From d3b071af8aa8df2d00e17d90d719390ecbc04625 Mon Sep 17 00:00:00 2001 From: Bill Ticehurst Date: Tue, 17 Apr 2018 21:07:34 -0700 Subject: [PATCH 1/3] Check that modules backed by read-only files can load (win32) --- test/parallel/test-module-readonly.js | 35 +++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 test/parallel/test-module-readonly.js diff --git a/test/parallel/test-module-readonly.js b/test/parallel/test-module-readonly.js new file mode 100644 index 00000000000000..540af43467c0e4 --- /dev/null +++ b/test/parallel/test-module-readonly.js @@ -0,0 +1,35 @@ +const fs = require('fs'); +const path = require('path'); +const cp = require('child_process'); + +const fixtures = require('../common/fixtures'); + +if (process.platform == 'win32') { + // Create readOnlyMod.js and set to read only + const readOnlyMod = fixtures.path('readOnlyMod'); + const readOnlyModRelative = path.relative(__dirname, readOnlyMod); + const readOnlyModFullPath = readOnlyMod + ".js"; + fs.writeFileSync(readOnlyModFullPath, "module.exports = 42;"); + + // Removed any inherited ACEs, and any explicitly granted ACEs for the current user + cp.execSync(`icacls.exe "${readOnlyModFullPath}" /inheritance:r /remove "%USERNAME%"`); + // Grant the current user read & execute only + cp.execSync(`icacls.exe "${readOnlyModFullPath}" /grant "%USERNAME%":RX`); + + let except = null; + try { + // Attempt to load the module. Will fail if write access is required + const mymod = require(readOnlyModRelative); + } catch(err) { + except = err; + } + + // Remove the expliclty granted rights, and reenable inheritance + cp.execSync(`icacls.exe "${readOnlyModFullPath}" /remove "%USERNAME%" /inheritance:e`); + + // Delete the file + fs.unlinkSync(readOnlyModFullPath); + + if (except) throw except; +} +// TODO: Similar checks on *nix-like systems (e.g. using chmod or the like) From 1d21f3a112a7002de3d1ba050b54f7150a0a4113 Mon Sep 17 00:00:00 2001 From: Bill Ticehurst Date: Tue, 17 Apr 2018 22:06:52 -0700 Subject: [PATCH 2/3] test: switched to using tmpdir for temporary module --- test/parallel/test-module-readonly.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/parallel/test-module-readonly.js b/test/parallel/test-module-readonly.js index 540af43467c0e4..71ed29e50599dd 100644 --- a/test/parallel/test-module-readonly.js +++ b/test/parallel/test-module-readonly.js @@ -1,12 +1,11 @@ +const os = require('os'); const fs = require('fs'); const path = require('path'); const cp = require('child_process'); -const fixtures = require('../common/fixtures'); - if (process.platform == 'win32') { // Create readOnlyMod.js and set to read only - const readOnlyMod = fixtures.path('readOnlyMod'); + const readOnlyMod = path.join(os.tmpdir(), 'readOnlyMod'); const readOnlyModRelative = path.relative(__dirname, readOnlyMod); const readOnlyModFullPath = readOnlyMod + ".js"; fs.writeFileSync(readOnlyModFullPath, "module.exports = 42;"); From 860578d005da89b56b37c7dac3a6649d576ed077 Mon Sep 17 00:00:00 2001 From: Bill Ticehurst Date: Tue, 17 Apr 2018 22:27:03 -0700 Subject: [PATCH 3/3] test: use the test defined tmpdir --- test/parallel/test-module-readonly.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/parallel/test-module-readonly.js b/test/parallel/test-module-readonly.js index 71ed29e50599dd..cd6ffff6860f99 100644 --- a/test/parallel/test-module-readonly.js +++ b/test/parallel/test-module-readonly.js @@ -1,11 +1,13 @@ -const os = require('os'); const fs = require('fs'); const path = require('path'); const cp = require('child_process'); +const tmpdir = require('../common/tmpdir'); +tmpdir.refresh(); + if (process.platform == 'win32') { // Create readOnlyMod.js and set to read only - const readOnlyMod = path.join(os.tmpdir(), 'readOnlyMod'); + const readOnlyMod = path.join(tmpdir.path, 'readOnlyMod'); const readOnlyModRelative = path.relative(__dirname, readOnlyMod); const readOnlyModFullPath = readOnlyMod + ".js"; fs.writeFileSync(readOnlyModFullPath, "module.exports = 42;");