repl: create history file with mode 0600.

[XeCycle]

Test code mostly written by Trott
#3392 (comment).

[targos]

you can use an octal literal: 0o0600

[Trott]

LGTM if CI is happy.

[Trott]

Fixes: #3392

[Trott]

CI: https://ci.nodejs.org/job/node-test-commit/859/

[Trott]

Test fails on Windows: https://ci.nodejs.org/job/node-test-binary-windows/14/RUN_SUBSET=0,VS_VERSION=vs2015,label=win10/tapTestReport/test.tap-155/

[XeCycle]

Tried it on Windows, and the returned stat is 010666. I guess that's because Windows uses a different permission model; do you think it okay to skip this test on Windows?

[rvagg]

I think so but lets ask @nodejs/platform-windows

[Trott]

I changed

  assert.strictEqual(mode, '0600', 'REPL history file should be mode 0600');

To just this

  assert.strictEqual(mode, '0600');

So that it would report the actual value. Result is here.

So, Windows is creating the file with mode 0666 rather than 0600.

The question is: Is this a bug in the code that creates the file or is it a limitation of running the Node.js REPL on the Windows operating system?

[Trott]

The code uses fs.open() to set the mode on file creation, so I guess if there's stuff that does not completely work there, a Windows libuv person would know the deal?

[Trott]

This comment in the libuv source would seem to be more-or-less a smoking gun. I think you can just check common.isWindows() at the top of the test, and if it is Windows, skip the test. You can emulate other tests like this from test-process-remove-all-signal-listeners:

if (common.isWindows) {
  console.log('1..0 # Skipped: Win32 doesn\'t have signals, just a kind of ' +
              'emulation, insufficient for this test to apply.');
  return;
}

[XeCycle]

From docs of CreateFile:

• The access control lists (ACL) in the default security descriptor for a file or directory are inherited from its parent directory.

So privacy on the history file relies on the user having a fine ACL in his/her home directory (which appers to be like C:\Users\username).

[Trott]

Cool. LGTM if CI passes.

CI: https://ci.nodejs.org/job/node-test-commit/865/

[Trott]

All test failures are just the unrelated usual suspects and something weird with OS X such that it won't even build or something.

In other words: 👍

Hopefully someone else can give it an LGTM too.

[thefourtheye]

You can use assert.ifError instead of this if block.

[XeCycle]

I see there are other tests writing if (err) throw err; e.g. test-fs-write. Does the current style explicitly prefer assert.ifError? If not I think this if block is also okay.

[Fishrock123]

No need to use assert here, this is common practice.

[Fishrock123]

Seems fine to me.

[Trott]

@Fishrock123 Does that constitute an LGTM?

[Fishrock123]

Could you make this consistent with the other test? '.node_repl_history'

[XeCycle]

@Fishrock123 file name changed, not rebasing.

[XeCycle]

Please check this commit. Discovered we have -i/--interactive, so tried testing with that, but it fails because of another check here and here. Is it intended that a forced interactive session without terminal does not create a history file?

[Fishrock123]

Discovered we have -i/--interactive, so tried testing with that, but it fails because of another check here and here. Is it intended that a forced interactive session without terminal does not create a history file?

Undefined. -i/--interactive should act just like the regular repl as much as possible though imo.

[jasnell]

What's the status on this one?

[XeCycle]

Seems like maintainers did not agree on the tests. Anyway there are no conflicts, a rebase is easy, so let me know if you want this landed.

[jasnell]

@nodejs/collaborators @nodejs/ctc ... does anyone have any further thoughts on this one?
@XeCycle ... if you'd like to rebase I'll see if I can get an updated review.

[Fishrock123]

ci: https://ci.nodejs.org/job/node-test-pull-request/2463/

[Fishrock123]

ci is green, I can't really make an informative opinion about this though

[silverwind]

600 is the right mode for history files, it protects the content from other users in case the home directory is readable. The test seems a bit overly complicated, but overall LGTM.

[Fishrock123]

Ok, LGTM then

[santigimeno]

LGTM

[jasnell]

Nit: Would you mind adding a quick code comment with a quick explanation here. Nothing complicated, just enough for someone scanning through to know why the flag was set to this.

[jasnell]

Added a couple of comments that I'd like to see addressed before this lands. Otherwise LGTM

[jasnell]

What semver-iness would this be? I'm thinking just a patch (because I'd consider this a bug fix) but figured I'd ask.

[Fishrock123]

I don't think it would be major.

[XeCycle]

@jasnell

Would you mind adding a quick code comment with a quick explanation here

Added, pointing to this PR and issue.

Personally I prefer the masked version

Me too, changed it to the masked version.

[jasnell]

CI: https://ci.nodejs.org/job/node-test-pull-request/2491/

[jasnell]

LGTM if CI is green

[silverwind]

Thanks you! Landed in b72d048.