Skip to content

Commit

Permalink
doc,test: add known path resolution issue in permission model
Browse files Browse the repository at this point in the history
As a side effect of 205f1e6, Node.js
now resolves some paths differently when the permission model is
enabled. While these are mostly edge cases, they are worth mentioning in
the documentation. This commit also adds a known_issues test that
demonstrates one such difference.

PR-URL: #49155
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
  • Loading branch information
tniessen authored and UlisesGascon committed Sep 10, 2023
1 parent 40e9fcd commit f45c8e1
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 0 deletions.
2 changes: 2 additions & 0 deletions doc/api/permissions.md
Original file line number Diff line number Diff line change
Expand Up @@ -560,6 +560,8 @@ Wildcards are supported too:

There are constraints you need to know before using this system:

* When the permission model is enabled, Node.js may resolve some paths
differently than when it is disabled.
* Native modules are restricted by default when using the Permission Model.
* OpenSSL engines currently cannot be requested at runtime when the Permission
Model is enabled, affecting the built-in crypto, https, and tls modules.
Expand Down
46 changes: 46 additions & 0 deletions test/known_issues/test-permission-model-path-resolution.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
'use strict';

// The permission model resolves paths to avoid path traversals, but in doing so
// it potentially interprets paths differently than the operating system would.
// This test demonstrates that merely enabling the permission model causes the
// application to potentially access a different file than it would without the
// permission model.

const common = require('../common');

const assert = require('assert');
const { execFileSync } = require('child_process');
const { mkdirSync, symlinkSync, writeFileSync } = require('fs');
const path = require('path');

if (common.isWindows)
assert.fail('not applicable to Windows');

const tmpdir = require('../common/tmpdir');
tmpdir.refresh();

const a = path.join(tmpdir.path, 'a');
const b = path.join(tmpdir.path, 'b');
const c = path.join(tmpdir.path, 'c');
const d = path.join(tmpdir.path, 'c/d');

writeFileSync(a, 'bad');
symlinkSync('c/d', b);
mkdirSync(c);
mkdirSync(d);
writeFileSync(path.join(c, 'a'), 'good');

function run(...args) {
const interestingPath = `${tmpdir.path}/b/../a`;
args = [...args, '-p', `fs.readFileSync(${JSON.stringify(interestingPath)}, 'utf8')`];
return execFileSync(process.execPath, args, { encoding: 'utf8' }).trim();
}

// Because this is a known_issues test, we cannot assert any assumptions besides
// the known issue itself. Instead, do a sanity check and report success if the
// sanity check fails.
if (run() !== 'good') {
process.exit(0);
}

assert.strictEqual(run('--experimental-permission', `--allow-fs-read=${tmpdir.path}`), 'good');

0 comments on commit f45c8e1

Please sign in to comment.