1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nodejs/test/parallel/test-permission-inspector.js

43 lines
991 B
JavaScript
Raw Permalink Normal View History

src,lib: stabilize permission model Move permission model from 1.1 (Active Development) to 2.0 (Stable). PR-URL: https://github.com/nodejs/node/pull/56201 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
2024-12-12 09:11:58 -03:00
// Flags: --permission --allow-fs-read=* --allow-child-process
src,permission: restrict inspector when pm enabled PR-URL: https://github.com/nodejs-private/node-private/pull/410 Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1962701 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> CVE-ID: CVE-2023-30587
2023-05-07 13:22:32 -03:00
'use strict';
const common = require('../common');
test: rely less on duplicative common test harness utilities There are several cleanups here that are not just style nits... 1. The `common.isMainThread` was just a passthrough to the `isMainThread` export on the worker_thread module. It's use was inconsistent and just obfuscated the fact that the test file depend on the `worker_threads` built-in. By eliminating it we simplify the test harness a bit and make it clearer which tests depend on the worker_threads check. 2. The `common.isDumbTerminal` is fairly unnecesary since that just wraps a public API check. 3. Several of the `common.skipIf....` checks were inconsistently used and really don't need to be separate utility functions. A key part of the motivation here is to work towards making more of the tests more self-contained and less reliant on the common test harness where possible. PR-URL: https://github.com/nodejs/node/pull/56712 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
2025-01-22 14:19:38 -08:00
const { isMainThread } = require('worker_threads');
if (!isMainThread) {
common.skip('This test only works on a main thread');
}
src,permission: restrict inspector when pm enabled PR-URL: https://github.com/nodejs-private/node-private/pull/410 Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1962701 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> CVE-ID: CVE-2023-30587
2023-05-07 13:22:32 -03:00
common.skipIfInspectorDisabled();
const { Session } = require('inspector');
const assert = require('assert');
src,permission: restrict by default when pm enabled PR-URL: https://github.com/nodejs/node/pull/48907 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
2023-07-26 15:32:03 -03:00
const { spawnSync } = require('child_process');
src,permission: restrict inspector when pm enabled PR-URL: https://github.com/nodejs-private/node-private/pull/410 Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1962701 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> CVE-ID: CVE-2023-30587
2023-05-07 13:22:32 -03:00
if (!common.hasCrypto)
common.skip('no crypto');
{
assert.throws(() => {
const session = new Session();
session.connect();
}, common.expectsError({
src,permission: make ERR_ACCESS_DENIED more descriptive This commit also adds a suggestion flag (if exists) when ERR_ACCESS_DENIED is thrown, so users don't need to jump into the documentation to see how to manage that permission error. PR-URL: https://github.com/nodejs/node/pull/57585 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
2025-04-03 19:24:39 -03:00
message: 'Access to this API has been restricted. ',
src,permission: restrict inspector when pm enabled PR-URL: https://github.com/nodejs-private/node-private/pull/410 Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1962701 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> CVE-ID: CVE-2023-30587
2023-05-07 13:22:32 -03:00
code: 'ERR_ACCESS_DENIED',
permission: 'Inspector',
}));
}
src,permission: restrict by default when pm enabled PR-URL: https://github.com/nodejs/node/pull/48907 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
2023-07-26 15:32:03 -03:00
{
const { status, stderr } = spawnSync(
process.execPath,
[
src,lib: stabilize permission model Move permission model from 1.1 (Active Development) to 2.0 (Stable). PR-URL: https://github.com/nodejs/node/pull/56201 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
2024-12-12 09:11:58 -03:00
'--permission',
src,permission: restrict by default when pm enabled PR-URL: https://github.com/nodejs/node/pull/48907 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
2023-07-26 15:32:03 -03:00
'-e',
'(new (require("inspector")).Session()).connect()',
],
);
assert.strictEqual(status, 1);
assert.match(stderr.toString(), /Error: Access to this API has been restricted/);
}
Reference in New Issue Copy Permalink