-
-
Notifications
You must be signed in to change notification settings - Fork 35.4k
Expand file tree
/
Copy pathtest-permission-config-file.mjs
More file actions
107 lines (94 loc) Β· 3.46 KB
/
test-permission-config-file.mjs
File metadata and controls
107 lines (94 loc) Β· 3.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import { spawnPromisified } from '../common/index.mjs';
import * as fixtures from '../common/fixtures.mjs';
import assert from 'node:assert';
import { describe, it } from 'node:test';
describe('Permission model config file support', () => {
it('should load filesystem read/write permissions from config file', async () => {
const configPath = fixtures.path('permission/config-fs-read-write.json');
const readTestPath = fixtures.path('permission/fs-read-test.js');
const writeTestPath = fixtures.path('permission/fs-write-test.js');
{
const result = await spawnPromisified(process.execPath, [
'--permission',
'--experimental-config-file',
configPath,
readTestPath,
]);
assert.strictEqual(result.code, 0);
}
{
const result = await spawnPromisified(process.execPath, [
'--permission',
'--experimental-config-file',
configPath,
writeTestPath,
]);
assert.strictEqual(result.code, 0);
}
});
it('should load child process and worker permissions from config file', async () => {
const configPath = fixtures.path('permission/config-child-worker.json');
const childTestPath = fixtures.path('permission/child-process-test.js');
const result = await spawnPromisified(process.execPath, [
'--permission',
'--experimental-config-file',
configPath,
'--allow-fs-read=*',
childTestPath,
]);
assert.strictEqual(result.code, 0);
});
it('should load network and inspector permissions from config file', async () => {
const configPath = fixtures.path('permission/config-net-inspector.json');
const result = await spawnPromisified(process.execPath, [
'--permission',
'--experimental-config-file',
configPath,
'--allow-fs-read=*',
'-p',
'process.permission.has("wasi") && process.permission.has("inspector")',
]);
assert.match(result.stdout, /true/);
assert.strictEqual(result.code, 0);
});
it('should load addons and wasi permissions from config file', async () => {
const configPath = fixtures.path('permission/config-addons-wasi.json');
const result = await spawnPromisified(process.execPath, [
'--permission',
'--experimental-config-file',
configPath,
'--allow-fs-read=*',
'-p',
'process.permission.has("addon") && process.permission.has("wasi")',
]);
assert.match(result.stdout, /true/);
assert.strictEqual(result.code, 0);
});
it('should deny operations when permissions are not in config file', async () => {
const configPath = fixtures.path('permission/config-fs-read-write.json');
const result = await spawnPromisified(process.execPath, [
'--permission',
'--experimental-config-file',
configPath,
'--allow-fs-read=*',
'-p',
'process.permission.has("child")',
]);
assert.match(result.stdout, /false/);
assert.strictEqual(result.code, 0);
});
it('should combine config file permissions with CLI flags', async () => {
const configPath = fixtures.path('permission/config-fs-read-write.json');
const result = await spawnPromisified(process.execPath, [
'--permission',
'--experimental-config-file',
configPath,
'--allow-child-process',
'--allow-fs-read=*',
'-p',
'process.permission.has("child") && process.permission.has("fs.read")',
]);
assert.match(result.stdout, /true/);
assert.strictEqual(result.code, 0);
});
});