nodejs · nodejs-github-bot · Jul 13, 2023 · Jun 30, 2023
diff --git a/src/debug_utils.h b/src/debug_utils.h
@@ -50,7 +50,8 @@ void NODE_EXTERN_PRIVATE FWrite(FILE* file, const std::string& str);
   V(NGTCP2_DEBUG)                                                              \
   V(SEA)                                                                       \
   V(WASI)                                                                      \
-  V(MKSNAPSHOT)
+  V(MKSNAPSHOT)                                                                \
+  V(PERMISSION_MODEL)
 
 enum class DebugCategory : unsigned int {
 #define V(name) name,

diff --git a/src/permission/fs_permission.cc b/src/permission/fs_permission.cc
@@ -1,5 +1,6 @@
 #include "fs_permission.h"
 #include "base_object-inl.h"
+#include "debug_utils-inl.h"
 #include "util.h"
 #include "v8.h"
 
@@ -72,6 +73,46 @@ namespace node {
 
 namespace permission {
 
+void PrintTree(FSPermission::RadixTree::Node* node, int spaces = 0) {
+  std::string whitespace(spaces, ' ');
+
+  if (node == nullptr) {
+    return;
+  }
+  if (node->wildcard_child != nullptr) {
+    per_process::Debug(DebugCategory::PERMISSION_MODEL,
+                       "%s Wildcard: %s\n",
+                       whitespace,
+                       node->prefix);
+  } else {
+    per_process::Debug(DebugCategory::PERMISSION_MODEL,
+                       "%s Prefix: %s\n",
+                       whitespace,
+                       node->prefix);
+    if (node->children.size()) {
+      int child = 0;
+      for (const auto pair : node->children) {
+        ++child;
+        per_process::Debug(DebugCategory::PERMISSION_MODEL,
+                           "%s Child(%s): %s\n",
+                           whitespace,
+                           child,
+                           std::string(1, pair.first));
+        PrintTree(pair.second, spaces + 2);
+      }
+      per_process::Debug(DebugCategory::PERMISSION_MODEL,
+                         "%s End of tree - child(%s)\n",
+                         whitespace,
+                         child);
+    } else {
+      per_process::Debug(DebugCategory::PERMISSION_MODEL,
+                         "%s End of tree: %s\n",
+                         whitespace,
+                         node->prefix);
+    }
+  }
+}
+
 // allow = '*'
 // allow = '/tmp/,/home/example.js'
 void FSPermission::Apply(const std::string& allow, PermissionScope scope) {
@@ -175,6 +216,12 @@ void FSPermission::RadixTree::Insert(const std::string& path) {
       parent_node_prefix_len = i;
     }
   }
+
+  if (UNLIKELY(per_process::enabled_debug_list.enabled(
+          DebugCategory::PERMISSION_MODEL))) {
+    per_process::Debug(DebugCategory::PERMISSION_MODEL, "Inserting %s\n", path);
+    PrintTree(root_node_);
+  }
 }
 
 }  // namespace permission

diff --git a/src/permission/fs_permission.h b/src/permission/fs_permission.h
@@ -18,8 +18,6 @@ class FSPermission final : public PermissionBase {
   void Apply(const std::string& allow, PermissionScope scope) override;
   bool is_granted(PermissionScope perm, const std::string_view& param) override;
 
-  // For debugging purposes, use the gist function to print the whole tree
-  // https://gist.github.com/RafaelGSS/5b4f09c559a54f53f9b7c8c030744d19
   struct RadixTree {
     struct Node {
       std::string prefix;