From e26166f30b9e3c5cc30ed017d41455c5a0afdee6 Mon Sep 17 00:00:00 2001
From: Rafael Gonzaga <rafael.nunu@hotmail.com>
Date: Sat, 1 Jun 2024 12:12:53 -0300
Subject: [PATCH] src,permission: handle process.chdir on pm
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR-URL: https://github.com/nodejs/node/pull/53175
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br>
---
 src/node_process_methods.cc         |  2 ++
 test/fixtures/permission/fs-read.js | 11 +++++++++++
 2 files changed, 13 insertions(+)

diff --git a/src/node_process_methods.cc b/src/node_process_methods.cc
index a7178eddf6ca06..a9e0f8e9b4f6d5 100644
--- a/src/node_process_methods.cc
+++ b/src/node_process_methods.cc
@@ -83,6 +83,8 @@ static void Chdir(const FunctionCallbackInfo<Value>& args) {
   CHECK_EQ(args.Length(), 1);
   CHECK(args[0]->IsString());
   Utf8Value path(env->isolate(), args[0]);
+  THROW_IF_INSUFFICIENT_PERMISSIONS(
+      env, permission::PermissionScope::kFileSystemRead, path.ToStringView());
   int err = uv_chdir(*path);
   if (err) {
     // Also include the original working directory, since that will usually
diff --git a/test/fixtures/permission/fs-read.js b/test/fixtures/permission/fs-read.js
index 43e1718ab15e2b..0fdbc3ced912ff 100644
--- a/test/fixtures/permission/fs-read.js
+++ b/test/fixtures/permission/fs-read.js
@@ -385,4 +385,15 @@ const regularFile = __filename;
     permission: 'FileSystemRead',
     resource: path.toNamespacedPath(blockedFile),
   }));
+}
+
+// process.chdir
+{
+  assert.throws(() => {
+    process.chdir(blockedFolder);
+  }, common.expectsError({
+    code: 'ERR_ACCESS_DENIED',
+    permission: 'FileSystemRead',
+    resource: blockedFolder,
+  }));
 }
\ No newline at end of file