diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/node.cc | 62 | ||||
-rw-r--r-- | src/node_config.cc | 17 | ||||
-rw-r--r-- | src/node_internals.h | 5 |
3 files changed, 84 insertions, 0 deletions
diff --git a/src/node.cc b/src/node.cc index a486220503..5ec559fe5f 100644 --- a/src/node.cc +++ b/src/node.cc @@ -587,6 +587,68 @@ const char* signo_string(int signo) { } } +// These are all flags available for use with NODE_OPTIONS. +// +// Disallowed flags: +// These flags cause Node to do things other than run scripts: +// --version / -v +// --eval / -e +// --print / -p +// --check / -c +// --interactive / -i +// --prof-process +// --v8-options +// These flags are disallowed because security: +// --preserve-symlinks +const char* const environment_flags[] = { + // Node options, sorted in `node --help` order for ease of comparison. + "--enable-fips", + "--experimental-modules", + "--experimenatl-repl-await", + "--experimental-vm-modules", + "--experimental-worker", + "--force-fips", + "--icu-data-dir", + "--inspect", + "--inspect-brk", + "--inspect-port", + "--loader", + "--napi-modules", + "--no-deprecation", + "--no-force-async-hooks-checks", + "--no-warnings", + "--openssl-config", + "--pending-deprecation", + "--redirect-warnings", + "--require", + "--throw-deprecation", + "--tls-cipher-list", + "--trace-deprecation", + "--trace-event-categories", + "--trace-event-file-pattern", + "--trace-events-enabled", + "--trace-sync-io", + "--trace-warnings", + "--track-heap-objects", + "--use-bundled-ca", + "--use-openssl-ca", + "--v8-pool-size", + "--zero-fill-buffers", + "-r" +}; + + // V8 options (define with '_', which allows '-' or '_') +const char* const v8_environment_flags[] = { + "--abort_on_uncaught_exception", + "--max_old_space_size", + "--perf_basic_prof", + "--perf_prof", + "--stack_trace_limit", +}; + +int v8_environment_flags_count = arraysize(v8_environment_flags); +int environment_flags_count = arraysize(environment_flags); + // Look up environment variable unless running as setuid root. bool SafeGetenv(const char* key, std::string* text) { #if !defined(__CloudABI__) && !defined(_WIN32) diff --git a/src/node_config.cc b/src/node_config.cc index d34269912e..c6e6211da2 100644 --- a/src/node_config.cc +++ b/src/node_config.cc @@ -5,6 +5,7 @@ namespace node { +using v8::Array; using v8::Boolean; using v8::Context; using v8::Integer; @@ -132,6 +133,22 @@ static void Initialize(Local<Object> target, READONLY_PROPERTY(debug_options_obj, "inspectorEnabled", Boolean::New(isolate, debug_options->inspector_enabled)); + + Local<Array> environmentFlags = Array::New(env->isolate(), + environment_flags_count); + READONLY_PROPERTY(target, "allowedNodeEnvironmentFlags", environmentFlags); + for (int i = 0; i < environment_flags_count; ++i) { + environmentFlags->Set(i, OneByteString(env->isolate(), + environment_flags[i])); + } + + Local<Array> v8EnvironmentFlags = Array::New(env->isolate(), + v8_environment_flags_count); + READONLY_PROPERTY(target, "allowedV8EnvironmentFlags", v8EnvironmentFlags); + for (int i = 0; i < v8_environment_flags_count; ++i) { + v8EnvironmentFlags->Set(i, OneByteString(env->isolate(), + v8_environment_flags[i])); + } } // InitConfig } // namespace node diff --git a/src/node_internals.h b/src/node_internals.h index d09bee0cb5..eb9e79d9e8 100644 --- a/src/node_internals.h +++ b/src/node_internals.h @@ -178,6 +178,11 @@ extern bool v8_initialized; extern std::shared_ptr<PerProcessOptions> per_process_opts; +extern const char* const environment_flags[]; +extern int environment_flags_count; +extern const char* const v8_environment_flags[]; +extern int v8_environment_flags_count; + // Forward declaration class Environment; |