From aad5dc5cbefde90bd479b1203f438ee19a246372 Mon Sep 17 00:00:00 2001 From: Carlos Espa Date: Tue, 25 Jul 2023 16:10:51 +0200 Subject: [PATCH] src,process: add path delimiter flag to permission --permission-fs-path-delimiter flag added to permission model. If not provided default value will be comma. --- doc/api/cli.md | 24 +++++++++- doc/api/permissions.md | 18 ++++++++ src/env.cc | 6 ++- src/node_options.cc | 4 ++ src/node_options.h | 1 + src/permission/child_process_permission.cc | 3 +- src/permission/child_process_permission.h | 4 +- src/permission/fs_permission.cc | 5 +- src/permission/fs_permission.h | 2 +- src/permission/inspector_permission.cc | 3 +- src/permission/inspector_permission.h | 4 +- src/permission/permission.cc | 6 ++- src/permission/permission.h | 2 +- src/permission/permission_base.h | 2 +- src/permission/worker_permission.cc | 4 +- src/permission/worker_permission.h | 4 +- test/parallel/test-cli-permission-deny-fs.js | 48 ++++++++++++++++++++ 17 files changed, 124 insertions(+), 16 deletions(-) diff --git a/doc/api/cli.md b/doc/api/cli.md index cf509503dc838a..b448467d3167d5 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -554,7 +554,7 @@ Enable the Permission Model for current process. When enabled, the following permissions are restricted: * File System - manageable through - [`--allow-fs-read`][], [`--allow-fs-write`][] flags + [`--allow-fs-read`][], [`--allow-fs-write`][] and [`--permission-fs-path-delimiter`][] flags * Child Process - manageable through [`--allow-child-process`][] flag * Worker Threads - manageable through [`--allow-worker`][] flag @@ -1116,6 +1116,27 @@ unless either the `--pending-deprecation` command-line flag, or the are used to provide a kind of selective "early warning" mechanism that developers may leverage to detect deprecated API usage. +### `--permission-fs-path-delimiter` + + + +> Stability: 1 - Experimental + +This flag configures file system path delimiter for permissions using +the [Permission Model][]. + +Examples can be found in the [File System Permissions][] documentation. + +Especial characters in bash as `;` must be escaped or quoted: + +```bash +node --experimental-permission --permission-fs-path-delimiter=\; \ +--allow-fs-read=/path/to/index.js index.js +``` + + ### `--policy-integrity=sri`