diff options
author | Bradley Farias <bradley.meck@gmail.com> | 2019-01-23 16:21:46 -0600 |
---|---|---|
committer | Daniel Bevenius <daniel.bevenius@gmail.com> | 2019-01-29 08:08:50 +0100 |
commit | 78982389ce9265f5f65cd9e8a192e05389506927 (patch) | |
tree | eb20a408615edbc768ed025470c30e6ef5927f4e /lib/internal/process/policy.js | |
parent | d4d76b6be07841e4416fc5ab1445b73638fcea6a (diff) | |
download | android-node-v8-78982389ce9265f5f65cd9e8a192e05389506927.tar.gz android-node-v8-78982389ce9265f5f65cd9e8a192e05389506927.tar.bz2 android-node-v8-78982389ce9265f5f65cd9e8a192e05389506927.zip |
policy: ensure workers do not read fs for policy
This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.
PR-URL: https://github.com/nodejs/node/pull/25710
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Diffstat (limited to 'lib/internal/process/policy.js')
-rw-r--r-- | lib/internal/process/policy.js | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/lib/internal/process/policy.js b/lib/internal/process/policy.js index 0b037d4ef5..823130e3c1 100644 --- a/lib/internal/process/policy.js +++ b/lib/internal/process/policy.js @@ -5,10 +5,14 @@ const { } = require('internal/errors').codes; const { Manifest } = require('internal/policy/manifest'); let manifest; +let manifestSrc; +let manifestURL; module.exports = Object.freeze({ __proto__: null, setup(src, url) { + manifestSrc = src; + manifestURL = url; if (src === null) { manifest = null; return; @@ -31,6 +35,20 @@ module.exports = Object.freeze({ return manifest; }, + get src() { + if (typeof manifestSrc === 'undefined') { + throw new ERR_MANIFEST_TDZ(); + } + return manifestSrc; + }, + + get url() { + if (typeof manifestURL === 'undefined') { + throw new ERR_MANIFEST_TDZ(); + } + return manifestURL; + }, + assertIntegrity(moduleURL, content) { this.manifest.matchesIntegrity(moduleURL, content); } |