fix(scripting/node): resolve symlinked resource sandbox paths#3959
Open
gtolontop wants to merge 3 commits into
Open
fix(scripting/node): resolve symlinked resource sandbox paths#3959gtolontop wants to merge 3 commits into
gtolontop wants to merge 3 commits into
Conversation
github-actions
Bot
added
the
invalid
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Goal of this PR
Fix Node.js resources mounted through a symbolic link being unable to access their own files through
require()andfs.*APIs.The sandbox permission callback can receive a resolved native path for a symlinked resource, while the resource is mounted in VFS through its lexical symlink path. This made the permission lookup fail before the normal resource-local filesystem checks could run.
How is this PR achieving the goal
The fix teaches VFS device lookup how to map canonical native paths back to mounted resource devices, and lets the Node.js sandbox prefer the currently running resource mount when several mounts resolve to the same native path.
Key changes:
Canonical VFS lookup (
ManagerServer): mounted devices now cache both their lexical absolute path and their canonical absolute path at mount time.FindDevice()keeps the existing lexical fast path, and only falls back to canonical matching when a symlink/canonical mount exists.Preferred resource mount (
NodeScriptRuntime): Node filesystem permission checks pass@<resourceName>/as the preferred mount prefix, so paths resolved through a resource symlink are transformed back to the current resource VFS path.Longest-prefix semantics preserved (
ManagerServer): when both lexical and canonical matches are possible, the existing VFS longest-prefix behavior is preserved. A more specific canonical mount still wins over a preferred parent mount.Regression coverage (
TestLua.cpp): adds server-side VFS coverage for symlinked resources, duplicate symlinks, direct mounts, nested symlink mounts, not-yet-created file/directory paths used by write/mkdir flows, and sibling path rejection.This keeps the sandbox resource-based instead of allowing broad native filesystem paths, while fixing the symlinked resource workflow reported in the issue.
This PR applies to the following area(s)
FXServer, ScRT: JS, VFS
Successfully tested on
git diff --checkTestLua.cppNodePermissionCallback()tovfs::FindDevice()A full local
CitiTestrun was not performed because this checkout does not include a generated build directory or an existing test executable.Checklist
Fixes issues
Fixes #3878