diff options
author | Christopher Hiller <boneskull@boneskull.com> | 2018-03-13 15:53:39 -0700 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2018-08-24 18:15:19 -0700 |
commit | 80143f616d8fb56c1d5e98c0d0857a1288b8bf87 (patch) | |
tree | cd24ad53424854e90e6390d122cbc82a84cc701e /src/node.cc | |
parent | 6dd694c1257ded6d8a9f3b48e8c9027c3986a285 (diff) | |
download | android-node-v8-80143f616d8fb56c1d5e98c0d0857a1288b8bf87.tar.gz android-node-v8-80143f616d8fb56c1d5e98c0d0857a1288b8bf87.tar.bz2 android-node-v8-80143f616d8fb56c1d5e98c0d0857a1288b8bf87.zip |
process: add allowedNodeEnvironmentFlags property
`process.allowedNodeEnvironmentFlags` provides an API to validate and
list flags as specified in `NODE_OPTIONS` from user code.
Refs: https://github.com/nodejs/node/issues/17740
Signed-off-by: Christopher Hiller <boneskull@boneskull.com>
PR-URL: https://github.com/nodejs/node/pull/19335
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: John-David Dalton <john.david.dalton@gmail.com>
Reviewed-By: Sam Ruby <rubys@intertwingly.net>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'src/node.cc')
-rw-r--r-- | src/node.cc | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/src/node.cc b/src/node.cc index a486220503..5ec559fe5f 100644 --- a/src/node.cc +++ b/src/node.cc @@ -587,6 +587,68 @@ const char* signo_string(int signo) { } } +// These are all flags available for use with NODE_OPTIONS. +// +// Disallowed flags: +// These flags cause Node to do things other than run scripts: +// --version / -v +// --eval / -e +// --print / -p +// --check / -c +// --interactive / -i +// --prof-process +// --v8-options +// These flags are disallowed because security: +// --preserve-symlinks +const char* const environment_flags[] = { + // Node options, sorted in `node --help` order for ease of comparison. + "--enable-fips", + "--experimental-modules", + "--experimenatl-repl-await", + "--experimental-vm-modules", + "--experimental-worker", + "--force-fips", + "--icu-data-dir", + "--inspect", + "--inspect-brk", + "--inspect-port", + "--loader", + "--napi-modules", + "--no-deprecation", + "--no-force-async-hooks-checks", + "--no-warnings", + "--openssl-config", + "--pending-deprecation", + "--redirect-warnings", + "--require", + "--throw-deprecation", + "--tls-cipher-list", + "--trace-deprecation", + "--trace-event-categories", + "--trace-event-file-pattern", + "--trace-events-enabled", + "--trace-sync-io", + "--trace-warnings", + "--track-heap-objects", + "--use-bundled-ca", + "--use-openssl-ca", + "--v8-pool-size", + "--zero-fill-buffers", + "-r" +}; + + // V8 options (define with '_', which allows '-' or '_') +const char* const v8_environment_flags[] = { + "--abort_on_uncaught_exception", + "--max_old_space_size", + "--perf_basic_prof", + "--perf_prof", + "--stack_trace_limit", +}; + +int v8_environment_flags_count = arraysize(v8_environment_flags); +int environment_flags_count = arraysize(environment_flags); + // Look up environment variable unless running as setuid root. bool SafeGetenv(const char* key, std::string* text) { #if !defined(__CloudABI__) && !defined(_WIN32) |