fix: ensure TraverseParent bails on resource path exit (#46212)

* fix: ensure TraverseParent bails on resource path exit Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> * Address review changes Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
2025-03-24 11:29:40 -04:00 · 2025-03-24 11:29:40 -04:00 · a5579fb71f
commit a5579fb71f
parent 76fa5b7af1
2 changed files with 69 additions and 0 deletions
--- a/patches/node/.patches
+++ b/patches/node/.patches
@ -47,3 +47,4 @@ chore_add_createexternalizabletwobytestring_to_globals.patch
 feat_add_oom_error_callback_in_node_isolatesettings.patch
 fix_-wnonnull_warning.patch
 refactor_attach_cppgc_heap_on_v8_isolate_creation.patch
 fix_ensure_traverseparent_bails_on_resource_path_exit.patch
--- a/patches/node/fix_ensure_traverseparent_bails_on_resource_path_exit.patch
+++ b/patches/node/fix_ensure_traverseparent_bails_on_resource_path_exit.patch
@ -0,0 +1,68 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Shelley Vohr <shelley.vohr@gmail.com>
 Date: Tue, 18 Mar 2025 10:41:27 +0100
 Subject: fix: ensure TraverseParent bails on resource path exit
 Electron's security model requires that we do not traverse outside of the
 resource path. This commit ensures that the TraverseParent function
 bails out if the parent path is outside of the resource path.
 diff --git a/src/node_modules.cc b/src/node_modules.cc
 index 210a01d24e11764dc9fc37a77b354f11383693f8..4e9f70a1c41b44d2a1863b778d4f1e37279178d9 100644
 --- a/src/node_modules.cc
 +++ b/src/node_modules.cc
@@ -290,8 +290,41 @@ const BindingData::PackageConfig* BindingData::TraverseParent(
     Realm* realm, const std::filesystem::path& check_path) {
   std::filesystem::path current_path = check_path;
   auto env = realm->env();
 +  Isolate* isolate = env->isolate();
   const bool is_permissions_enabled = env->permission()->enabled();
 +  // Get the resources path with trailing slash.
 +  std::string resources_path;
 +  {
 +    HandleScope handle_scope(isolate);
 +    Local<Value> resources_path_value;
 +    Local<Object> process_object = env->process_object();
 +
 +    Local<String> resources_path_key =
 +        String::NewFromUtf8Literal(isolate, "resourcesPath");
 +    if (process_object->Get(env->context(), resources_path_key)
 +            .ToLocal(&resources_path_value) &&
 +        resources_path_value->IsString()) {
 +      resources_path = *String::Utf8Value(isolate, resources_path_value);
 +      if (!resources_path.empty() && !resources_path.ends_with(kPathSeparator)) {
 +        resources_path += kPathSeparator;
 +      }
 +    }
 +  }
 +
 +  auto starts_with = [](const std::string& str, const std::string& prefix) -> bool {
 +    if (prefix.size() > str.size()) return false;
 +    return std::equal(
 +        prefix.begin(), prefix.end(), str.begin(),
 +        [](char a, char b) {
 +          return std::tolower(static_cast<unsigned char>(a)) ==
 +                std::tolower(static_cast<unsigned char>(b));
 +        });
 +  };
 +
 +  bool did_original_path_start_with_resources_path = starts_with(check_path.
 +      generic_string(), resources_path);
 +
   do {
     current_path = current_path.parent_path();
@@ -310,6 +343,12 @@ const BindingData::PackageConfig* BindingData::TraverseParent(
       return nullptr;
     }
 +    // If current path is outside the resources path, bail.
 +    if (did_original_path_start_with_resources_path &&
 +        !starts_with(current_path.generic_string(), resources_path)) {
 +      return nullptr;
 +    }
 +
     // Check if the path ends with `/node_modules`
     if (current_path.generic_string().ends_with("/node_modules")) {
       return nullptr;