-
Notifications
You must be signed in to change notification settings - Fork 30k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
src,permission: restrict inspector when pm enabled
PR-URL: nodejs-private/node-private#410 Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1962701 Reviewed-By: Matteo Collina <[email protected]> CVE-ID: CVE-2023-30587
- Loading branch information
Showing
11 changed files
with
125 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#include "inspector_permission.h" | ||
|
||
#include <string> | ||
|
||
namespace node { | ||
|
||
namespace permission { | ||
|
||
// Currently, Inspector manage a single state | ||
// Once denied, it's always denied | ||
void InspectorPermission::Apply(const std::string& allow, | ||
PermissionScope scope) { | ||
deny_all_ = true; | ||
} | ||
|
||
bool InspectorPermission::is_granted(PermissionScope perm, | ||
const std::string_view& param) { | ||
return deny_all_ == false; | ||
} | ||
|
||
} // namespace permission | ||
} // namespace node |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#ifndef SRC_PERMISSION_INSPECTOR_PERMISSION_H_ | ||
#define SRC_PERMISSION_INSPECTOR_PERMISSION_H_ | ||
|
||
#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS | ||
|
||
#include <string> | ||
#include "permission/permission_base.h" | ||
|
||
namespace node { | ||
|
||
namespace permission { | ||
|
||
class InspectorPermission final : public PermissionBase { | ||
public: | ||
void Apply(const std::string& allow, PermissionScope scope) override; | ||
bool is_granted(PermissionScope perm, | ||
const std::string_view& param = "") override; | ||
|
||
private: | ||
bool deny_all_; | ||
}; | ||
|
||
} // namespace permission | ||
|
||
} // namespace node | ||
|
||
#endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS | ||
#endif // SRC_PERMISSION_INSPECTOR_PERMISSION_H_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
// Flags: --experimental-permission --allow-fs-read=* | ||
'use strict'; | ||
|
||
const common = require('../common'); | ||
common.skipIfWorker(); | ||
common.skipIfInspectorDisabled(); | ||
|
||
const { Session } = require('inspector'); | ||
const assert = require('assert'); | ||
|
||
if (!common.hasCrypto) | ||
common.skip('no crypto'); | ||
|
||
{ | ||
assert.throws(() => { | ||
const session = new Session(); | ||
session.connect(); | ||
}, common.expectsError({ | ||
code: 'ERR_ACCESS_DENIED', | ||
permission: 'Inspector', | ||
})); | ||
} |