Skip to content

Commit

Permalink
Lint and spelling fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
Ceres6 committed Jul 27, 2023
1 parent aad5dc5 commit ef7277f
Show file tree
Hide file tree
Showing 15 changed files with 49 additions and 27 deletions.
3 changes: 1 addition & 2 deletions doc/api/cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -554,7 +554,7 @@ Enable the Permission Model for current process. When enabled, the
following permissions are restricted:

* File System - manageable through
[`--allow-fs-read`][], [`--allow-fs-write`][] and [`--permission-fs-path-delimiter`][] flags
[`--allow-fs-read`][], [`--allow-fs-write`][] flags
* Child Process - manageable through [`--allow-child-process`][] flag
* Worker Threads - manageable through [`--allow-worker`][] flag

Expand Down Expand Up @@ -1136,7 +1136,6 @@ node --experimental-permission --permission-fs-path-delimiter=\; \
--allow-fs-read=/path/to/index.js index.js
```


### `--policy-integrity=sri`

<!-- YAML
Expand Down
4 changes: 2 additions & 2 deletions doc/api/permissions.md
Original file line number Diff line number Diff line change
Expand Up @@ -542,8 +542,8 @@ Wildcards are supported too:

##### Accessing files with comma in path

To access files with comma in path you can change the path delimiter using the
`--permission-fs-path-delimiter` flag to set a value not used in any of the
To access files with a comma in the path you can change the path delimiter using
the `--permission-fs-path-delimiter` flag to set a value not used in any of the
paths you want to access.

```console
Expand Down
3 changes: 3 additions & 0 deletions doc/node.1
Original file line number Diff line number Diff line change
Expand Up @@ -335,6 +335,9 @@ Among other uses, this can be used to enable FIPS-compliant crypto if Node.js is
.It Fl -pending-deprecation
Emit pending deprecation warnings.
.
.It Fl -permission-fs-path-delimiter
File system path delimiter used when providing multiple read or write allowed files using the permission model.
.
.It Fl -policy-integrity Ns = Ns Ar sri
Instructs Node.js to error prior to running any code if the policy does not have the specified integrity. It expects a Subresource Integrity string as a parameter.
.
Expand Down
6 changes: 3 additions & 3 deletions src/env.cc
Original file line number Diff line number Diff line change
Expand Up @@ -856,17 +856,17 @@ Environment::Environment(IsolateData* isolate_data,
if (!options_->allow_worker_threads) {
permission()->Apply("*", permission::PermissionScope::kWorkerThreads);
}

const std::string delimiter = options_->permission_fs_path_delimiter;
if (!options_->allow_fs_read.empty()) {
permission()->Apply(options_->allow_fs_read,
permission::PermissionScope::kFileSystemRead,
{{"delimiter", options_->permission_fs_path_delimiter}});
{{"delimiter", delimiter}});
}

if (!options_->allow_fs_write.empty()) {
permission()->Apply(options_->allow_fs_write,
permission::PermissionScope::kFileSystemWrite,
{{"delimiter", options_->permission_fs_path_delimiter}});
{{"delimiter", delimiter}});
}
}
}
Expand Down
7 changes: 4 additions & 3 deletions src/permission/child_process_permission.cc
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,10 @@ namespace permission {

// Currently, ChildProcess manage a single state
// Once denied, it's always denied
void ChildProcessPermission::Apply(const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options) {
void ChildProcessPermission::Apply(
const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options) {
deny_all_ = true;
}

Expand Down
3 changes: 2 additions & 1 deletion src/permission/child_process_permission.h
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ class ChildProcessPermission final : public PermissionBase {
public:
void Apply(const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options = {}) override;
const std::unordered_map<std::string, std::string>& options = {})
override;
bool is_granted(PermissionScope perm,
const std::string_view& param = "") override;

