/
test-cli-policy-deny-fs.js
113 lines (99 loc) Β· 2.95 KB
/
test-cli-policy-deny-fs.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const { spawnSync } = require('child_process');
const assert = require('assert');
const fs = require('fs');
{
const { status, stdout } = spawnSync(
process.execPath,
[
'--policy-deny-fs', 'fs', '-e',
`console.log(process.policy.check("fs"));
console.log(process.policy.check("fs.in"));
console.log(process.policy.check("fs.out"));`,
]
);
const [fs, fsIn, fsOut] = stdout.toString().split('\n');
assert.strictEqual(fs, 'false');
assert.strictEqual(fsIn, 'false');
assert.strictEqual(fsOut, 'false');
assert.strictEqual(status, 0);
}
{
const { status, stdout } = spawnSync(
process.execPath,
[
'--policy-deny-fs', 'in', '-e',
`console.log(process.policy.check("fs"));
console.log(process.policy.check("fs.in"));
console.log(process.policy.check("fs.out"));`,
]
);
const [fs, fsIn, fsOut] = stdout.toString().split('\n');
assert.strictEqual(fs, 'true');
assert.strictEqual(fsIn, 'false');
assert.strictEqual(fsOut, 'true');
assert.strictEqual(status, 0);
}
{
const { status, stdout } = spawnSync(
process.execPath,
[
'--policy-deny-fs', 'out', '-e',
`console.log(process.policy.check("fs"));
console.log(process.policy.check("fs.in"));
console.log(process.policy.check("fs.out"));`,
]
);
const [fs, fsIn, fsOut] = stdout.toString().split('\n');
assert.strictEqual(fs, 'true');
assert.strictEqual(fsIn, 'true');
assert.strictEqual(fsOut, 'false');
assert.strictEqual(status, 0);
}
{
const { status, stdout } = spawnSync(
process.execPath,
[
'--policy-deny-fs', 'out,in', '-e',
`console.log(process.policy.check("fs"));
console.log(process.policy.check("fs.in"));
console.log(process.policy.check("fs.out"));`,
]
);
const [fs, fsIn, fsOut] = stdout.toString().split('\n');
assert.strictEqual(fs, 'false');
assert.strictEqual(fsIn, 'false');
assert.strictEqual(fsOut, 'false');
assert.strictEqual(status, 0);
}
{
const { status, stderr } = spawnSync(
process.execPath,
['--policy-deny-fs=in', '-p', 'fs.readFileSync(process.execPath)']);
assert.ok(
stderr.toString().includes('Access to this API has been restricted'),
stderr);
assert.strictEqual(status, 1);
}
{
const { status, stderr } = spawnSync(
process.execPath,
['--policy-deny-fs=fs', '-p', 'fs.readFileSync(process.execPath)']);
assert.ok(
stderr.toString().includes('Access to this API has been restricted'),
stderr);
assert.strictEqual(status, 1);
}
{
const { status, stderr } = spawnSync(
process.execPath,
['--policy-deny-fs=out', '-p', 'fs.writeFileSync("policy-deny-example.md", "# test")']);
assert.ok(
stderr.toString().includes('Access to this API has been restricted'),
stderr);
assert.strictEqual(status, 1);
assert.ok(!fs.existsSync('policy-deny-example.md'));
}