Skip to content

permission: propagate permission model flags on spawn #58853

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

permission: propagate permission model flags on spawn #58853

wants to merge 1 commit into from
+171 −18

Conversation

RafaelGSS
Copy link
Member

Previously, only child_process.fork propagated the exec arguments (execvArgs) to the child process.
This commit adds support for spawn and spawnSync to propagate permission model flags — except when they are already provided explicitly via arguments or through NODE_OPTIONS.

@RafaelGSS RafaelGSS added the permission Issues and PRs related to the Permission Model label Jun 26, 2025
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added child_process Issues and PRs related to the child_process subsystem. needs-ci PRs that need a full CI run. process Issues and PRs related to the process subsystem. labels Jun 26, 2025
@RafaelGSS
Copy link
Member Author

Since --allow-child-process is still on experimental phrase, it's fine to keep it as semver-minor.

@RafaelGSS RafaelGSS added the semver-minor PRs that contain new features and should be released in the next minor version. label Jun 26, 2025
@RafaelGSS RafaelGSS force-pushed the inherit-pm-to-child-process branch from a397ace to ecf6a03 Compare June 26, 2025 21:07
@codecov Codecov
Copy link

codecov bot commented Jun 26, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 47.82609% with 24 lines in your changes missing coverage. Please review.

Project coverage is 90.07%. Comparing base (d08513d) to head (1f5354a).
Report is 21 commits behind head on main.

Files with missing lines Patch % Lines
lib/child_process.js 27.27% 24 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #58853      +/-   ##
==========================================
- Coverage   90.11%   90.07%   -0.04%     
==========================================
  Files         640      640              
  Lines      188363   188485     +122     
  Branches    36931    36965      +34     
==========================================
+ Hits       169739   169784      +45     
- Misses      11341    11390      +49     
- Partials     7283     7311      +28
Files with missing lines Coverage Δ
lib/internal/process/permission.js 76.59% <100.00%> (+7.15%) ⬆️
lib/internal/process/pre_execution.js 91.39% <100.00%> (-0.10%) ⬇️
lib/child_process.js 95.54% <27.27%> (-2.21%) ⬇️

... and 47 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

mcollina
mcollina approved these changes Jun 26, 2025
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@RafaelGSS RafaelGSS added request-ci Add this label to start a Jenkins CI on a PR. notable-change PRs with changes that should be highlighted in changelogs. labels Jun 27, 2025
@github-actions GitHub Actions
Copy link
Contributor

The notable-change PRs with changes that should be highlighted in changelogs. label has been added by @RafaelGSS.

Please suggest a text for the release notes if you'd like to include a more detailed summary, then proceed to update the PR description with the text or a link to the notable change suggested text comment. Otherwise, the commit will be placed in the Other Notable Changes section.

@RafaelGSS
Copy link
Member Author

Adding notable-change label as it will impact current users of --allow-child-process

@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jun 27, 2025
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/67682/

@RafaelGSS RafaelGSS force-pushed the inherit-pm-to-child-process branch from ecf6a03 to 29b915a Compare June 27, 2025 18:06
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/67689/

jasnell
jasnell reviewed Jun 27, 2025
View reviewed changes
lib/child_process.js

function copyPermissionModelFlagsToEnv(env, key, args) {
// Do not override if permission was already passed to file
if (args.includes('--permission') || (env[key] && env[key].indexOf('--permission') !== -1)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can simplify this expression a bit with...

env?.[key]?.indexOf(...)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How? We need to compare the result with !== -1 and also handle the case when the key is undefined. Leaving it as env?.[key]?.indexOf('--permission') might return 0, which is truthy in this case, so I don't see how using env?.[key]?.indexOf(...) would simplify this.

test/parallel/test-permission-child-process-inherit-flags.js Outdated

if (!common.hasCrypto) {
common.skip('no crypto');
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a comment in here about why/how this test depends on crypto, as it's not obvious.

@RafaelGSS
permission: propagate permission model flags on spawn
1f5354a 
Previously, only child_process.fork propagated the exec
arguments (execvArgs) to the child process.
This commit adds support for spawn and spawnSync to
propagate permission model flags — except when they are
already provided explicitly via arguments or through
NODE_OPTIONS.

Signed-off-by: RafaelGSS <[email protected]>
@RafaelGSS RafaelGSS force-pushed the inherit-pm-to-child-process branch from 29b915a to 1f5354a Compare June 27, 2025 20:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell left review comments

@mcollina mcollina mcollina approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
child_process Issues and PRs related to the child_process subsystem. needs-ci PRs that need a full CI run. notable-change PRs with changes that should be highlighted in changelogs. permission Issues and PRs related to the Permission Model process Issues and PRs related to the process subsystem. semver-minor PRs that contain new features and should be released in the next minor version.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@RafaelGSS @nodejs-github-bot @mcollina @jasnell