Expand Down
9 changes: 7 additions & 2 deletions src/permission/fs_permission.cc
Original file line number Diff line number Diff line change
Expand Up @@ -116,9 +116,14 @@ namespace permission {

// allow = '*'
// allow = '/tmp/,/home/example.js'
void FSPermission::Apply(const std::string& allow, PermissionScope scope, const std::unordered_map<std::string, std::string>& options) {
void FSPermission::Apply(
const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options) {
using std::string_view_literals::operator""sv;
std::string delimiter = options.find("delimiter") != options.end() ? options.at("delimiter") : ",";
std::string delimiter = options.find("delimiter") != options.end()
? options.at("delimiter")
: ",";
for (const std::string_view res : SplitString(allow, delimiter)) {
if (res == "*"sv) {
if (scope == PermissionScope::kFileSystemRead) {
Expand Down
5 changes: 4 additions & 1 deletion src/permission/fs_permission.h
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,10 @@ namespace permission {

class FSPermission final : public PermissionBase {
public:
void Apply(const std::string& allow, PermissionScope scope, const std::unordered_map<std::string, std::string>& options = {}) override;
void Apply(const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options = {})
override;
bool is_granted(PermissionScope perm, const std::string_view& param) override;

struct RadixTree {
Expand Down
7 changes: 4 additions & 3 deletions src/permission/inspector_permission.cc
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,10 @@ namespace permission {

// Currently, Inspector manage a single state
// Once denied, it's always denied
void InspectorPermission::Apply(const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options) {
void InspectorPermission::Apply(
const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options) {
deny_all_ = true;
}

Expand Down
3 changes: 2 additions & 1 deletion src/permission/inspector_permission.h
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ class InspectorPermission final : public PermissionBase {
public:
void Apply(const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options = {}) override;
const std::unordered_map<std::string, std::string>& options = {})
override;
bool is_granted(PermissionScope perm,
const std::string_view& param = "") override;

Expand Down
7 changes: 4 additions & 3 deletions src/permission/permission.cc
Original file line number Diff line number Diff line change
Expand Up @@ -130,9 +130,10 @@ void Permission::EnablePermissions() {
}
}

void Permission::Apply(const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options) {
void Permission::Apply(
const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options) {
auto permission = nodes_.find(scope);
if (permission != nodes_.end()) {
permission->second->Apply(allow, scope, options);
Expand Down
4 changes: 3 additions & 1 deletion src/permission/permission.h
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,9 @@ class Permission {
const std::string_view& res);

// CLI Call
void Apply(const std::string& allow, PermissionScope scope, const std::unordered_map<std::string, std::string>& options = {});
void Apply(const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options = {});
void EnablePermissions();

private:
Expand Down
5 changes: 4 additions & 1 deletion src/permission/permission_base.h
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,10 @@ enum class PermissionScope {

class PermissionBase {
public:
virtual void Apply(const std::string& allow, PermissionScope scope, const std::unordered_map<std::string, std::string>& options = {}) = 0;
virtual void Apply(
const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options = {}) = 0;
virtual bool is_granted(PermissionScope perm,
const std::string_view& param = "") = 0;
};
Expand Down
7 changes: 4 additions & 3 deletions src/permission/worker_permission.cc
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,10 @@ namespace permission {

// Currently, PolicyDenyWorker manage a single state
// Once denied, it's always denied
void WorkerPermission::Apply(const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options) {
void WorkerPermission::Apply(
const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options) {
deny_all_ = true;
}

Expand Down
3 changes: 2 additions & 1 deletion src/permission/worker_permission.h
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ class WorkerPermission final : public PermissionBase {
public:
void Apply(const std::string& allow,
PermissionScope scope,
const std::unordered_map<std::string, std::string>& options = {}) override;
const std::unordered_map<std::string, std::string>& options = {})
override;
bool is_granted(PermissionScope perm,
const std::string_view& param = "") override;

Expand Down

0 comments on commit ef7277f

Please sign in to comment.