Skip to content

Commit

Permalink
test: add URL tests to fs-read in pm
Browse files Browse the repository at this point in the history
PR-URL: #51213
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
  • Loading branch information
RafaelGSS authored Dec 21, 2023
1 parent a71210b commit 335ecda
Showing 1 changed file with 81 additions and 6 deletions.
87 changes: 81 additions & 6 deletions test/fixtures/permission/fs-read.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ const fs = require('fs');
const path = require('path');

const blockedFile = process.env.BLOCKEDFILE;
const blockedFileURL = new URL('file://' + process.env.BLOCKEDFILE);
const blockedFolder = process.env.BLOCKEDFOLDER;
const allowedFolder = process.env.ALLOWEDFOLDER;
const regularFile = __filename;
Expand All @@ -21,15 +22,12 @@ const regularFile = __filename;
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.readFile(path.join(blockedFolder, 'anyfile'), () => {});
fs.readFile(blockedFileURL, () => {});
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(path.join(blockedFolder, 'anyfile')),
resource: path.toNamespacedPath(blockedFile),
}));

// doesNotThrow
fs.readFile(regularFile, () => {});
}

// fs.createReadStream
Expand All @@ -44,6 +42,16 @@ const regularFile = __filename;
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
})).then(common.mustCall());
assert.rejects(() => {
return new Promise((_resolve, reject) => {
const stream = fs.createReadStream(blockedFileURL);
stream.on('error', reject);
});
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
})).then(common.mustCall());

assert.rejects(() => {
return new Promise((_resolve, reject) => {
Expand All @@ -66,6 +74,13 @@ const regularFile = __filename;
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.stat(blockedFileURL, () => {});
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.stat(path.join(blockedFolder, 'anyfile'), () => {});
}, common.expectsError({
Expand All @@ -89,6 +104,13 @@ const regularFile = __filename;
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.access(blockedFileURL, fs.constants.R_OK, () => {});
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.access(path.join(blockedFolder, 'anyfile'), fs.constants.R_OK, () => {});
}, common.expectsError({
Expand All @@ -112,6 +134,13 @@ const regularFile = __filename;
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.copyFile(blockedFileURL, path.join(blockedFolder, 'any-other-file'), () => {});
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.copyFile(blockedFile, path.join(__dirname, 'any-other-file'), () => {});
}, common.expectsError({
Expand All @@ -131,6 +160,14 @@ const regularFile = __filename;
// cpSync calls statSync before reading blockedFile
resource: path.toNamespacedPath(blockedFolder),
}));
assert.throws(() => {
fs.cpSync(blockedFileURL, path.join(blockedFolder, 'any-other-file'));
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
// cpSync calls statSync before reading blockedFile
resource: path.toNamespacedPath(blockedFolder),
}));
assert.throws(() => {
fs.cpSync(blockedFile, path.join(__dirname, 'any-other-file'));
}, common.expectsError({
Expand All @@ -149,6 +186,13 @@ const regularFile = __filename;
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.open(blockedFileURL, 'r', () => {});
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.open(path.join(blockedFolder, 'anyfile'), 'r', () => {});
}, common.expectsError({
Expand Down Expand Up @@ -237,6 +281,13 @@ const regularFile = __filename;
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.watchFile(blockedFileURL, common.mustNotCall());
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
}

// fs.rename
Expand All @@ -248,6 +299,13 @@ const regularFile = __filename;
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.rename(blockedFileURL, 'newfile', () => {});
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
}

// fs.openAsBlob
Expand All @@ -259,6 +317,13 @@ const regularFile = __filename;
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
assert.throws(() => {
fs.openAsBlob(blockedFileURL);
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
}

// fs.exists
Expand All @@ -267,6 +332,9 @@ const regularFile = __filename;
fs.exists(blockedFile, (exists) => {
assert.equal(exists, false);
});
fs.exists(blockedFileURL, (exists) => {
assert.equal(exists, false);
});
}

// fs.statfs
Expand All @@ -278,4 +346,11 @@ const regularFile = __filename;
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
}
assert.throws(() => {
fs.statfs(blockedFileURL, () => {});
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: path.toNamespacedPath(blockedFile),
}));
}

0 comments on commit 335ecda

Please sign in to comment.