Stable).

PR-URL: https://github.com/nodejs/node/pull/56201
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
2024-12-12 12:11:58 +00:00

156 lines
4.0 KiB
JavaScript
Raw Permalink Blame History

'use strict';
const common = require('../common');
const fixtures = require('../common/fixtures');
const { spawnSync } = require('child_process');
const assert = require('assert');
const fs = require('fs');
const path = require('path');
{
const { status, stdout } = spawnSync(
process.execPath,
[
'--permission', '-e',
`console.log(process.permission.has("fs"));
console.log(process.permission.has("fs.read"));
console.log(process.permission.has("fs.write"));`,
]
);
const [fs, fsIn, fsOut] = stdout.toString().split('\n');
assert.strictEqual(fs, 'false');
assert.strictEqual(fsIn, 'false');
assert.strictEqual(fsOut, 'false');
assert.strictEqual(status, 0);
}
{
const tmpPath = path.resolve('./tmp/');
const { status, stdout } = spawnSync(
process.execPath,
[
'--permission',
'--allow-fs-write', tmpPath, '-e',
`console.log(process.permission.has("fs"));
console.log(process.permission.has("fs.read"));
console.log(process.permission.has("fs.write"));
console.log(process.permission.has("fs.write", "./tmp/"));`,
]
);
const [fs, fsIn, fsOut, fsOutAllowed] = stdout.toString().split('\n');
assert.strictEqual(fs, 'false');
assert.strictEqual(fsIn, 'false');
assert.strictEqual(fsOut, 'false');
assert.strictEqual(fsOutAllowed, 'true');
assert.strictEqual(status, 0);
}
{
const { status, stdout } = spawnSync(
process.execPath,
[
'--permission',
'--allow-fs-write', '*', '-e',
`console.log(process.permission.has("fs"));
console.log(process.permission.has("fs.read"));
console.log(process.permission.has("fs.write"));`,
]
);
const [fs, fsIn, fsOut] = stdout.toString().split('\n');
assert.strictEqual(fs, 'false');
assert.strictEqual(fsIn, 'false');
assert.strictEqual(fsOut, 'true');
assert.strictEqual(status, 0);
}
{
const { status, stdout } = spawnSync(
process.execPath,
[
'--permission',
'--allow-fs-read', '*', '-e',
`console.log(process.permission.has("fs"));
console.log(process.permission.has("fs.read"));
console.log(process.permission.has("fs.write"));`,
]
);
const [fs, fsIn, fsOut] = stdout.toString().split('\n');
assert.strictEqual(fs, 'false');
assert.strictEqual(fsIn, 'true');
assert.strictEqual(fsOut, 'false');
assert.strictEqual(status, 0);
}
{
const { status, stderr } = spawnSync(
process.execPath,
[
'--permission',
'--allow-fs-write=*', '-p',
'fs.readFileSync(process.execPath)',
]
);
assert.ok(
stderr.toString().includes('Access to this API has been restricted'),
stderr);
assert.strictEqual(status, 1);
}
{
const { status, stderr } = spawnSync(
process.execPath,
[
'--permission',
'-p',
'fs.readFileSync(process.execPath)',
]
);
assert.ok(
stderr.toString().includes('Access to this API has been restricted'),
stderr);
assert.strictEqual(status, 1);
}
{
const { status, stderr } = spawnSync(
process.execPath,
[
'--permission',
'--allow-fs-read=*', '-p',
'fs.writeFileSync("policy-deny-example.md", "# test")',
]
);
assert.ok(
stderr.toString().includes('Access to this API has been restricted'),
stderr);
assert.strictEqual(status, 1);
assert.ok(!fs.existsSync('permission-deny-example.md'));
}
{
const { root } = path.parse(process.cwd());
const abs = (p) => path.join(root, p);
const firstPath = abs(path.sep + process.cwd().split(path.sep, 2)[1]);
if (firstPath.startsWith('/etc')) {
common.skip('/etc as firstPath');
}
if (firstPath.startsWith('/tmp')) {
common.skip('/tmp as firstPath');
}
const file = fixtures.path('permission', 'loader', 'index.js');
const { status, stderr } = spawnSync(
process.execPath,
[
'--permission',
`--allow-fs-read=${firstPath}`,
file,
]
);
assert.match(stderr.toString(), /resource: '.*?[\\/](?:etc|passwd)'/);
assert.strictEqual(status, 1);
}
Reference in New Issue View Git Blame Copy Permalink