Skip to content

Commit

Permalink
permission: fix spawnSync permission check
Browse files Browse the repository at this point in the history
  • Loading branch information
@RafaelGSS
RafaelGSS committed Mar 6, 2023
1 parent 070e773 commit 41d0d74
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/spawn_sync.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,8 @@ void SyncProcessRunner::Initialize(Local<Object> target,

void SyncProcessRunner::Spawn(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);
THROW_IF_INSUFFICIENT_PERMISSIONS(
env, permission::PermissionScope::kChildProcess, "");
env->PrintSyncTrace();
SyncProcessRunner p(env);
Local<Value> result;
Expand Down
18 changes: 18 additions & 0 deletions test/parallel/test-permission-deny-child-process-cli.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,24 @@ if (process.argv[2] === 'child') {
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
assert.throws(() => {
childProcess.spawnSync(process.execPath, ['--version']);
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
assert.throws(() => {
childProcess.exec(process.execPath, ['--version']);
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
assert.throws(() => {
childProcess.execSync(process.execPath, ['--version']);
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
assert.throws(() => {
childProcess.fork(__filename, ['child']);
}, common.expectsError({
Expand All @@ -42,4 +54,10 @@ if (process.argv[2] === 'child') {
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
assert.throws(() => {
childProcess.execFileSync(process.execPath, ['--version']);
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
}
18 changes: 18 additions & 0 deletions test/parallel/test-permission-deny-child-process.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,24 @@ if (process.argv[2] === 'child') {
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
assert.throws(() => {
childProcess.spawnSync(process.execPath, ['--version']);
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
assert.throws(() => {
childProcess.exec(process.execPath, ['--version']);
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
assert.throws(() => {
childProcess.execSync(process.execPath, ['--version']);
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
assert.throws(() => {
childProcess.fork(__filename, ['child']);
}, common.expectsError({
Expand All @@ -49,4 +61,10 @@ if (process.argv[2] === 'child') {
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
assert.throws(() => {
childProcess.execFileSync(process.execPath, ['--version']);
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
}));
}

0 comments on commit 41d0d74

Please sign in to comment.