From 2c7627cbe102b8dcc3f88b8380092d6778a56125 Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Sun, 28 Sep 2025 04:02:13 +0200 Subject: [PATCH] src: bring permissions macros in line with general C/C++ standards Specifically, avoid the hazard of unintentionally evaluating an argument multiple times during macro expansion, and do not assume the available of particular namespaces in the current scope. --- src/node_report.cc | 2 +- src/permission/permission.h | 34 +++++++++++++++++++++++----------- 2 files changed, 24 insertions(+), 12 deletions(-) diff --git a/src/node_report.cc b/src/node_report.cc index ff69d3b44bd15e..e784d5d7da607e 100644 --- a/src/node_report.cc +++ b/src/node_report.cc @@ -862,7 +862,7 @@ std::string TriggerNodeReport(Isolate* isolate, THROW_IF_INSUFFICIENT_PERMISSIONS( env, permission::PermissionScope::kFileSystemWrite, - std::string_view(Environment::GetCwd(env->exec_path())), + Environment::GetCwd(env->exec_path()), filename); } } diff --git a/src/permission/permission.h b/src/permission/permission.h index 336b3095fdeb2c..f18a2ea1182c36 100644 --- a/src/permission/permission.h +++ b/src/permission/permission.h @@ -28,31 +28,43 @@ class FSReqBase; namespace permission { -#define THROW_IF_INSUFFICIENT_PERMISSIONS(env, perm_, resource_, ...) \ +#define THROW_IF_INSUFFICIENT_PERMISSIONS(env, perm, resource, ...) \ do { \ - if (!env->permission()->is_granted(env, perm_, resource_)) [[unlikely]] { \ + node::Environment* env__ = (env); \ + const node::permission::PermissionScope perm__ = (perm); \ + const auto resource__ = (resource); \ + if (!env__->permission()->is_granted(env__, perm__, resource__)) \ + [[unlikely]] { \ node::permission::Permission::ThrowAccessDenied( \ - (env), perm_, resource_); \ + env__, perm__, resource__); \ return __VA_ARGS__; \ } \ } while (0) #define ASYNC_THROW_IF_INSUFFICIENT_PERMISSIONS( \ - env, wrap, perm_, resource_, ...) \ + env, wrap, perm, resource, ...) \ do { \ - if (!env->permission()->is_granted(env, perm_, resource_)) [[unlikely]] { \ + node::Environment* env__ = (env); \ + const node::permission::PermissionScope perm__ = (perm); \ + const auto resource__ = (resource); \ + if (!env__->permission()->is_granted(env__, perm__, resource__)) \ + [[unlikely]] { \ node::permission::Permission::AsyncThrowAccessDenied( \ - (env), wrap, perm_, resource_); \ + env__, (wrap), perm__, resource__); \ return __VA_ARGS__; \ } \ } while (0) #define ERR_ACCESS_DENIED_IF_INSUFFICIENT_PERMISSIONS( \ - env, perm_, resource_, args, ...) \ + env, perm, resource, args, ...) \ do { \ - if (!env->permission()->is_granted(env, perm_, resource_)) [[unlikely]] { \ + node::Environment* env__ = (env); \ + const node::permission::PermissionScope perm__ = (perm); \ + const auto resource__ = (resource); \ + if (!env__->permission()->is_granted(env__, perm__, resource__)) \ + [[unlikely]] { \ Local err_access; \ - if (permission::CreateAccessDeniedError(env, perm_, resource_) \ + if (node::permission::CreateAccessDeniedError(env__, perm__, resource__) \ .ToLocal(&err_access)) { \ args.GetReturnValue().Set(err_access); \ } else { \ @@ -63,11 +75,11 @@ namespace permission { } while (0) #define SET_INSUFFICIENT_PERMISSION_ERROR_CALLBACK(scope) \ - void InsufficientPermissionError(const std::string resource) { \ + void InsufficientPermissionError(std::string_view resource) { \ v8::HandleScope handle_scope(env()->isolate()); \ v8::Context::Scope context_scope(env()->context()); \ v8::Local arg; \ - if (!permission::CreateAccessDeniedError(env(), scope, resource) \ + if (!permission::CreateAccessDeniedError(env(), (scope), resource) \ .ToLocal(&arg)) { \ } \ MakeCallback(env()->oncomplete_string(), 1, &arg); \