From 3ba81e34e86a5c32658e218cb6e65b13e8326bc5 Mon Sep 17 00:00:00 2001 From: Bill Ticehurst Date: Wed, 18 Apr 2018 11:55:35 -0700 Subject: [PATCH] test: add test for loading read-only modules Adds a test-case to cover loading modules the user does not have permission to write to. Covers issue logged in https://github.com/nodejs/node/issues/20112 PR-URL: https://github.com/nodejs/node/pull/20138 Refs: https://github.com/nodejs/node/issues/20112 Reviewed-By: Rich Trott Reviewed-By: Richard Lau Reviewed-By: Vse Mozhet Byt Reviewed-By: Bartosz Sosnowski Reviewed-By: Luigi Pinca Reviewed-By: James M Snell --- test/parallel/test-module-readonly.js | 48 +++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 test/parallel/test-module-readonly.js diff --git a/test/parallel/test-module-readonly.js b/test/parallel/test-module-readonly.js new file mode 100644 index 00000000000000..fa12471a37c31b --- /dev/null +++ b/test/parallel/test-module-readonly.js @@ -0,0 +1,48 @@ +'use strict'; + +const common = require('../common'); + +if (!common.isWindows) { + // TODO: Similar checks on *nix-like systems (e.g using chmod or the like) + common.skip('test only runs on Windows'); +} + +const assert = require('assert'); +const fs = require('fs'); +const path = require('path'); +const cp = require('child_process'); + +const tmpdir = require('../common/tmpdir'); +tmpdir.refresh(); + +// Create readOnlyMod.js and set to read only +const readOnlyMod = path.join(tmpdir.path, 'readOnlyMod'); +const readOnlyModRelative = path.relative(__dirname, readOnlyMod); +const readOnlyModFullPath = `${readOnlyMod}.js`; + +fs.writeFileSync(readOnlyModFullPath, 'module.exports = 42;'); + +// Removed any inherited ACEs, and any explicitly granted ACEs for the +// current user +cp.execSync( + `icacls.exe "${readOnlyModFullPath}" /inheritance:r /remove "%USERNAME%"`); + +// Grant the current user read & execute only +cp.execSync(`icacls.exe "${readOnlyModFullPath}" /grant "%USERNAME%":RX`); + +let except = null; +try { + // Attempt to load the module. Will fail if write access is required + require(readOnlyModRelative); +} catch (err) { + except = err; +} + +// Remove the expliclty granted rights, and reenable inheritance +cp.execSync( + `icacls.exe "${readOnlyModFullPath}" /remove "%USERNAME%" /inheritance:e`); + +// Delete the test module (note: tmpdir should get cleaned anyway) +fs.unlinkSync(readOnlyModFullPath); + +assert.ifError(except);