daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

permission: handle fs.watchFile 

PR-URL: https://github.com/nodejs-private/node-private/pull/404
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1966499
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
CVE-ID: CVE-2023-30582
pull/48505/head
RafaelGSS 2023-05-06 15:03:23 -03:00
parent b607b74a4f
commit 56b1a0fca4
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/node_stat_watcher.cc
View File

@ -25,6 +25,7 @@
#include "memory_tracker-inl.h" #include "memory_tracker-inl.h"
#include "node_external_reference.h" #include "node_external_reference.h"
#include "node_file-inl.h" #include "node_file-inl.h"
#include "permission/permission.h"
#include "util-inl.h" #include "util-inl.h"
#include <cstring> #include <cstring>
@ -111,6 +112,10 @@ void StatWatcher::Start(const FunctionCallbackInfo<Value>& args) {
node::Utf8Value path(args.GetIsolate(), args[0]); node::Utf8Value path(args.GetIsolate(), args[0]);
CHECK_NOT_NULL(*path); CHECK_NOT_NULL(*path);
THROW_IF_INSUFFICIENT_PERMISSIONS(
wrap->env(),
permission::PermissionScope::kFileSystemRead,
path.ToStringView());
CHECK(args[1]->IsUint32()); CHECK(args[1]->IsUint32());
const uint32_t interval = args[1].As<Uint32>()->Value(); const uint32_t interval = args[1].As<Uint32>()->Value();

11
test/fixtures/permission/fs-read.js vendored
View File

@ -228,6 +228,17 @@ const regularFile = __filename;
}); });
} }
// fs.watchFile
{
assert.throws(() => {
fs.watchFile(blockedFile, common.mustNotCall());
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
}
// fs.rename // fs.rename
{ {
assert.throws(() => { assert.throws(() => {