lib,src,permission: port path.resolve to C++

RafaelGSS · Ceres6 · RafaelGSS · commit b2649a3bb95e · 2023-11-22T19:52:03.000-03:00
Co-Authored-By: Carlos Espa &lt;cespatorres@gmail.com&gt;
diff --git a/src/env.cc b/src/env.cc
@@ -879,21 +879,25 @@ Environment::Environment(IsolateData* isolate_data,
     // unless explicitly allowed by the user
     options_->allow_native_addons = false;
     flags_ = flags_ | EnvironmentFlags::kNoCreateInspector;
-    permission()->Apply({"*"}, permission::PermissionScope::kInspector);
+    permission()->Apply(this, {"*"}, permission::PermissionScope::kInspector);
     if (!options_->allow_child_process) {
-      permission()->Apply({"*"}, permission::PermissionScope::kChildProcess);
+      permission()->Apply(
+          this, {"*"}, permission::PermissionScope::kChildProcess);
     }
     if (!options_->allow_worker_threads) {
-      permission()->Apply({"*"}, permission::PermissionScope::kWorkerThreads);
+      permission()->Apply(
+          this, {"*"}, permission::PermissionScope::kWorkerThreads);
     }
 
     if (!options_->allow_fs_read.empty()) {
-      permission()->Apply(options_->allow_fs_read,
+      permission()->Apply(this,
+                          options_->allow_fs_read,
                           permission::PermissionScope::kFileSystemRead);
     }
 
     if (!options_->allow_fs_write.empty()) {
-      permission()->Apply(options_->allow_fs_write,
+      permission()->Apply(this,
+                          options_->allow_fs_write,
                           permission::PermissionScope::kFileSystemWrite);
     }
   }
diff --git a/src/permission/child_process_permission.cc b/src/permission/child_process_permission.cc
@@ -9,7 +9,8 @@ namespace permission {
 
 // Currently, ChildProcess manage a single state
 // Once denied, it's always denied
-void ChildProcessPermission::Apply(const std::vector<std::string>& allow,
+void ChildProcessPermission::Apply(Environment* env,
+                                   const std::vector<std::string>& allow,
                                    PermissionScope scope) {
   deny_all_ = true;
 }
diff --git a/src/permission/child_process_permission.h b/src/permission/child_process_permission.h
@@ -12,7 +12,8 @@ namespace permission {
 
 class ChildProcessPermission final : public PermissionBase {
  public:
-  void Apply(const std::vector<std::string>& allow,
+  void Apply(Environment* env,
+             const std::vector<std::string>& allow,
              PermissionScope scope) override;
   bool is_granted(PermissionScope perm,
                   const std::string_view& param = "") const override;
diff --git a/src/permission/fs_permission.cc b/src/permission/fs_permission.cc
@@ -117,7 +117,8 @@ namespace permission {
 
 // allow = '*'
 // allow = '/tmp/,/home/example.js'
-void FSPermission::Apply(const std::vector<std::string>& allow,
+void FSPermission::Apply(Environment* env,
+                         const std::vector<std::string>& allow,
                          PermissionScope scope) {
   for (const std::string& res : allow) {
     if (res == "*") {
@@ -130,7 +131,7 @@ void FSPermission::Apply(const std::vector<std::string>& allow,
       }
       return;
     }
-    GrantAccess(scope, res);
+    GrantAccess(scope, PathResolve(env, {res}));
   }
 }
 
diff --git a/src/permission/fs_permission.h b/src/permission/fs_permission.h
@@ -15,7 +15,8 @@ namespace permission {
 
 class FSPermission final : public PermissionBase {
  public:
-  void Apply(const std::vector<std::string>& allow,
+  void Apply(Environment* env,
+             const std::vector<std::string>& allow,
              PermissionScope scope) override;
   bool is_granted(PermissionScope perm,
                   const std::string_view& param) const override;
diff --git a/src/permission/inspector_permission.cc b/src/permission/inspector_permission.cc
@@ -8,7 +8,8 @@ namespace permission {
 
