mirrors/nodejs
mirrors/nodejs
0
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-21 21:19:50 +01:00
Code Issues Releases Activity
main
nodejs/test/parallel/test-cli-permission-deny-fs.js
sendoru 02b30954a8
test: use relative paths in test-cli-permission tests 
`process.permission.has("fs")` checks if the process has permission
for all files under `cwd`. Granting permission for `/tmp` and running
tests with `cwd` containing `/tmp` will make the funtion return
`true`, differing from expected results. Using relative paths ensures
test paths are not `cwd` itself.

Fixes: https://github.com/nodejs/node/issues/54021
PR-URL: https://github.com/nodejs/node/pull/54188
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
2024-08-14 03:49:39 +00:00

156 lines
4.1 KiB
JavaScript
Raw Permalink Blame History

'use strict';
const common = require('../common');
const fixtures = require('../common/fixtures');
const { spawnSync } = require('child_process');
const assert = require('assert');
const fs = require('fs');
const path = require('path');
{
const { status, stdout } = spawnSync(
process.execPath,
[
'--experimental-permission', '-e',
`console.log(process.permission.has("fs"));
console.log(process.permission.has("fs.read"));
console.log(process.permission.has("fs.write"));`,
]
);
const [fs, fsIn, fsOut] = stdout.toString().split('\n');
assert.strictEqual(fs, 'false');
assert.strictEqual(fsIn, 'false');
assert.strictEqual(fsOut, 'false');
assert.strictEqual(status, 0);
}
{
const tmpPath = path.resolve('./tmp/');
const { status, stdout } = spawnSync(
process.execPath,
[
'--experimental-permission',
'--allow-fs-write', tmpPath, '-e',
`console.log(process.permission.has("fs"));
console.log(process.permission.has("fs.read"));
console.log(process.permission.has("fs.write"));
console.log(process.permission.has("fs.write", "./tmp/"));`,
]
);
const [fs, fsIn, fsOut, fsOutAllowed] = stdout.toString().split('\n');
assert.strictEqual(fs, 'false');
assert.strictEqual(fsIn, 'false');
assert.strictEqual(fsOut, 'false');
assert.strictEqual(fsOutAllowed, 'true');
assert.strictEqual(status, 0);
}
{
const { status, stdout } = spawnSync(
process.execPath,
[
'--experimental-permission',
'--allow-fs-write', '*', '-e',
`console.log(process.permission.has("fs"));
console.log(process.permission.has("fs.read"));
console.log(process.permission.has("fs.write"));`,
]
);
const [fs, fsIn, fsOut] = stdout.toString().split('\n');
assert.strictEqual(fs, 'false');
assert.strictEqual(fsIn, 'false');
assert.strictEqual(fsOut, 'true');
assert.strictEqual(status, 0);
}
{
const { status, stdout } = spawnSync(
process.execPath,
[
'--experimental-permission',
'--allow-fs-read', '*', '-e',
`console.log(process.permission.has("fs"));
console.log(process.permission.has("fs.read"));
console.log(process.permission.has("fs.write"));`,
]
);
const [fs, fsIn, fsOut] = stdout.toString().split('\n');
assert.strictEqual(fs, 'false');
assert.strictEqual(fsIn, 'true');
assert.strictEqual(fsOut, 'false');
assert.strictEqual(status, 0);
}
{
const { status, stderr } = spawnSync(
process.execPath,
[
'--experimental-permission',
'--allow-fs-write=*', '-p',
'fs.readFileSync(process.execPath)',
]
);
assert.ok(
stderr.toString().includes('Access to this API has been restricted'),
stderr);
assert.strictEqual(status, 1);
}
{
const { status, stderr } = spawnSync(
process.execPath,
[
'--experimental-permission',
'-p',
'fs.readFileSync(process.execPath)',
]
);
assert.ok(
stderr.toString().includes('Access to this API has been restricted'),
stderr);
assert.strictEqual(status, 1);
}
{
const { status, stderr } = spawnSync(
process.execPath,
[
'--experimental-permission',
'--allow-fs-read=*', '-p',
'fs.writeFileSync("policy-deny-example.md", "# test")',
]
);
assert.ok(
stderr.toString().includes('Access to this API has been restricted'),
stderr);
assert.strictEqual(status, 1);
assert.ok(!fs.existsSync('permission-deny-example.md'));
}
{
const { root } = path.parse(process.cwd());
const abs = (p) => path.join(root, p);
const firstPath = abs(path.sep + process.cwd().split(path.sep, 2)[1]);
if (firstPath.startsWith('/etc')) {
common.skip('/etc as firstPath');
}
if (firstPath.startsWith('/tmp')) {
common.skip('/tmp as firstPath');
}
const file = fixtures.path('permission', 'loader', 'index.js');
const { status, stderr } = spawnSync(
process.execPath,
[
'--experimental-permission',
`--allow-fs-read=${firstPath}`,
file,
]
);
assert.match(stderr.toString(), /resource: '.*?[\\/](?:etc|passwd)'/);
assert.strictEqual(status, 1);
}
View Git Blame Copy Permalink