Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

permission: v8.writeHeapSnapshot and process.report #48564

Merged
merged 2 commits into from
Jul 4, 2023
Merged

permission: v8.writeHeapSnapshot and process.report #48564

merged 2 commits into from
Jul 4, 2023

Conversation

RafaelGSS
Copy link
Member

@RafaelGSS RafaelGSS commented Jun 26, 2023
edited
Loading

Even though the permission model, for now, doesn't handle other scopes than the node:fs module. Adding this validation on common write operations seems reasonable.

Co-Authored-By: @Haxatron

cc: @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added c Issues and PRs that require attention from people who are familiar with C . lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Jun 26, 2023
@RafaelGSS RafaelGSS added the request-ci Add this label to start a Jenkins CI on a PR. label Jun 27, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jun 27, 2023
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/52502/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/52512/

@RafaelGSS RafaelGSS added the request-ci Add this label to start a Jenkins CI on a PR. label Jun 27, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jun 27, 2023
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/52516/

@github-actions github-actions bot mentioned this pull request Jun 28, 2023
Open
36 tasks
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/52535/

joyeecheung
joyeecheung reviewed Jun 28, 2023
View reviewed changes
src/heap_utils.cc Outdated Show resolved Hide resolved
src/node_report.cc Show resolved Hide resolved
This was referenced Jun 29, 2023
Open
Open
RafaelGSS
RafaelGSS commented Jun 30, 2023
View reviewed changes
src/node_report.cc
@@ -871,6 874,13 @@ std::string TriggerNodeReport(Isolate* isolate,
filename = *DiagnosticFilename(
env != nullptr ? env->thread_id() : 0, "report", "json");
}
if (env != nullptr) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not entirely sure about when the env is null. Would that happen only when OOM or another crash reporter happens? If so, what would be the best way to throw an exception here?

Maybe @gireeshpunathil has some thoughts on this?

@RafaelGSS RafaelGSS added the request-ci Add this label to start a Jenkins CI on a PR. label Jun 30, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jun 30, 2023
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/52573/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/52574/

This was referenced Jul 1, 2023
Open
Open
Open
Open
ShogunPanda
ShogunPanda approved these changes Jul 4, 2023
View reviewed changes
Copy link
Contributor

@ShogunPanda ShogunPanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than your own comment, LGTM

@RafaelGSS RafaelGSS added the commit-queue Add this label to land a pull request using GitHub Actions. label Jul 4, 2023
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Jul 4, 2023
@nodejs-github-bot nodejs-github-bot merged commit 74c2d9c into nodejs:main Jul 4, 2023
27 checks passed
@nodejs-github-bot
Copy link
Collaborator

Landed in 74c2d9c

@tniessen
Copy link
Member

tniessen commented Jul 4, 2023

FWIW, the commit message does not adhere to the guidelines.

@RafaelGSS
Copy link
Member Author

FWIW, the commit message does not adhere to the guidelines.

What's missing?

@github-actions github-actions bot mentioned this pull request Jul 5, 2023
Open
20 tasks
@tniessen
Copy link
Member

tniessen commented Jul 5, 2023

An imperative verb after the subsystem :)

@targos
Copy link
Member

targos commented Jul 5, 2023

And in general, the commit message doesn't make much sense. It's impossible (at least for me) to understand what the commit does without looking at the diff.

This was referenced Jul 6, 2023
Open
Open
Open
Open
juanarbol pushed a commit that referenced this pull request Jul 13, 2023
@RafaelGSS @Haxatron @juanarbol
permission: v8.writeHeapSnapshot and process.report
f4333b1 
Co-Authored-By: haxatron <[email protected]>
Signed-off-by: RafaelGSS <[email protected]>
PR-URL: #48564
Reviewed-By: Paolo Insogna <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
@juanarbol juanarbol mentioned this pull request Jul 13, 2023
Merged
@tniessen tniessen added the permission Issues and PRs related to the Permission Model label Aug 10, 2023
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
@RafaelGSS @Haxatron @Ceres6
permission: v8.writeHeapSnapshot and process.report
4f8badc 
Co-Authored-By: haxatron <[email protected]>
Signed-off-by: RafaelGSS <[email protected]>
PR-URL: nodejs#48564
Reviewed-By: Paolo Insogna <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
@RafaelGSS @Haxatron @Ceres6
permission: v8.writeHeapSnapshot and process.report
679accc 
Co-Authored-By: haxatron <[email protected]>
Signed-off-by: RafaelGSS <[email protected]>
PR-URL: nodejs#48564
Reviewed-By: Paolo Insogna <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
@ruyadorno ruyadorno added dont-land-on-v16.x dont-land-on-v18.x PRs that should not land on the v18.x-staging branch and should not be released in v18.x. labels Sep 11, 2023
@ruyadorno
Copy link
Member

@RafaelGSS corret me if I'm wrong but I don't believe the permission system is on v18.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShogunPanda ShogunPanda ShogunPanda approved these changes

@marco-ippolito marco-ippolito marco-ippolito approved these changes

@joyeecheung joyeecheung Awaiting requested review from joyeecheung

Assignees
No one assigned
Labels
c Issues and PRs that require attention from people who are familiar with C . dont-land-on-v18.x PRs that should not land on the v18.x-staging branch and should not be released in v18.x. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. permission Issues and PRs related to the Permission Model
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@RafaelGSS @nodejs-github-bot @tniessen @targos @ruyadorno @ShogunPanda @joyeecheung @marco-ippolito