-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission path delimiter #48944
Permission path delimiter #48944
Conversation
Review requested:
|
I think you'll need to rebase instead and get rid of all the extra commits. |
Yes, I noticed, I'm working on it |
d19df78
to
c4cb9cc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are a lot of files commited that should be removed:
- compare-no-warnings
- node-new
- node-old
96fc261
to
aad5dc5
Compare
We need to also include it as |
229648c
to
ef7277f
Compare
--permission-fs-path-delimiter flag added to permission model. If not provided default value will be comma. Fixes: nodejs/security-wg#1039
513c1a2
to
e98237e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work!
Co-authored-by: Rafael Gonzaga <[email protected]>
Co-authored-by: Rafael Gonzaga <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with green ci
@Ceres6 this is failing on Windows, could you check? |
Test should be fixed now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there some discussion leading up to this? The default (comma) is a questionable choice because it does not match path.delimiter
on any supported platform and because it is a valid character within file names (unless perhaps this syntax will ever be used for anything besides file system paths?). But is adding yet another CLI option the right solution?
If you want to stick with commas by default, you might want to consider something like emcc's approach. It supports various formats (some of which are admittedly ambiguous) and requires zero configuration:
foo,bar
"foo","bar"
["foo","bar"]
[foo,bar]
I believe --allow-fs-*
can also be specified more than once, so a custom list syntax is technically not required at all. Dropping it would likely be the least ambiguous option.
(This is non-blocking. Just my two cents.)
We've been discussing it at nodejs/security-wg#1039. The problem with accepting multiple Well... Technically, we can support both (single --allow-fs separated by a comma, a multiple a --allow-fs), but it will require some work to support both implementations such as:
Honestly, I never heard about it. Does emcc stand for ecmascripten? |
Closing it in favour of #49047 |
Fixes nodejs/security-wg#1039
This PR adds a new flag
--permission-fs-path-delimiter
which allows to change the path delimiter when providing a list of files to either--allow-fs-read
orallow-fs-write
.