diff options
author | Bradley Farias <bradley.meck@gmail.com> | 2019-06-05 13:33:07 -0500 |
---|---|---|
committer | Michaƫl Zasso <targos@protonmail.com> | 2019-07-22 21:20:42 +0200 |
commit | 2eeb44f3facb58dacbcb2f270d4f169a2c81ee08 (patch) | |
tree | cb3ecdb07852362d181312eb6ffd204d86199b09 /src/node_options.cc | |
parent | cf811ecd47cf2c4f5bec2b27577c6d414842b703 (diff) | |
download | android-node-v8-2eeb44f3facb58dacbcb2f270d4f169a2c81ee08.tar.gz android-node-v8-2eeb44f3facb58dacbcb2f270d4f169a2c81ee08.tar.bz2 android-node-v8-2eeb44f3facb58dacbcb2f270d4f169a2c81ee08.zip |
policy: add policy-integrity to mitigate policy tampering
PR-URL: https://github.com/nodejs/node/pull/28734
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Guy Bedford <guybedford@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Diffstat (limited to 'src/node_options.cc')
-rw-r--r-- | src/node_options.cc | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/node_options.cc b/src/node_options.cc index 829154c3bf..2eed3f8222 100644 --- a/src/node_options.cc +++ b/src/node_options.cc @@ -116,6 +116,13 @@ void EnvironmentOptions::CheckOptions(std::vector<std::string>* errors) { if (!userland_loader.empty() && !experimental_modules) { errors->push_back("--loader requires --experimental-modules be enabled"); } + if (has_policy_integrity_string && experimental_policy.empty()) { + errors->push_back("--policy-integrity requires " + "--experimental-policy be enabled"); + } + if (has_policy_integrity_string && experimental_policy_integrity.empty()) { + errors->push_back("--policy-integrity cannot be empty"); + } if (!module_type.empty()) { if (!experimental_modules) { @@ -321,6 +328,15 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() { "security policy", &EnvironmentOptions::experimental_policy, kAllowedInEnvironment); + AddOption("[has_policy_integrity_string]", + "", + &EnvironmentOptions::has_policy_integrity_string); + AddOption("--policy-integrity", + "ensure the security policy contents match " + "the specified integrity", + &EnvironmentOptions::experimental_policy_integrity, + kAllowedInEnvironment); + Implies("--policy-integrity", "[has_policy_integrity_string]"); AddOption("--experimental-repl-await", "experimental await keyword support in REPL", &EnvironmentOptions::experimental_repl_await, |