 // Currently, Inspector manage a single state
 // Once denied, it's always denied
-void InspectorPermission::Apply(const std::vector<std::string>& allow,
+void InspectorPermission::Apply(Environment* env,
+                                const std::vector<std::string>& allow,
                                 PermissionScope scope) {
   deny_all_ = true;
 }
diff --git a/src/permission/inspector_permission.h b/src/permission/inspector_permission.h
@@ -12,7 +12,8 @@ namespace permission {
 
 class InspectorPermission final : public PermissionBase {
  public:
-  void Apply(const std::vector<std::string>& allow,
+  void Apply(Environment* env,
+             const std::vector<std::string>& allow,
              PermissionScope scope) override;
   bool is_granted(PermissionScope perm,
                   const std::string_view& param = "") const override;
diff --git a/src/permission/permission.cc b/src/permission/permission.cc
@@ -130,11 +130,12 @@ void Permission::EnablePermissions() {
   }
 }
 
-void Permission::Apply(const std::vector<std::string>& allow,
+void Permission::Apply(Environment* env,
+                       const std::vector<std::string>& allow,
                        PermissionScope scope) {
   auto permission = nodes_.find(scope);
   if (permission != nodes_.end()) {
-    permission->second->Apply(allow, scope);
+    permission->second->Apply(env, allow, scope);
   }
 }
 
diff --git a/src/permission/permission.h b/src/permission/permission.h
@@ -49,7 +49,9 @@ class Permission {
                                 const std::string_view& res);
 
   // CLI Call
-  void Apply(const std::vector<std::string>& allow, PermissionScope scope);
+  void Apply(Environment* env,
+             const std::vector<std::string>& allow,
+             PermissionScope scope);
   void EnablePermissions();
 
  private:
diff --git a/src/permission/permission_base.h b/src/permission/permission_base.h
@@ -10,6 +10,8 @@
 
 namespace node {
 
+class Environment;
+
 namespace permission {
 
 #define FILESYSTEM_PERMISSIONS(V)                                              \
@@ -39,7 +41,8 @@ enum class PermissionScope {
 
 class PermissionBase {
  public:
-  virtual void Apply(const std::vector<std::string>& allow,
+  virtual void Apply(Environment* env,
+                     const std::vector<std::string>& allow,
                      PermissionScope scope) = 0;
   virtual bool is_granted(PermissionScope perm,
                           const std::string_view& param = "") const = 0;
diff --git a/src/permission/worker_permission.cc b/src/permission/worker_permission.cc
@@ -9,7 +9,8 @@ namespace permission {
 
 // Currently, PolicyDenyWorker manage a single state
 // Once denied, it's always denied
-void WorkerPermission::Apply(const std::vector<std::string>& allow,
+void WorkerPermission::Apply(Environment* env,
+                             const std::vector<std::string>& allow,
                              PermissionScope scope) {
   deny_all_ = true;
 }
diff --git a/src/permission/worker_permission.h b/src/permission/worker_permission.h
@@ -12,7 +12,8 @@ namespace permission {
 
 class WorkerPermission final : public PermissionBase {
  public:
-  void Apply(const std::vector<std::string>& allow,
+  void Apply(Environment* env,
+             const std::vector<std::string>& allow,
              PermissionScope scope) override;
   bool is_granted(PermissionScope perm,
                   const std::string_view& param = "") const override;
diff --git a/src/util.cc b/src/util.cc
diff --git a/src/util.h b/src/util.h
diff --git a/test/cctest/test_util.cc b/test/cctest/test_util.cc
diff --git a/test/parallel/test-permission-fs-absolute-path.js b/test/parallel/test-permission-fs-absolute-path.js
diff --git a/test/parallel/test-permission-fs-relative-path.js b/test/parallel/test-permission-fs-relative-path.js

