fixup! src,permission: resolve path on fs_permission

src/permission/child_process_permission.cc

@@ -15,9 +15,8 @@ void ChildProcessPermission::Apply(Environment* env,
  deny_all_ = true;
 }
 
-bool ChildProcessPermission::is_granted(
- Environment* env,
- PermissionScope perm,
+bool ChildProcessPermission::is_granted(Environment* env,
+ PermissionScope perm,
  const std::string_view& param) const {
  return deny_all_ == false;
 }

src/permission/child_process_permission.h

@@ -15,9 +15,8 @@ class ChildProcessPermission final : public PermissionBase {
  void Apply(Environment* env,
  const std::vector<std::string>& allow,
  PermissionScope scope) override;
- bool is_granted(
- Environment* env,
- PermissionScope perm,
+ bool is_granted(Environment* env,
+ PermissionScope perm,
  const std::string_view& param = "") const override;
 
  private:

src/permission/fs_permission.cc

@@ -149,9 +149,8 @@ void FSPermission::GrantAccess(PermissionScope perm, const std::string& res) {
  }
 }
 
-bool FSPermission::is_granted(
- Environment* env,
- PermissionScope perm,
+bool FSPermission::is_granted(Environment* env,
+ PermissionScope perm,
  const std::string_view& param = "") const {
  switch (perm) {
  case PermissionScope::kFileSystem:

src/permission/fs_permission.h

@@ -18,9 +18,8 @@ class FSPermission final : public PermissionBase {
  void Apply(Environment* env,
  const std::vector<std::string>& allow,
  PermissionScope scope) override;
- bool is_granted(
- Environment* env,
- PermissionScope perm,
+ bool is_granted(Environment* env,
+ PermissionScope perm,
  const std::string_view& param) const override;
 
  struct RadixTree {

src/permission/inspector_permission.cc

@@ -14,9 +14,8 @@ void InspectorPermission::Apply(Environment* env,
  deny_all_ = true;
 }
 
-bool InspectorPermission::is_granted(
- Environment* env,
- PermissionScope perm,
+bool InspectorPermission::is_granted(Environment* env,
+ PermissionScope perm,
  const std::string_view& param) const {
  return deny_all_ == false;
 }

src/permission/inspector_permission.h

@@ -15,9 +15,8 @@ class InspectorPermission final : public PermissionBase {
  void Apply(Environment* env,
  const std::vector<std::string>& allow,
  PermissionScope scope) override;
- bool is_granted(
- Environment* env,
- PermissionScope perm,
+ bool is_granted(Environment* env,
+ PermissionScope perm,
  const std::string_view& param = "") const override;
 
  private:

src/permission/permission.h

@@ -27,7 +27,7 @@ namespace permission {
 
 #define THROW_IF_INSUFFICIENT_PERMISSIONS(env, perm_, resource_, ...) \
  do { \
- if (UNLIKELY(!(env)->permission()->is_granted(env, perm_, resource_))) {  \
+ if (UNLIKELY(!(env)->permission()->is_granted(env, perm_, resource_))) { \
  node::permission::Permission::ThrowAccessDenied( \
  (env), perm_, resource_); \
  return __VA_ARGS__; \
@@ -37,7 +37,7 @@ namespace permission {
 #define ASYNC_THROW_IF_INSUFFICIENT_PERMISSIONS( \
  env, wrap, perm_, resource_, ...) \
  do { \
- if (UNLIKELY(!(env)->permission()->is_granted(env, perm_, resource_))) {  \
+ if (UNLIKELY(!(env)->permission()->is_granted(env, perm_, resource_))) { \
  node::permission::Permission::AsyncThrowAccessDenied( \
  (env), wrap, perm_, resource_); \
  return __VA_ARGS__; \
@@ -74,9 +74,8 @@ class Permission {
  void EnablePermissions();
 
  private:
- COLD_NOINLINE bool is_scope_granted(
- Environment* env,
- const PermissionScope permission,
+ COLD_NOINLINE bool is_scope_granted(Environment* env,
+ const PermissionScope permission,
  const std::string_view& res = "") const {
  auto perm_node = nodes_.find(permission);
  if (perm_node != nodes_.end()) {

src/permission/permission_base.h

@@ -44,9 +44,8 @@ class PermissionBase {
  virtual void Apply(Environment* env,
  const std::vector<std::string>& allow,
  PermissionScope scope) = 0;
- virtual bool is_granted(
- Environment* env,
- PermissionScope perm,
+ virtual bool is_granted(Environment* env,
+ PermissionScope perm,
  const std::string_view& param = "") const = 0;
 };
 

src/permission/worker_permission.cc

@@ -15,9 +15,8 @@ void WorkerPermission::Apply(Environment* env,
  deny_all_ = true;
 }
 
