blob: 8f14d9ee18c34a9ebe56dc09380fce1eb7037372 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
'use strict';
const common = require('../common');
if (!common.isWindows) {
// TODO: Similar checks on *nix-like systems (e.g using chmod or the like)
common.skip('test only runs on Windows');
}
const assert = require('assert');
const fs = require('fs');
const path = require('path');
const cp = require('child_process');
const tmpdir = require('../common/tmpdir');
tmpdir.refresh();
// Create readOnlyMod.js and set to read only
const readOnlyMod = path.join(tmpdir.path, 'readOnlyMod');
const readOnlyModRelative = path.relative(__dirname, readOnlyMod);
const readOnlyModFullPath = `${readOnlyMod}.js`;
fs.writeFileSync(readOnlyModFullPath, 'module.exports = 42;');
// Removed any inherited ACEs, and any explicitly granted ACEs for the
// current user
cp.execSync(
`icacls.exe "${readOnlyModFullPath}" /inheritance:r /remove "%USERNAME%"`);
// Grant the current user read & execute only
cp.execSync(`icacls.exe "${readOnlyModFullPath}" /grant "%USERNAME%":RX`);
let except = null;
try {
// Attempt to load the module. Will fail if write access is required
require(readOnlyModRelative);
} catch (err) {
except = err;
}
// Remove the explicitly granted rights, and re-enable inheritance
cp.execSync(
`icacls.exe "${readOnlyModFullPath}" /remove "%USERNAME%" /inheritance:e`);
// Delete the test module (note: tmpdir should get cleaned anyway)
fs.unlinkSync(readOnlyModFullPath);
assert.ifError(except);
|