Original file line number	Diff line number	Diff line change
`@@ -879,21 +879,25 @@ Environment::Environment(IsolateData* isolate_data,`
`879`	`879`	`// unless explicitly allowed by the user`
`880`	`880`	`options_->allow_native_addons = false;`
`881`	`881`	`flags_ = flags_ \| EnvironmentFlags::kNoCreateInspector;`
`882`		`- permission()->Apply({"*"}, permission::PermissionScope::kInspector);`
	`882`	`+ permission()->Apply(this, {"*"}, permission::PermissionScope::kInspector);`
`883`	`883`	`if (!options_->allow_child_process) {`
`884`		`- permission()->Apply({"*"}, permission::PermissionScope::kChildProcess);`
	`884`	`+ permission()->Apply(`
	`885`	`+ this, {"*"}, permission::PermissionScope::kChildProcess);`
`885`	`886`	`}`
`886`	`887`	`if (!options_->allow_worker_threads) {`
`887`		`- permission()->Apply({"*"}, permission::PermissionScope::kWorkerThreads);`
	`888`	`+ permission()->Apply(`
	`889`	`+ this, {"*"}, permission::PermissionScope::kWorkerThreads);`
`888`	`890`	`}`
`889`	`891`
`890`	`892`	`if (!options_->allow_fs_read.empty()) {`
`891`		`- permission()->Apply(options_->allow_fs_read,`
	`893`	`+ permission()->Apply(this,`
	`894`	`+ options_->allow_fs_read,`
`892`	`895`	`permission::PermissionScope::kFileSystemRead);`
`893`	`896`	`}`
`894`	`897`
`895`	`898`	`if (!options_->allow_fs_write.empty()) {`
`896`		`- permission()->Apply(options_->allow_fs_write,`
	`899`	`+ permission()->Apply(this,`
	`900`	`+ options_->allow_fs_write,`
`897`	`901`	`permission::PermissionScope::kFileSystemWrite);`
`898`	`902`	`}`
`899`	`903`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,8 @@ namespace permission {`
`9`	`9`
`10`	`10`	`// Currently, ChildProcess manage a single state`
`11`	`11`	`// Once denied, it's always denied`
`12`		`-void ChildProcessPermission::Apply(const std::vector<std::string>& allow,`
	`12`	`+void ChildProcessPermission::Apply(Environment* env,`
	`13`	`+ const std::vector<std::string>& allow,`
`13`	`14`	`PermissionScope scope) {`
`14`	`15`	`deny_all_ = true;`
`15`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,8 @@ namespace permission {`
`117`	`117`
`118`	`118`	`// allow = '*'`
`119`	`119`	`// allow = '/tmp/,/home/example.js'`
`120`		`-void FSPermission::Apply(const std::vector<std::string>& allow,`
	`120`	`+void FSPermission::Apply(Environment* env,`
	`121`	`+ const std::vector<std::string>& allow,`
`121`	`122`	`PermissionScope scope) {`
`122`	`123`	`for (const std::string& res : allow) {`
`123`	`124`	`if (res == "*") {`
`@@ -130,7 +131,7 @@ void FSPermission::Apply(const std::vector<std::string>& allow,`
`130`	`131`	`}`
`131`	`132`	`return;`
`132`	`133`	`}`
`133`		`- GrantAccess(scope, res);`
	`134`	`+ GrantAccess(scope, PathResolve(env, {res}));`
`134`	`135`	`}`
`135`	`136`	`}`
`136`	`137`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,8 @@ namespace permission {`
`8`	`8`
`9`	`9`	`// Currently, Inspector manage a single state`
`10`	`10`	`// Once denied, it's always denied`
`11`		`-void InspectorPermission::Apply(const std::vector<std::string>& allow,`
	`11`	`+void InspectorPermission::Apply(Environment* env,`
	`12`	`+ const std::vector<std::string>& allow,`
`12`	`13`	`PermissionScope scope) {`
`13`	`14`	`deny_all_ = true;`
`14`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -130,11 +130,12 @@ void Permission::EnablePermissions() {`
`130`	`130`	`}`
`131`	`131`	`}`
`132`	`132`
`133`		`-void Permission::Apply(const std::vector<std::string>& allow,`
	`133`	`+void Permission::Apply(Environment* env,`
	`134`	`+ const std::vector<std::string>& allow,`
`134`	`135`	`PermissionScope scope) {`
`135`	`136`	`auto permission = nodes_.find(scope);`
`136`	`137`	`if (permission != nodes_.end()) {`
`137`		`- permission->second->Apply(allow, scope);`
	`138`	`+ permission->second->Apply(env, allow, scope);`
`138`	`139`	`}`
`139`	`140`	`}`
`140`	`141`