diff options
author | Christopher Hiller <boneskull@boneskull.com> | 2018-03-13 15:53:39 -0700 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2018-08-24 18:15:19 -0700 |
commit | 80143f616d8fb56c1d5e98c0d0857a1288b8bf87 (patch) | |
tree | cd24ad53424854e90e6390d122cbc82a84cc701e /src | |
parent | 6dd694c1257ded6d8a9f3b48e8c9027c3986a285 (diff) | |
download | android-node-v8-80143f616d8fb56c1d5e98c0d0857a1288b8bf87.tar.gz android-node-v8-80143f616d8fb56c1d5e98c0d0857a1288b8bf87.tar.bz2 android-node-v8-80143f616d8fb56c1d5e98c0d0857a1288b8bf87.zip |
process: add allowedNodeEnvironmentFlags property
`process.allowedNodeEnvironmentFlags` provides an API to validate and
list flags as specified in `NODE_OPTIONS` from user code.
Refs: https://github.com/nodejs/node/issues/17740
Signed-off-by: Christopher Hiller <boneskull@boneskull.com>
PR-URL: https://github.com/nodejs/node/pull/19335
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: John-David Dalton <john.david.dalton@gmail.com>
Reviewed-By: Sam Ruby <rubys@intertwingly.net>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'src')
-rw-r--r-- | src/node.cc | 62 | ||||
-rw-r--r-- | src/node_config.cc | 17 | ||||
-rw-r--r-- | src/node_internals.h | 5 |
3 files changed, 84 insertions, 0 deletions
diff --git a/src/node.cc b/src/node.cc index a486220503..5ec559fe5f 100644 --- a/src/node.cc +++ b/src/node.cc @@ -587,6 +587,68 @@ const char* signo_string(int signo) { } } +// These are all flags available for use with NODE_OPTIONS. +// +// Disallowed flags: +// These flags cause Node to do things other than run scripts: +// --version / -v +// --eval / -e +// --print / -p +// --check / -c +// --interactive / -i +// --prof-process +// --v8-options +// These flags are disallowed because security: +// --preserve-symlinks +const char* const environment_flags[] = { + // Node options, sorted in `node --help` order for ease of comparison. + "--enable-fips", + "--experimental-modules", + "--experimenatl-repl-await", + "--experimental-vm-modules", + "--experimental-worker", + "--force-fips", + "--icu-data-dir", + "--inspect", + "--inspect-brk", + "--inspect-port", + "--loader", + "--napi-modules", + "--no-deprecation", + "--no-force-async-hooks-checks", + "--no-warnings", + "--openssl-config", + "--pending-deprecation", + "--redirect-warnings", + "--require", + "--throw-deprecation", + "--tls-cipher-list", + "--trace-deprecation", + "--trace-event-categories", + "--trace-event-file-pattern", + "--trace-events-enabled", + "--trace-sync-io", + "--trace-warnings", + "--track-heap-objects", + "--use-bundled-ca", + "--use-openssl-ca", + "--v8-pool-size", + "--zero-fill-buffers", + "-r" +}; + + // V8 options (define with '_', which allows '-' or '_') +const char* const v8_environment_flags[] = { + "--abort_on_uncaught_exception", + "--max_old_space_size", + "--perf_basic_prof", + "--perf_prof", + "--stack_trace_limit", +}; + +int v8_environment_flags_count = arraysize(v8_environment_flags); +int environment_flags_count = arraysize(environment_flags); + // Look up environment variable unless running as setuid root. bool SafeGetenv(const char* key, std::string* text) { #if !defined(__CloudABI__) && !defined(_WIN32) diff --git a/src/node_config.cc b/src/node_config.cc index d34269912e..c6e6211da2 100644 --- a/src/node_config.cc +++ b/src/node_config.cc @@ -5,6 +5,7 @@ namespace node { +using v8::Array; using v8::Boolean; using v8::Context; using v8::Integer; @@ -132,6 +133,22 @@ static void Initialize(Local<Object> target, READONLY_PROPERTY(debug_options_obj, "inspectorEnabled", Boolean::New(isolate, debug_options->inspector_enabled)); + + Local<Array> environmentFlags = Array::New(env->isolate(), + environment_flags_count); + READONLY_PROPERTY(target, "allowedNodeEnvironmentFlags", environmentFlags); + for (int i = 0; i < environment_flags_count; ++i) { + environmentFlags->Set(i, OneByteString(env->isolate(), + environment_flags[i])); + } + + Local<Array> v8EnvironmentFlags = Array::New(env->isolate(), + v8_environment_flags_count); + READONLY_PROPERTY(target, "allowedV8EnvironmentFlags", v8EnvironmentFlags); + for (int i = 0; i < v8_environment_flags_count; ++i) { + v8EnvironmentFlags->Set(i, OneByteString(env->isolate(), + v8_environment_flags[i])); + } } // InitConfig } // namespace node diff --git a/src/node_internals.h b/src/node_internals.h index d09bee0cb5..eb9e79d9e8 100644 --- a/src/node_internals.h +++ b/src/node_internals.h @@ -178,6 +178,11 @@ extern bool v8_initialized; extern std::shared_ptr<PerProcessOptions> per_process_opts; +extern const char* const environment_flags[]; +extern int environment_flags_count; +extern const char* const v8_environment_flags[]; +extern int v8_environment_flags_count; + // Forward declaration class Environment; |