From 837acd3228911a38f0fc36ee04afa68e04c61e1f Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Wed, 3 Jan 2024 15:29:36 -0300 Subject: [PATCH 1/4] test: add URL tests to fs-write --- test/fixtures/permission/fs-write.js | 76 ++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/test/fixtures/permission/fs-write.js b/test/fixtures/permission/fs-write.js index 390ac4e53b1910..80ab0479679257 100644 --- a/test/fixtures/permission/fs-write.js +++ b/test/fixtures/permission/fs-write.js @@ -11,6 +11,7 @@ const regularFolder = process.env.ALLOWEDFOLDER; const regularFile = process.env.ALLOWEDFILE; const blockedFolder = process.env.BLOCKEDFOLDER; const blockedFile = process.env.BLOCKEDFILE; +const blockedFileURL = new URL('file://' + process.env.BLOCKEDFILE); const relativeProtectedFile = process.env.RELATIVEBLOCKEDFILE; const relativeProtectedFolder = process.env.RELATIVEBLOCKEDFOLDER; const absoluteProtectedFile = path.resolve(relativeProtectedFile); @@ -30,6 +31,13 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), }); + assert.throws(() => { + fs.writeFile(blockedFileURL, 'example', () => {}); + }, common.expectsError({ + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + resource: path.toNamespacedPath(blockedFile), + })); assert.throws(() => { fs.writeFile(relativeProtectedFile, 'example', () => {}); }, { @@ -91,6 +99,13 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), }); + assert.throws(() => { + fs.utimes(blockedFileURL, new Date(), new Date(), () => {}); + }, common.expectsError({ + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + resource: path.toNamespacedPath(blockedFile), + })); assert.throws(() => { fs.utimes(relativeProtectedFile, new Date(), new Date(), () => {}); }, { @@ -117,6 +132,13 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), }); + assert.throws(() => { + fs.lutimes(blockedFileURL, new Date(), new Date(), () => {}); + }, common.expectsError({ + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + resource: path.toNamespacedPath(blockedFile), + })); } // fs.mkdir @@ -169,6 +191,15 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), }); + assert.throws(() => { + fs.rename(blockedFileURL, path.join(blockedFile, 'renamed'), (err) => { + assert.ifError(err); + }); + }, common.expectsError({ + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + resource: path.toNamespacedPath(blockedFile), + })); assert.throws(() => { fs.rename(relativeProtectedFile, path.join(relativeProtectedFile, 'renamed'), (err) => { assert.ifError(err); @@ -263,6 +294,12 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', }); + assert.throws(() => { + fs.open(blockedFileURL, fs.constants.O_RDWR | 0x10000000, common.mustNotCall()); + }, { + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + }); assert.rejects(async () => { await fs.promises.open(blockedFile, fs.constants.O_RDWR | fs.constants.O_NOFOLLOW); }, { @@ -290,6 +327,12 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', }); + assert.throws(() => { + fs.chmod(blockedFileURL, 0o755, common.mustNotCall()); + }, { + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + }); assert.rejects(async () => { await fs.promises.chmod(blockedFile, 0o755); }, { @@ -324,6 +367,12 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', }); + assert.throws(() => { + fs.appendFile(blockedFileURL, 'new data', common.mustNotCall()); + }, { + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + }); assert.rejects(async () => { await fs.promises.appendFile(blockedFile, 'new data'); }, { @@ -340,6 +389,12 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', }); + assert.throws(() => { + fs.chown(blockedFileURL, 1541, 999, common.mustNotCall()); + }, { + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + }); assert.rejects(async () => { await fs.promises.chown(blockedFile, 1541, 999); }, { @@ -356,6 +411,12 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', }); + assert.throws(() => { + fs.lchown(blockedFileURL, 1541, 999, common.mustNotCall()); + }, { + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + }); assert.rejects(async () => { await fs.promises.lchown(blockedFile, 1541, 999); }, { @@ -372,6 +433,12 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', }); + assert.throws(() => { + fs.link(blockedFileURL, path.join(blockedFolder, '/linked'), common.mustNotCall()); + }, { + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + }); assert.rejects(async () => { await fs.promises.link(blockedFile, path.join(blockedFolder, '/linked')); }, { @@ -391,4 +458,13 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), }); + assert.throws(() => { + fs.unlink(blockedFileURL, (err) => { + assert.ifError(err); + }); + }, { + code: 'ERR_ACCESS_DENIED', + permission: 'FileSystemWrite', + resource: path.toNamespacedPath(blockedFile), + }); } From 451918d720a32ef26b5a866d7693e741c10bab48 Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Thu, 4 Jan 2024 12:37:37 -0300 Subject: [PATCH 2/4] fixup! use pathToFileURL Co-authored-by: Antoine du Hamel --- test/fixtures/permission/fs-write.