From 8f4325dcd5023496f62cd6cf89a04b666bf01639 Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Thu, 21 Dec 2023 17:36:05 +0000 Subject: [PATCH] permission: fix wildcard when children > 1 PR-URL: https://github.com/nodejs/node/pull/51209 Fixes: https://github.com/nodejs/node/issues/50659 Reviewed-By: Stephen Belanger Reviewed-By: Paolo Insogna Reviewed-By: Rich Trott --- src/permission/fs_permission.h | 8 ++++++++ test/parallel/test-permission-fs-wildcard.js | 20 ++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/src/permission/fs_permission.h b/src/permission/fs_permission.h index 1c818567934f7d..6f35ebc544b04a 100644 --- a/src/permission/fs_permission.h +++ b/src/permission/fs_permission.h @@ -78,6 +78,14 @@ class FSPermission final : public PermissionBase { return nullptr; } + // wildcard node takes precedence + if (children.size() > 1) { + auto it = children.find('*'); + if (it != children.end()) { + return it->second; + } + } + auto it = children.find(path[idx]); if (it == children.end()) { return nullptr; diff --git a/test/parallel/test-permission-fs-wildcard.js b/test/parallel/test-permission-fs-wildcard.js index 0c81ff5da51b87..9b2608e99dc84b 100644 --- a/test/parallel/test-permission-fs-wildcard.js +++ b/test/parallel/test-permission-fs-wildcard.js @@ -98,3 +98,23 @@ if (common.isWindows) { ); assert.strictEqual(status, 0, stderr.toString()); } + +{ + if (!common.isWindows) { + const { status, stderr } = spawnSync( + process.execPath, + [ + '--experimental-permission', + '--allow-fs-read=/a/b/*', + '--allow-fs-read=/a/b/d', + '-e', + ` + const assert = require('assert') + assert.ok(process.permission.has('fs.read', '/a/b/c')); + assert.ok(!process.permission.has('fs.read', '/a/c/c')); + `, + ] + ); + assert.strictEqual(status, 0, stderr.toString()); + } +}