From 00970daea2245bf4af6b3ee21d0e522fec5638b8 Mon Sep 17 00:00:00 2001 From: Matt Mastracci Date: Wed, 3 Jan 2024 16:31:39 -0700 Subject: fix(cli): harden permission stdio check (#21778) Harden the code that does permission checks to protect against re-opening of stdin. Code that runs FFI is vulnerable to an attack where fd 0 is closed during a permission check and re-opened with a file that contains a positive response (ie: `y` or `A`). While FFI code is dangerous in general, we can make it more difficult for FFI-enabled code to bypass additional permission checks. - Checks to see if the underlying file for stdin has changed from the start to the end of the permission check (detects races) - Checks to see if the message is excessively long (lowering the window for races) - Checks to see if stdin and stderr are still terminals at the end of the function (making races more difficult) --- cli/tests/integration/run_tests.rs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'cli/tests/integration/run_tests.rs') diff --git a/cli/tests/integration/run_tests.rs b/cli/tests/integration/run_tests.rs index 43bc212c6..36eee1100 100644 --- a/cli/tests/integration/run_tests.rs +++ b/cli/tests/integration/run_tests.rs @@ -707,6 +707,20 @@ fn permissions_prompt_allow_all_lowercase_a() { }); } +#[test] +fn permission_request_long() { + TestContext::default() + .new_command() + .args_vec(["run", "--quiet", "run/permission_request_long.ts"]) + .with_pty(|mut console| { + console.expect(concat!( + "❌ Permission prompt length (100017 bytes) was larger than the configured maximum length (10240 bytes): denying request.\r\n", + "❌ WARNING: This may indicate that code is trying to bypass or hide permission check requests.\r\n", + "❌ Run again with --allow-read to bypass this check if this is really what you want to do.\r\n", + )); + }); +} + itest!(deny_all_permission_args { args: "run --deny-env --deny-read --deny-write --deny-ffi --deny-run --deny-sys --deny-net --deny-hrtime run/deny_all_permission_args.js", output: "run/deny_all_permission_args.out", -- cgit v1.2.3