From 5dffac0177104ba9523721ca78f8d32aec5b0b76 Mon Sep 17 00:00:00 2001 From: Zach Bloomquist Date: Mon, 26 Jul 2021 17:24:22 -0400 Subject: [PATCH 1/4] fix: use process.geteuid and catch uid errors in file util --- .eslintrc.json | 15 ++++++++++++++- packages/server/.eslintrc.json | 5 +---- packages/server/lib/util/file.js | 13 ++++++++++++- scripts/run-docker-local.sh | 1 + 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/.eslintrc.json b/.eslintrc.json index 7e35a14aabd1..91bb4cfa7ee7 100644 --- a/.eslintrc.json +++ b/.eslintrc.json @@ -9,7 +9,20 @@ "rules": { "prefer-spread": "off", "prefer-rest-params": "off", - "no-useless-constructor": "off" + "no-useless-constructor": "off", + "no-restricted-properties": [ + "error", + { + "object": "process", + "property": "geteuid", + "message": "process.geteuid() will throw on Windows. Do not use it unless you catch any potential errors." + }, + { + "object": "os", + "property": "userInfo", + "message": "os.userInfo() will throw when there is not an `/etc/passwd` entry for the current user (like when running with --user 12345 in Docker). Do not use it unless you catch any potential errors." + } + ] }, "settings": { "react": { diff --git a/packages/server/.eslintrc.json b/packages/server/.eslintrc.json index a888e77e78dd..3580024a4212 100644 --- a/packages/server/.eslintrc.json +++ b/packages/server/.eslintrc.json @@ -1,11 +1,8 @@ { "extends": [ - "plugin:@cypress/dev/tests" + "../../.eslintrc.json" ], "parser": "@typescript-eslint/parser", - "env": { - "cypress/globals": true - }, "plugins": [ "cypress" ] diff --git a/packages/server/lib/util/file.js b/packages/server/lib/util/file.js index 77bd825da618..148e52951541 100644 --- a/packages/server/lib/util/file.js +++ b/packages/server/lib/util/file.js @@ -13,6 +13,17 @@ const { default: pQueue } = require('p-queue') const DEBOUNCE_LIMIT = 1000 const LOCK_TIMEOUT = 2000 +function getUid () { + try { + // eslint-disable-next-line no-restricted-properties + return process.geteuid() + } catch (err) { + // process.geteuid() can fail, return a constant + // @see https://github.com/cypress-io/cypress/issues/17415 + return 1 + } +} + class File { constructor (options = {}) { if (!options.path) { @@ -23,7 +34,7 @@ class File { // If multiple users write to a specific directory is os.tmpdir, permission errors can arise. // Instead, we make a user specific directory with os.tmpdir. - this._lockFileDir = path.join(os.tmpdir(), `cypress-${os.userInfo().uid}`) + this._lockFileDir = path.join(os.tmpdir(), `cypress-${getUid()()}`) this._lockFilePath = path.join(this._lockFileDir, `${md5(this.path)}.lock`) this._queue = new pQueue({ concurrency: 1 }) diff --git a/scripts/run-docker-local.sh b/scripts/run-docker-local.sh index 17dd15696c02..148c82707110 100755 --- a/scripts/run-docker-local.sh +++ b/scripts/run-docker-local.sh @@ -13,6 +13,7 @@ echo "You should be able to edit files locally" echo "but execute the code in the container" docker run -v $PWD:/home/person/cypress \ + --user 12345 \ -w /home/person/cypress${WORKING_DIR:-} \ -it $name \ /bin/bash From a2abf0897fd609269e210c7f015a3fba3acbeb2d Mon Sep 17 00:00:00 2001 From: Zach Bloomquist Date: Mon, 26 Jul 2021 17:25:30 -0400 Subject: [PATCH 2/4] update usages of process.geteuid --- cli/test/lib/tasks/verify_spec.js | 1 + packages/electron/lib/electron.js | 1 + packages/server/lib/util/file.js | 2 +- packages/server/test/e2e/2_cookies_spec.ts | 1 + packages/server/test/integration/cypress_spec.js | 1 + .../projects/read-only-project-root/cypress/plugins/index.js | 1 + 6 files changed, 6 insertions(+), 1 deletion(-) diff --git a/cli/test/lib/tasks/verify_spec.js b/cli/test/lib/tasks/verify_spec.js index f1f324c85f7f..80ce2daca7c8 100644 --- a/cli/test/lib/tasks/verify_spec.js +++ b/cli/test/lib/tasks/verify_spec.js @@ -1,3 +1,4 @@ +/* eslint-disable no-restricted-properties */ require('../../spec_helper') const path = require('path') diff --git a/packages/electron/lib/electron.js b/packages/electron/lib/electron.js index 686b4a921713..f2b91d68898f 100644 --- a/packages/electron/lib/electron.js +++ b/packages/electron/lib/electron.js @@ -16,6 +16,7 @@ fs = Promise.promisifyAll(fs) * If running as root on Linux, no-sandbox must be passed or Chrome will not start */ const isSandboxNeeded = () => { + // eslint-disable-next-line no-restricted-properties return (os.platform() === 'linux') && (process.geteuid() === 0) } diff --git a/packages/server/lib/util/file.js b/packages/server/lib/util/file.js index 148e52951541..753ca4393037 100644 --- a/packages/server/lib/util/file.js +++ b/packages/server/lib/util/file.js @@ -34,7 +34,7 @@ class File { // If multiple users write to a specific directory is os.tmpdir, permission errors can arise. // Instead, we make a user specific directory with os.tmpdir. - this._lockFileDir = path.join(os.tmpdir(), `cypress-${getUid()()}`) + this._lockFileDir = path.join(os.tmpdir(), `cypress-${getUid()}`) this._lockFilePath = path.join(this._lockFileDir, `${md5(this.path)}.lock`) this._queue = new pQueue({ concurrency: 1 }) diff --git a/packages/server/test/e2e/2_cookies_spec.ts b/packages/server/test/e2e/2_cookies_spec.ts index 8870ce9ec4e9..85ddcf2d8878 100644 --- a/packages/server/test/e2e/2_cookies_spec.ts +++ b/packages/server/test/e2e/2_cookies_spec.ts @@ -1,3 +1,4 @@ +/* eslint-disable no-restricted-properties */ import dayjs from 'dayjs' import parser from 'cookie-parser' import e2e from '../support/helpers/e2e' diff --git a/packages/server/test/integration/cypress_spec.js b/packages/server/test/integration/cypress_spec.js index c8ed17c1c7bc..8d6391661e69 100644 --- a/packages/server/test/integration/cypress_spec.js +++ b/packages/server/test/integration/cypress_spec.js @@ -1,3 +1,4 @@ +/* eslint-disable no-restricted-properties */ require('../spec_helper') const R = require('ramda') diff --git a/packages/server/test/support/fixtures/projects/read-only-project-root/cypress/plugins/index.js b/packages/server/test/support/fixtures/projects/read-only-project-root/cypress/plugins/index.js index d0a87b4657df..60b3e496ed59 100644 --- a/packages/server/test/support/fixtures/projects/read-only-project-root/cypress/plugins/index.js +++ b/packages/server/test/support/fixtures/projects/read-only-project-root/cypress/plugins/index.js @@ -1,3 +1,4 @@ +/* eslint-disable no-restricted-properties */ const fs = require('fs') const { expect } = require('chai') From f828d3a3af9d37b5597ec81a4cc7881b1431a35c Mon Sep 17 00:00:00 2001 From: Zach Bloomquist Date: Tue, 27 Jul 2021 13:30:36 -0400 Subject: [PATCH 3/4] update eslintrc.json --- packages/server/.eslintrc.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/server/.eslintrc.json b/packages/server/.eslintrc.json index 3580024a4212..930217e0b80b 100644 --- a/packages/server/.eslintrc.json +++ b/packages/server/.eslintrc.json @@ -3,6 +3,9 @@ "../../.eslintrc.json" ], "parser": "@typescript-eslint/parser", + "env": { + "cypress/globals": true + }, "plugins": [ "cypress" ] From 4a404bdab476404153f1764030c044a9719ebc37 Mon Sep 17 00:00:00 2001 From: Zach Bloomquist Date: Tue, 27 Jul 2021 14:05:25 -0400 Subject: [PATCH 4/4] revert change to run-docker-local.sh --- scripts/run-docker-local.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/run-docker-local.sh b/scripts/run-docker-local.sh index 148c82707110..17dd15696c02 100755 --- a/scripts/run-docker-local.sh +++ b/scripts/run-docker-local.sh @@ -13,7 +13,6 @@ echo "You should be able to edit files locally" echo "but execute the code in the container" docker run -v $PWD:/home/person/cypress \ - --user 12345 \ -w /home/person/cypress${WORKING_DIR:-} \ -it $name \ /bin/bash