test,doc: clarify wildcard usage

Follow-up: https://github.com/nodejs/node/pull/51209 PR-URL: https://github.com/nodejs-private/node-private/pull/517 Fixes: https://hackerone.com/bugs?subject=nodejs&report_id=2257156 CVE-ID: CVE-2024-21890
2024-11-21 10:59:27 +00:00 · 2024-01-08 16:26:34 -03:00 · 2024-01-08 16:26:34 -03:00 · 834ae3785b
commit 834ae3785b
parent 10ecf40067
2 changed files with 7 additions and 0 deletions
--- a/doc/api/permissions.md
+++ b/doc/api/permissions.md
@ -560,6 +560,9 @@ Wildcards are supported too:
 * `--allow-fs-read=/home/test*` will allow read access to everything
  that matches the wildcard. e.g: `/home/test/file1` or `/home/test2`

+After passing a wildcard character (`*`) all subsequent characters will
+be ignored. For example: `/home/*.js` will work similar to `/home/*`.
+
 #### Permission Model constraints

 There are constraints you need to know before using this system:
--- a/test/parallel/test-permission-fs-wildcard.js
+++ b/test/parallel/test-permission-fs-wildcard.js
@ -107,11 +107,15 @@ if (common.isWindows) {
        '--experimental-permission',
        '--allow-fs-read=/a/b/*',
        '--allow-fs-read=/a/b/d',
+        '--allow-fs-read=/etc/passwd.*',
+        '--allow-fs-read=/home/*.js',
        '-e',
        `
        const assert = require('assert')
        assert.ok(process.permission.has('fs.read', '/a/b/c'));
        assert.ok(!process.permission.has('fs.read', '/a/c/c'));
+        assert.ok(!process.permission.has('fs.read', '/etc/passwd'));
+        assert.ok(process.permission.has('fs.read', '/home/another-file.md'));
      `,
      ]
    );