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/fixtures/permission/fs-write.js b/test/fixtures/permission/fs-write.js index 80ab0479679257..8c0bf3124b0af3 100644 --- a/test/fixtures/permission/fs-write.js +++ b/test/fixtures/permission/fs-write.js @@ -11,7 +11,7 @@ const regularFolder = process.env.ALLOWEDFOLDER; const regularFile = process.env.ALLOWEDFILE; const blockedFolder = process.env.BLOCKEDFOLDER; const blockedFile = process.env.BLOCKEDFILE; -const blockedFileURL = new URL('file://' + process.env.BLOCKEDFILE); +const blockedFileURL = require('url').pathToFileURL(process.env.BLOCKEDFILE); const relativeProtectedFile = process.env.RELATIVEBLOCKEDFILE; const relativeProtectedFolder = process.env.RELATIVEBLOCKEDFOLDER; const absoluteProtectedFile = path.resolve(relativeProtectedFile); From 7565f6323f3703e42e3219cfccf7031265163469 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Thu, 11 Jan 2024 15:07:31 +0100 Subject: [PATCH 3/4] Apply suggestions from code review --- test/fixtures/permission/fs-write.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/test/fixtures/permission/fs-write.js b/test/fixtures/permission/fs-write.js index 8c0bf3124b0af3..37accdc036c85c 100644 --- a/test/fixtures/permission/fs-write.js +++ b/test/fixtures/permission/fs-write.js @@ -33,11 +33,11 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); }); assert.throws(() => { fs.writeFile(blockedFileURL, 'example', () => {}); - }, common.expectsError({ + }, { code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), - })); + }); assert.throws(() => { fs.writeFile(relativeProtectedFile, 'example', () => {}); }, { @@ -101,11 +101,11 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); }); assert.throws(() => { fs.utimes(blockedFileURL, new Date(), new Date(), () => {}); - }, common.expectsError({ + }, { code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), - })); + }); assert.throws(() => { fs.utimes(relativeProtectedFile, new Date(), new Date(), () => {}); }, { @@ -134,11 +134,11 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); }); assert.throws(() => { fs.lutimes(blockedFileURL, new Date(), new Date(), () => {}); - }, common.expectsError({ + }, { code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), - })); + }); } // fs.mkdir @@ -195,11 +195,11 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); fs.rename(blockedFileURL, path.join(blockedFile, 'renamed'), (err) => { assert.ifError(err); }); - }, common.expectsError({ + }, { code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), - })); + }); assert.throws(() => { fs.rename(relativeProtectedFile, path.join(relativeProtectedFile, 'renamed'), (err) => { assert.ifError(err); From 327983992eae87ade2de8b20223abde927c88824 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Thu, 11 Jan 2024 11:31:33 -0300 Subject: [PATCH 4/4] Revert "Apply suggestions from code review" This reverts commit 7565f6323f3703e42e3219cfccf7031265163469. --- test/fixtures/permission/fs-write.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/test/fixtures/permission/fs-write.js b/test/fixtures/permission/fs-write.js index 37accdc036c85c..8c0bf3124b0af3 100644 --- a/test/fixtures/permission/fs-write.js +++ b/test/fixtures/permission/fs-write.js @@ -33,11 +33,11 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); }); assert.throws(() => { fs.writeFile(blockedFileURL, 'example', () => {}); - }, { + }, common.expectsError({ code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), - }); + })); assert.throws(() => { fs.writeFile(relativeProtectedFile, 'example', () => {}); }, { @@ -101,11 +101,11 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); }); assert.throws(() => { fs.utimes(blockedFileURL, new Date(), new Date(), () => {}); - }, { + }, common.expectsError({ code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), - }); + })); assert.throws(() => { fs.utimes(relativeProtectedFile, new Date(), new Date(), () => {}); }, { @@ -134,11 +134,11 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); }); assert.throws(() => { fs.lutimes(blockedFileURL, new Date(), new Date(), () => {}); - }, { + }, common.expectsError({ code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), - }); + })); } // fs.mkdir @@ -195,11 +195,11 @@ const absoluteProtectedFolder = path.resolve(relativeProtectedFolder); fs.rename(blockedFileURL, path.join(blockedFile, 'renamed'), (err) => { assert.ifError(err); }); - }, { + }, common.expectsError({ code: 'ERR_ACCESS_DENIED', permission: 'FileSystemWrite', resource: path.toNamespacedPath(blockedFile), - }); + })); assert.throws(() => { fs.rename(relativeProtectedFile, path.join(relativeProtectedFile, 'renamed'), (err) => { assert.ifError(err);