node icon indicating copy to clipboard operation
node copied to clipboard
verified publisher icon nodejs

permission: handle end nodes with children cases

Open RafaelGSS opened this issue 2 years ago • 1 comments

When two paths overlaps, the permission model returns a false negative cause the Node* doesn't contain an empty child ("") to consider it as an end node. For instance, if you call --allow-fs-read=/home/index.js,/home/index.json and call process.permission.has for both paths, it will return false for the index.js since it will create the following radix tree:

Child /
  Prefix: /home/index.js
  Child o
    Prefix: on
    End of tree: on
  End of tree(c): /home/index.js
End of tree(c):

and if you invert the parameters order: --allow-fs-read=/home/index.json,/home/index.js it will create an empty child for "/home/index.js" indicating "end node".

To handle it I've included a new parameter to Node*: is_leaf.

RafaelGSS avatar Jun 23 '23 14:06 RafaelGSS

Review requested:

  • [ ] @nodejs/security-wg

nodejs-github-bot avatar Jun 23 '23 14:06 nodejs-github-bot

CI: https://ci.nodejs.org/job/node-test-pull-request/52411/

nodejs-github-bot avatar Jun 23 '23 22:06 nodejs-github-bot

Landed in b38bc9fc890398039f3d97b0710e965d000fa801

nodejs-github-bot avatar Jun 25 '23 19:06 nodejs-github-bot

This commit does not land cleanly on v18.x-staging and will need manual backport in case we want it in v18.

ruyadorno avatar Sep 10 '23 03:09 ruyadorno