Skip to content

Commit 63f62d7

Browse files
theanarkhtargos
theanarkh
authored and
targos
committed
src: fix permission inspector crash
PR-URL: #53389 Fixes: #53385 Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Kohei Ueno <kohei.ueno119@gmail.com>
1 parent 602b9d6 commit 63f62d7

File tree

4 files changed

+60
-0
lines changed

4 files changed

+60
-0
lines changed

src/inspector_js_api.cc

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,9 @@ void SetConsoleExtensionInstaller(const FunctionCallbackInfo<Value>& info) {
181181

182182
void CallAndPauseOnStart(const FunctionCallbackInfo<v8::Value>& args) {
183183
Environment* env = Environment::GetCurrent(args);
184+
THROW_IF_INSUFFICIENT_PERMISSIONS(env,
185+
permission::PermissionScope::kInspector,
186+
"PauseOnNextJavascriptStatement");
184187
CHECK_GT(args.Length(), 1);
185188
CHECK(args[0]->IsFunction());
186189
SlicedArguments call_args(args, /* start */ 2);

src/node_contextify.cc

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1123,6 +1123,21 @@ bool ContextifyScript::EvalMachine(Local<Context> context,
11231123

11241124
#if HAVE_INSPECTOR
11251125
if (break_on_first_line) {
1126+
if (UNLIKELY(!env->permission()->is_granted(
1127+
env,
1128+
permission::PermissionScope::kInspector,
1129+
"PauseOnNextJavascriptStatement"))) {
1130+
node::permission::Permission::ThrowAccessDenied(
1131+
env,
1132+
permission::PermissionScope::kInspector,
1133+
"PauseOnNextJavascriptStatement");
1134+
if (display_errors) {
1135+
// We should decorate non-termination exceptions
1136+
errors::DecorateErrorStack(env, try_catch);
1137+
}
1138+
try_catch.ReThrow();
1139+
return false;
1140+
}
11261141
env->inspector_agent()->PauseOnNextJavascriptStatement("Break on start");
11271142
}
11281143
#endif

test/fixtures/permission/inspector-brk.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
console.log("Hi!")

test/parallel/test-permission-inspector-brk.js

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
'use strict';
2+
3+
const common = require('../common');
4+
const assert = require('assert');
5+
const { spawnSync } = require('child_process');
6+
const fixtures = require('../common/fixtures');
7+
const file = fixtures.path('permission', 'inspector-brk.js');
8+
9+
common.skipIfWorker();
10+
common.skipIfInspectorDisabled();
11+
12+
// See https://github.com/nodejs/node/issues/53385
13+
{
14+
const { status, stderr } = spawnSync(
15+
process.execPath,
16+
[
17+
'--experimental-permission',
18+
'--allow-fs-read=*',
19+
'--inspect-brk',
20+
file,
21+
],
22+
);
23+
24+
assert.strictEqual(status, 1);
25+
assert.match(stderr.toString(), /Error: Access to this API has been restricted/);
26+
}
27+
28+
{
29+
const { status, stderr } = spawnSync(
30+
process.execPath,
31+
[
32+
'--experimental-permission',
33+
'--inspect-brk',
34+
'--eval',
35+
'console.log("Hi!")',
36+
],
37+
);
38+
39+
assert.strictEqual(status, 1);
40+
assert.match(stderr.toString(), /Error: Access to this API has been restricted/);
41+
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy