Skip to content

Commit

Permalink
fix: always require perms for high-risk modules
Browse files Browse the repository at this point in the history
  • Loading branch information
gabidobo committed Sep 6, 2022
1 parent dd2313b commit f9e9b21
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/module.js
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,7 @@ export const isModuleAllowedToExecute = ({
directCaller,
lastModuleCaller,
}) => {
if (directCaller?.module?.startsWith?.('node:')) {
if (directCaller?.module?.startsWith?.('node:') && !method.needsExplicitPermission) {
logger.debug(
'-> call has been allowed',
lastModuleCaller
Expand Down
18 changes: 18 additions & 0 deletions tests/unit/module.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,15 @@ describe('module', () => {
method: {name: 'method', needsExplicitPermission: true},
directCaller: {module: 'node:internal'},
}),
).toBeFalsy();

expect(
isModuleAllowedToExecute({
module: 'imate>one',
family: {name: 'imate'},
method: {name: 'method'},
directCaller: {module: 'node:internal'},
}),
).toBeTruthy();

expect(
Expand All @@ -128,6 +137,15 @@ describe('module', () => {
}),
).toBeFalsy();

expect(
isModuleAllowedToExecute({
module: 'imate>two',
family: {name: 'imate'},
method: {name: 'method'},
directCaller: {module: 'node:internal'},
}),
).toBeTruthy();

expect(
isModuleAllowedToExecute({
module: 'imate>two',
Expand Down

0 comments on commit f9e9b21

Please sign in to comment.