archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-17 14:48:58 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
44097 commits 56 branches 897 tags 2 GiB
Commit graph

7 commits

Author SHA1 Message Date
Rafael Gonzaga
be04d06488
src,lib: stabilize permission model 
Move permission model from 1.1 (Active Development)
to 2.0 (Stable).

PR-URL: https://github.com/nodejs/node/pull/56201
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
 2024-12-12 12:11:58 +00:00
Rafael Gonzaga
358ff748ea
lib,permission: support Buffer to permission.has 
PR-URL: https://github.com/nodejs/node/pull/54104
Fixes: https://github.com/nodejs/node/issues/54100
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
 2024-08-03 16:46:57 +00:00
Rafael Gonzaga
0095726bf3
lib: remove path.resolve from permissions.js 
PR-URL: https://github.com/nodejs/node/pull/53729
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
 2024-07-08 12:01:38 +00:00
RafaelGSS
205f1e643e permission: handle fs path traversal 
PR-URL: https://github.com/nodejs-private/node-private/pull/403
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1952978
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
CVE-ID: CVE-2023-30584
 2023-06-20 17:31:47 -03:00
Daeyeon Jeong
4eec3626f2
permission: resolve reference to absolute path only for fs permission 
For other candidate permissions, such as "net" or "env", this patch
will pass the reference without resolving it to an absolute path.

Signed-off-by: Daeyeon Jeong <daeyeon.dev@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/47930
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
 2023-05-11 14:50:44 +00:00
Rafael Gonzaga
6fd147c4b0
permission: drop process.permission.deny 
PR-URL: https://github.com/nodejs/node/pull/47335
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
 2023-04-04 17:14:04 +00:00
Rafael Gonzaga
00c222593e
src,process: add permission model 
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs/node/pull/44004
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
 2023-02-23 18:11:51 +00:00