permission: add initial environment permission (!48076) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/daeyeon/main.feat/permission-env into main May 19, 2023

Add initial environment permission support. This restricts permission to access environment variables through process.env by using --allow-env flag.

usages

Proposed basic usages are as follows:

--allow-env=DB_HOST : DB_HOST is allowed.
--allow-env=DB_HOST,DB_PORT : DB_HOST and DB_PORT are allowed.
--allow-env=DB_* : Env vars starting with DB_ are allowed.
--allow-env=DB_*,-DB_PASSWORD : All env vars starting with DB_ except DB_PASSWORD are allowed.
--allow-env=*,-DB_PASSWORD : All env vars except DB_PASSWORD are allowed.

process[env_private_symbol]

This is based on the idea of using a new privileged API for builtins to access the environment variables instead of process.env. It preserves current behaviors of process.env on the child processes and the worker threads by leveraging the existing native traps. This approach required manual changes to all internal uses of it.

Signed-off-by: Daeyeon Jeong daeyeon.dev@gmail.com

Admin message

Admin message

permission: add initial environment permission

usages

process[env_private_symbol]

Merge request reports