-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
permission: v8.writeHeapSnapshot and process.report #48564
Conversation
ec61426
to
0291784
Compare
0291784
to
635e2b2
Compare
Co-Authored-By: haxatron <haxatron1@gmail.com> Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
635e2b2
to
972c92b
Compare
@@ -871,6 +874,13 @@ std::string TriggerNodeReport(Isolate* isolate, | |||
filename = *DiagnosticFilename( | |||
env != nullptr ? env->thread_id() : 0, "report", "json"); | |||
} | |||
if (env != nullptr) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not entirely sure about when the env is null. Would that happen only when OOM or another crash reporter happens? If so, what would be the best way to throw an exception here?
Maybe @gireeshpunathil has some thoughts on this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Other than your own comment, LGTM
Landed in 74c2d9c |
FWIW, the commit message does not adhere to the guidelines. |
What's missing? |
An imperative verb after the subsystem :) |
And in general, the commit message doesn't make much sense. It's impossible (at least for me) to understand what the commit does without looking at the diff. |
Co-Authored-By: haxatron <haxatron1@gmail.com> Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: #48564 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Co-Authored-By: haxatron <haxatron1@gmail.com> Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: nodejs#48564 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Co-Authored-By: haxatron <haxatron1@gmail.com> Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: nodejs#48564 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
@RafaelGSS corret me if I'm wrong but I don't believe the |
Even though the permission model, for now, doesn't handle other scopes than the node:fs module. Adding this validation on common write operations seems reasonable.
Co-Authored-By: @Haxatron
cc: @nodejs/security-wg