-bool WorkerPermission::is_granted(
- Environment* env,
- PermissionScope perm,
+bool WorkerPermission::is_granted(Environment* env,
+ PermissionScope perm,
  const std::string_view& param) const {
  return deny_all_ == false;
 }

src/permission/worker_permission.h

@@ -15,9 +15,8 @@ class WorkerPermission final : public PermissionBase {
  void Apply(Environment* env,
  const std::vector<std::string>& allow,
  PermissionScope scope) override;
- bool is_granted(
- Environment* env,
- PermissionScope perm,
+ bool is_granted(Environment* env,
+ PermissionScope perm,
  const std::string_view& param = "") const override;
 
  private:

test/fixtures/permission/fs-traversal.js

@@ -28,23 +28,15 @@ const uint8ArrayTraversalPath = new TextEncoder().encode(traversalPath);
 }
 
 {
- assert.throws(() => {
- fs.writeFile(traversalPath, 'test', (error) => {
- assert.ifError(error);
- });
- }, common.expectsError({
+ fs.writeFile(traversalPath, 'test', common.expectsError({
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemWrite',
  resource: path.toNamespacedPath(traversalPath),
  }));
 }
 
 {
- assert.throws(() => {
- fs.readFile(traversalPath, (error) => {
- assert.ifError(error);
- });
- }, common.expectsError({
+ fs.readFile(traversalPath, common.expectsError({
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemRead',
  resource: path.toNamespacedPath(traversalPath),
@@ -53,9 +45,7 @@ const uint8ArrayTraversalPath = new TextEncoder().encode(traversalPath);
 
 {
  assert.throws(() => {
- fs.mkdtempSync(traversalFolderPath, (error) => {
- assert.ifError(error);
- });
+ fs.mkdtempSync(traversalFolderPath);
  }, common.expectsError({
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemWrite',
@@ -64,35 +54,23 @@ const uint8ArrayTraversalPath = new TextEncoder().encode(traversalPath);
 }
 
 {
- assert.throws(() => {
- fs.mkdtemp(traversalFolderPath, (error) => {
- assert.ifError(error);
- });
- }, common.expectsError({
+ fs.mkdtemp(traversalFolderPath, common.expectsError({
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemWrite',
  resource: traversalFolderPath + 'XXXXXX',
  }));
 }
 
 {
- assert.throws(() => {
- fs.readFile(bufferTraversalPath, (error) => {
- assert.ifError(error);
- });
- }, common.expectsError({
+ fs.readFile(bufferTraversalPath, common.expectsError({
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemRead',
  resource: traversalPath,
  }));
 }
 
 {
- assert.throws(() => {
- fs.readFile(uint8ArrayTraversalPath, (error) => {
- assert.ifError(error);
- });
- }, common.expectsError({
+ fs.readFile(uint8ArrayTraversalPath, common.expectsError({
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemRead',
  resource: traversalPath,
@@ -111,7 +89,7 @@ const uint8ArrayTraversalPath = new TextEncoder().encode(traversalPath);
  } catch { }
 
  assert.throws(() => {
- fs.readFile(cwd, common.mustNotCall());
+ fs.readFileSync(cwd);
  }, common.expectsError({
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemRead',
@@ -136,15 +114,15 @@ const uint8ArrayTraversalPath = new TextEncoder().encode(traversalPath);
  assert.strictEqual(Buffer.from(resolve(traversalPathWithExtraChars)).toString(), traversalPath);
 
  assert.throws(() => {
- fs.readFile(traversalPathWithExtraBytes, common.mustNotCall());
+ fs.readFileSync(traversalPathWithExtraBytes);
  }, common.expectsError({
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemRead',
  resource: traversalPathWithExtraChars,
  }));
 
  assert.throws(() => {
- fs.readFile(new TextEncoder().encode(traversalPathWithExtraBytes.toString()), common.mustNotCall());
+ fs.readFileSync(new TextEncoder().encode(traversalPathWithExtraBytes.toString()));
  }, common.expectsError({
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemRead',