test: add test for loading read-only modules #20138
Adds a test-case to cover loading modules the user does not have permission to write to. Covers issue logged in #20112
- Loading branch information
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| 'use strict'; | ||
|
|
||
| const common = require('../common'); | ||
| const assert = require('assert'); | ||
| const fs = require('fs'); | ||
| const path = require('path'); | ||
| const cp = require('child_process'); | ||
|
|
||
| const tmpdir = require('../common/tmpdir'); | ||
| tmpdir.refresh(); | ||
|
|
||
| if (common.isWindows) { | ||
| // Create readOnlyMod.js and set to read only | ||
| const readOnlyMod = path.join(tmpdir.path, 'readOnlyMod'); | ||
| const readOnlyModRelative = path.relative(__dirname, readOnlyMod); | ||
| const readOnlyModFullPath = readOnlyMod + '.js'; | ||
|
Contributor
There was a problem hiding this comment. We usually prefer template literals in such cases, so maybe: but feel free to ignore this and next stylistic notes) |
||
|
|
||
| fs.writeFileSync(readOnlyModFullPath, 'module.exports = 42;'); | ||
| // Removed any inherited ACEs, and any explicitly granted ACEs for the | ||
| // current user | ||
| cp.execSync('icacls.exe "' + readOnlyModFullPath + | ||
|
Contributor
There was a problem hiding this comment. Maybe: cp.execSync(
`icacls.exe "${readOnlyModFullPath}" /inheritance:r /remove "%USERNAME%"`);
Contributor
Author
There was a problem hiding this comment. I did originally have template literals, but a) I wasn't sure they were supported all the way back to all LTS releases (I see now they are), and b) One long string was exceeded the lint line limit (but I could wrap it as shown above). I can add them back if desired.
Contributor
There was a problem hiding this comment. Personally, I find template literals in these cases more clear, they have less syntactic noise (operators, quotes), but this can be my personal taste, so you can decide freely) We did not set strict linting rule for this, but we had many PRs that have replaced concatenations with templates, so templates may be prevalent style in tests now. |
||
| '" /inheritance:r /remove "%USERNAME%"'); | ||
|
|
||
| // Grant the current user read & execute only | ||
| cp.execSync('icacls.exe "' + readOnlyModFullPath + | ||
|
Contributor
There was a problem hiding this comment. Maybe: cp.execSync(`icacls.exe "${readOnlyModFullPath}" /grant "%USERNAME%":RX`); |
||
| '" /grant "%USERNAME%":RX'); | ||
|
|
||
| let except = null; | ||
| try { | ||
| // Attempt to load the module. Will fail if write access is required | ||
| require(readOnlyModRelative); | ||
| } catch (err) { | ||
| except = err; | ||
| } | ||
|
|
||
| // Remove the expliclty granted rights, and reenable inheritance | ||
| cp.execSync('icacls.exe "' + readOnlyModFullPath + | ||
|
Contributor
There was a problem hiding this comment. Maybe: cp.execSync(
`icacls.exe "${readOnlyModFullPath}" /remove "%USERNAME%" /inheritance:e`); |
||
| '" /remove "%USERNAME%" /inheritance:e'); | ||
| // Delete the test module (note: tmpdir should get cleaned anyway) | ||
| fs.unlinkSync(readOnlyModFullPath); | ||
|
|
||
| assert.ifError(except); | ||
| } else { | ||
| // TODO: Similar checks on *nix-like systems (e.g using chmod or the like) | ||
| common.skip('test only runs on Windows'); | ||
| } | ||
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe it would be more optimal to add this check at the beginning, something like:
This way the test will not waste the time and resources loading all the other modules.
common.skip()makes the script exit, so noelseis required after it and we can save one indentation level as well.