Closed
Description
Version
v20.9.0
Platform
Linux revint 6.5.9 #1 SMP PREEMPT_DYNAMIC 1 x86_64 GNU/Linux
Subsystem
No response
What steps will reproduce the bug?
Running the following:
node --experimental-permission --allow-fs-read="/a/b/*" --allow-fs-read=/a/b/d -e "require('fs').readFile('/a/b/c', () => undefined);"
How often does it reproduce? Is there a required condition?
Consistently. The order of --allow-fs-read arguments does not seem to matter.
What is the expected behavior? Why is that the expected behavior?
One would assume, perhaps naively, that wildcards are additive to other/existing entries.
What do you see instead?
... will fail with:
node:fs:385
binding.open(pathModule.toNamespacedPath(path),
^
Error: Access to this API has been restricted
at Object.readFile (node:fs:385:11)
at [eval]:1:15
at Script.runInThisContext (node:vm:122:12)
at Object.runInThisContext (node:vm:296:38)
at node:internal/process/execution:83:21
at [eval]-wrapper:6:24
at runScript (node:internal/process/execution:82:62)
at evalScript (node:internal/process/execution:104:10)
at node:internal/main/eval_string:50:3 {
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: '/a/b/c'
}
Node.js v20.9.0
Additional information
This issue was found while trying to run Node's testsuite while building node itself in a subdirectory of /tmp.
The offending test:
/tmp/node-v20.9.0/test/parallel/test-permission-fs-wildcard.js