-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to includes "," or "*" char self in --allow-fs-read? #1039
Comments
Thanks for the feedback. Probably, we'll need to switch the delimiter to a semicolon (;). I'll work on that. |
My two cents: Though this feature is experimental, change dilimiter is break change about safe. And
|
@LongTengDao Would it work if you escape the I think for your use case the only reasonable choice is to pass those files through a config file. |
What encoding does RegExp(value.slice(0,value.lastIndexOf('$')+1), value.slice(value.lastIndexOf('$')+1)) A config data is good, but the value could change for each time fork, so a json arg should better be an alt solution, like: child_process.fork(
...{
execArgv: [
`--allow-fs-read=${JSON.stringify([ '/path,1' ])}`
]
}
) Otherwise, I need to generate a temp config file for each fork, and unlink that after using, to control fs io indirectly... It's two complex for just support ( |
It only accepts file paths with wildcards (
or you should send it through a config file. I'll see how feasible is the array approach. |
This comment was marked as outdated.
This comment was marked as outdated.
|
Hi! I'm working on this and here is what I thought. Changing the behaviour to an array would be a breaking change. Therefore it would be a good option to check on the length of the array and preserve the current behaviour when array is of length 1, then split. The problem there would be if I only have one file which contains a comma. Besides, this wouldn't solve the issue for people wanting to use the single string. An option would be to add a new flag We could implement just the new flag, the array approach –knowing the caveat– or both. WDYT? CC @RafaelGSS |
We can also read that configuration from a config file. We can adapt the current policy.json to accept permission model config too |
Is there a preferred way or should we implement them all? |
I think, for now, we can go with: cc: @nodejs/security-wg |
--permission-fs-path-delimiter flag added to permission model. If not provided default value will be comma. Fixes: nodejs/security-wg#1039
Hi 👋🏻. There is an standing PR that addresses the part of comma as part of paths by adding a new flag During the discussion of said PR @tniessen brought up that it might not be a good idea to have comma as default separator. As we have seem it conflicts with some valid paths and it doesn't conform with
IMO given the experimental nature and relatively short live of these flags going for the path delimiter option seems the most clean way going forward as it wouldn't add new flags or documentation and it is consistent with the only stable example I could find. WDYT? |
I think the best approach depends on whether this syntax will ever be used for anything besides file system paths. For example, there are still discussions around environment variables. If this is supposed to be a more generic list format than just file system paths, then that should be planned for now. Accepting multiple flags seems very reasonable to me. (Then again, I have not been following this discussion, so I trust your judgement on that.)
That's not entirely true. On POSIX systems, file names can technically contain |
For now, environment variables aren't planned. But, if we include that I agree it should follow the same pattern. I think we should go with option 2. It seems the smoothest breaking change for the end users. We can also:
Would it make sense? ping @nodejs/security-wg |
I prefer to use |
And |
@LongTengDao The problem with |
a gui sandbox software, drag a folder in and run it. i can't control what's included in users' folder path. currently, i can only shut down the software when path including special chars. |
We've discussed it in the last security team meeting and we're tempted to follow the option 2. cc @Ceres6
|
We emit a warning and split with commas or not? |
We follow multiple cli flags approach: $ node --experimental-permission --allow-fs-read=/tmp/,/path/index.js index.js
Warning: the allow-fs-read CLI flag has recently changed. Each file/directory should have its own --allow-fs-read call. Example: --allow-fs-read=/folder1/ --allow-fs-read=/folder2/
... Probably a better description should be used. |
Support for a single comma separates list for allow-fs-* flags is removed. Instead now multiple flags can be passed to allow multiple paths. Fixes: nodejs/security-wg#1039
Support for a single comma separates list for allow-fs-* flags is removed. Instead now multiple flags can be passed to allow multiple paths. Fixes: nodejs/security-wg#1039
Support for a single comma separates list for allow-fs-* flags is removed. Instead now multiple flags can be passed to allow multiple paths. Fixes: nodejs/security-wg#1039 PR-URL: #49047 Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Marco Ippolito <[email protected]>
I forgot we still have to deal with |
@RafaelGSS I can implement that too. I'm not sure what options do we have for that apart from escaping... |
They are valid unix path name, and as an app developer, I can't control what parent directory user's pc use.
Currently I can only shutdown the whole app when user's directory has
,
or*
, that's not good...The text was updated successfully, but these errors were encountered: