From 6cfe0daf44bb257426d5d60c6f7af9c5d459e576 Mon Sep 17 00:00:00 2001 From: James Kyburz Date: Fri, 14 Jun 2019 13:44:47 +0200 Subject: [PATCH] initial commit --- .gitignore | 4 + .travis.yml | 6 + package.json | 11 + packages/env/LICENSE | 404 ++++++++++++++++++ packages/env/README.md | 26 ++ packages/env/package-lock.json | 5 + packages/env/package.json | 27 ++ packages/env/src/index.js | 53 +++ packages/env/tests/.npmrc | 1 + packages/env/tests/module-1/.npmrc | 1 + packages/env/tests/module-1/index.js | 1 + .../env/tests/module-1/module-1-0.0.1.tgz | Bin 0 -> 512 bytes packages/env/tests/module-1/package.json | 6 + packages/env/tests/module-2/.npmrc | 1 + packages/env/tests/module-2/index.js | 4 + .../env/tests/module-2/module-2-0.0.1.tgz | Bin 0 -> 1781 bytes packages/env/tests/module-2/package.json | 6 + packages/env/tests/package-lock.json | 15 + packages/env/tests/package.json | 13 + packages/env/tests/test.sh | 177 ++++++++ 20 files changed, 761 insertions(+) create mode 100644 .gitignore create mode 100644 .travis.yml create mode 100644 package.json create mode 100644 packages/env/LICENSE create mode 100644 packages/env/README.md create mode 100644 packages/env/package-lock.json create mode 100644 packages/env/package.json create mode 100644 packages/env/src/index.js create mode 100644 packages/env/tests/.npmrc create mode 100644 packages/env/tests/module-1/.npmrc create mode 100644 packages/env/tests/module-1/index.js create mode 100644 packages/env/tests/module-1/module-1-0.0.1.tgz create mode 100644 packages/env/tests/module-1/package.json create mode 100644 packages/env/tests/module-2/.npmrc create mode 100644 packages/env/tests/module-2/index.js create mode 100644 packages/env/tests/module-2/module-2-0.0.1.tgz create mode 100644 packages/env/tests/module-2/package.json create mode 100644 packages/env/tests/package-lock.json create mode 100644 packages/env/tests/package.json create mode 100755 packages/env/tests/test.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2eb7f09 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +node_modules +.DS_Store +npm-debug.log +.nyc_output diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..9450b9e --- /dev/null +++ b/.travis.yml @@ -0,0 +1,6 @@ +sudo: false +language: node_js +node_js: + - "10" +script: + - npm t diff --git a/package.json b/package.json new file mode 100644 index 0000000..3069cc7 --- /dev/null +++ b/package.json @@ -0,0 +1,11 @@ +{ + "name": "mono-rep", + "scripts": { + "test": "npx macleod exec npm t" + }, + "repository": { + "type": "git", + "url": "git://github.com/JamesKyburz/racon" + }, + "private": true +} diff --git a/packages/env/LICENSE b/packages/env/LICENSE new file mode 100644 index 0000000..defc060 --- /dev/null +++ b/packages/env/LICENSE @@ -0,0 +1,404 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +||||||| merged common ancestors +======= + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packages/env/README.md b/packages/env/README.md new file mode 100644 index 0000000..d033dc6 --- /dev/null +++ b/packages/env/README.md @@ -0,0 +1,26 @@ +# racon-env + +Resource Access Control for `process.env` + +[![js-standard-style](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://github.com/feross/standard) +[![build status](https://api.travis-ci.org/JamesKyburz/racon-env.svg)](https://travis-ci.org/JamesKyburz/racon-env) +[![downloads](https://img.shields.io/npm/dm/aws-lambda-http-server.svg)](https://npmjs.org/package/racon-env) +[![Greenkeeper badge](https://badges.greenkeeper.io/JamesKyburz/racon-env.svg)](https://greenkeeper.io/) + +## usage + +```javascript +require('racon-env')({ + 'aws-sdk': { + read: [ + /^AWS/, + 'HOME', + /^AMAZON/ + ] + } +}) +``` + +# license + +[Apache License, Version 2.0](LICENSE) diff --git a/packages/env/package-lock.json b/packages/env/package-lock.json new file mode 100644 index 0000000..921147f --- /dev/null +++ b/packages/env/package-lock.json @@ -0,0 +1,5 @@ +{ + "name": "racon-env", + "version": "0.0.1", + "lockfileVersion": 1 +} diff --git a/packages/env/package.json b/packages/env/package.json new file mode 100644 index 0000000..9c6f7b7 --- /dev/null +++ b/packages/env/package.json @@ -0,0 +1,27 @@ +{ + "name": "racon-env", + "version": "0.0.1", + "description": "permissions for process.env", + "keywords": [ + "process.env", + "security", + "secrets", + "resource", + "access", + "control" + ], + "main": "src/index.js", + "repository": { + "type": "git", + "url": "git://github.com/JamesKyburz/racon" + }, + "dependencies": {}, + "devDependencies": {}, + "files": [ + "src" + ], + "scripts": { + "test": "cd tests && npm i && npm t" + }, + "license": "Apache-2.0" +} diff --git a/packages/env/src/index.js b/packages/env/src/index.js new file mode 100644 index 0000000..23acc1b --- /dev/null +++ b/packages/env/src/index.js @@ -0,0 +1,53 @@ +'strict on' + +const env = process.env +const exit = process.exit + +module.exports = (whitelist = {}) => { + process.env = new Proxy(env, { + get (obj, prop) { + if (isAllowed(whitelist, prop, 'read')) { + return obj[prop] + } else { + return '' + } + }, + set (obj, prop, value) { + if (isAllowed(whitelist, prop, 'write')) { + obj[prop] = value + } + } + }) +} + +function captureModule () { + const { stack } = new Error() + const frames = (stack || '').split(/\n/) + + for (const frame of frames) { + if (frame.includes(__filename)) continue + if (/\/node_modules\//.test(frame)) { + return frame.split(/\/node_modules\//)[1].split(/\//)[0] + } + } +} + +function isAllowed (whitelist, prop, type) { + const module = captureModule() + const policy = (whitelist[module] || { [type]: [] })[type] || [] + const allowed = + !module || + policy === '*' || + policy.includes(prop) || + policy.filter(x => x instanceof RegExp).find(x => x.test(prop)) + if (!allowed) { + try { + process.stdout.write( + `\n${module} does not have ${type} access to process.env.${prop}\n` + ) + } catch (e) {} + exit(1) + } else { + return true + } +} diff --git a/packages/env/tests/.npmrc b/packages/env/tests/.npmrc new file mode 100644 index 0000000..43c97e7 --- /dev/null +++ b/packages/env/tests/.npmrc @@ -0,0 +1 @@ +package-lock=false diff --git a/packages/env/tests/module-1/.npmrc b/packages/env/tests/module-1/.npmrc new file mode 100644 index 0000000..43c97e7 --- /dev/null +++ b/packages/env/tests/module-1/.npmrc @@ -0,0 +1 @@ +package-lock=false diff --git a/packages/env/tests/module-1/index.js b/packages/env/tests/module-1/index.js new file mode 100644 index 0000000..e7836d1 --- /dev/null +++ b/packages/env/tests/module-1/index.js @@ -0,0 +1 @@ +module.exports = () => process.env.SECRET diff --git a/packages/env/tests/module-1/module-1-0.0.1.tgz b/packages/env/tests/module-1/module-1-0.0.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..8269765da00a42cc21f2800783f177542e385718 GIT binary patch literal 512 zcmV+b0{{IViwFP!000006Dvqe&Q45E)h~e1dRfK!c??tr1_lOZCMF8l#6iH&*g%27 z*woCx(9q1x0H_YgFf{>+8Bp6H*g$DWqqI5J9pPRf&QUsHm9N(%F~>c-SJrb2iu`dt zxqaq`PabI=af+9x#suuP2-~+M$~2BgNv)7)`xmK;t{ElOoLm!CUewlI?B3h9KJSUx z($Y&m!sgjNx8RO>)xV*aVa6oOjf@*&&Yw2j%94F8%k@}V)K%#d6X#z!lrpts>)n}? z_=5B{H){tM-})hcWKryww>z2o3s2Sl{!{jT$78>LhVNpY%m0=Y{PdqQXzdzi@0E(| z&Kf;_C!_pUJ-Ylc!)RWs3OiHdf%r}A@4~MAWZ)Ut5FQ1iU=)mk!3hA1w!9$#5C8zF CX!lhB literal 0 HcmV?d00001 diff --git a/packages/env/tests/module-1/package.json b/packages/env/tests/module-1/package.json new file mode 100644 index 0000000..9fb128d --- /dev/null +++ b/packages/env/tests/module-1/package.json @@ -0,0 +1,6 @@ +{ + "name": "module-1", + "version": "0.0.1", + "private": true, + "main": "index.js" +} diff --git a/packages/env/tests/module-2/.npmrc b/packages/env/tests/module-2/.npmrc new file mode 100644 index 0000000..43c97e7 --- /dev/null +++ b/packages/env/tests/module-2/.npmrc @@ -0,0 +1 @@ +package-lock=false diff --git a/packages/env/tests/module-2/index.js b/packages/env/tests/module-2/index.js new file mode 100644 index 0000000..a3ab562 --- /dev/null +++ b/packages/env/tests/module-2/index.js @@ -0,0 +1,4 @@ +module.exports = () => new Promise((resolve, reject) => { + process.env.DEBUG = 'yes' + resolve() +}) diff --git a/packages/env/tests/module-2/module-2-0.0.1.tgz b/packages/env/tests/module-2/module-2-0.0.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0d0d9a8f4e9536ef857f7130641ec2d8bf10259b GIT binary patch literal 1781 zcmV~+fR1t_&WY1y<2$EPG7|Lo!kg!7< zo@s(1G>;@eWa%OvRK|`a?1m1=CQB>`f^4#?7(hr;L4#Igk-e<4g*Tw%{L$%|_MEZP z({uQ|Kkhx>_dD<2d*1#0Ldle1G8I6Dz8R5pkQoAd$Dq+@3v+YC&*d9nuxJDfi?cvu zFcuc*^}6*5&U`&Xzw3?s9BeR*%v#^d|N5ObXF>dX{DZ)QBM^EaWCoyTjnHE-gV<*P zvqO5O8z~21fiz~w#tSqOjl{f3Ls>KqIc%dmjKv0CM+`FUbrmfn2nb)lL3;2g`0stL zO@1B!@*ef}-~ASA{F48e|L`AeiNS69|Nnr@CDXzXApjRaWHA{u5HK`k0U+}X2QWpj z06IVkGeY1Ah>bQ8%3@Lg5JUnY9Hgz?@l*B)Ji;IX01e<#Mw`C>L3!){+tzRPy454Y zsFCk(jsNcdA)F=lr~V&8Z)BVP|Muu!-2P^=)8u344p-+BQdI22NUxTq2o-mwbxt2V z2=8e=cIRHR@8=CY649N94@Dwa{*HTS98RHI!r5*?^!B~tsSpOw8Tx273zm0&d;ZW# zBC*X$LuUuGj}_qq`qbRr?*Yel8{H{JD;1o0AaW@07K_ivH|)6`xH9M1 zU6>eqn_fk)QnF5oGm9PKMS04)8h316diJnq7ar0|(Mr8E6cZWyMb_$or2mszNzEa= zCMl1|RrFDuZg>F)ks+9VzX9dqJDSPge*z_YDTHM_PH!ckz_#KMbYO- zXe-ju%(UIqQA#{N7|3=h@ow+(J+ipP6l%HNHC%9@U09TQfY$M z?NrLmHBBx_{47P$w#E5EpwV;hWzq9ay|}@NeI^1$MTLwR!V9h2MutB~ykgqR1SFR) zkrUqKSv2OmKl&AJh_ud#435-aU>Xm8cXKmPc z&niKFE@~&mmAy-BbL0D1Mh-NB75Je1>SRwNh%8d$6v{u@;{>gTUycnnNS9u+=!>ID z%irfBb^0mG5m2M*`%j>5>^16wO`(wfsrTIQeZIW|PdJV#)ldu2A$II-U!Irnubr%A z+Y_{{K9t-ZcKmB_Q`S*#hYkGsgkRWTSEg0^@gN^fKQC}F{%ch5O?CqYkMg@(X6;XU z?{VhA#O0EU);vt>^0w>_sL79w)U0I`AGHy3IUbWs-(+6-`ZRV7a%wfGHq!`K2bYF5 zAN9(WA>(4re&bh`GuM9HZ;>P_D*9lSplo&VI3Li}oulW?wu~Eww}L6bndm2_fVKFM zi%~|yC`*!Oa%`3?5n|OkP0I06CfWGQd_K@&P<^+%+8n3j8((y^I>Nt_StcN-2HZ?~ zTol7J)&#F=lD5ZN&9t?J2Zz3F;urb{q_y3b`wzWnR~2@M#46AB-=ritB)AkXnmZy) zl17vbR`?fuD|$nV_j5;}tL*RB8$-JN8Z~n0%Jh{vrbXc+DqtHG5zV?@O`Tu1j7zs&dNH`Q!{MrYe*I4C zALBXoO$3?oh2xQv8YxlXe~((S(keO6q&NxuGniISjP$*2EJ_z?!wT|ovz%?JjCsm% zNW}$ZY8@_s(I#Z~c}U~#Mt_GQyn;f{6bKfd%F2^wOY*_OM^MJux|g3emP2CR>VvFu zLXYgbCtkUPfWgI^1Ksus4b-Hn`dWF68@YFS*?d;WT=Vmrl(|g?_^d_seMJLZZ)n$_ zo#oX9%y)v!snygx0wfib`lU~ea-XiGnd50?;6iFUsY0uK?J9IQ>U*B+GYyj=`KmTF znm9a}7a2@>(cH}SfP9yF!=CChbxl29nMx|Esl6mk1m>S /dev/null + +if [[ $? -ne 1 ]]; then + echo "❌ module-1 should not have read access to process.env.SECRET." + exit 1 +else + echo "✅ module-1 could not read process.env.SECRET when no policy was specified." +fi + +echo + +node -e """ + require('../')({ + 'module-1': { + read: ['SECRET'] + } + }) + require('module-1')() +""" &> /dev/null + +if [[ $? -ne 0 ]]; then + echo "❌ module-1 should have read access to process.env.SECRET." + exit 1 +else + echo "✅ module-1 was allowed to read process.env.SECRET when it's policy allows process.env.SECRET only." +fi + +echo + +node -e """ + require('../')({ + 'module-1': { + read: [/sdaasdasd/] + } + }) + require('module-1')() +""" &> /dev/null + +if [[ $? -ne 1 ]]; then + echo "❌ module-1 should not have read access to process.env.SECRET." + exit 1 +else + echo "✅ module-1 could not read process.env.SECRET when no policy had no matching expression." +fi + +echo + +node -e """ + require('../')({ + 'module-1': { + read: '*' + } + }) + require('module-1')() +""" &> /dev/null + +if [[ $? -ne 0 ]]; then + echo "❌ module-1 should have read access to process.env.SECRET." + exit 1 +else + echo "✅ module-1 was allowed to read process.env.SECRET when it's policy allows *." +fi + +echo + +node -e """ + require('../')({ + 'module-1': { + read: [/^sec..t/i] + } + }) + require('module-1')() +""" &> /dev/null + +if [[ $? -ne 0 ]]; then + echo "❌ module-1 should have read access to process.env.SECRET." + exit 1 +else + echo "✅ module-1 was allowed to read process.env.SECRET when policy allows a matching regular expression." +fi + +echo + +node -e """ + require('../')() + require('module-2')() +""" &> /dev/null + +if [[ $? -ne 1 ]]; then + echo "❌ module-2 should not have write access to process.env.DEBUG." + exit 1 +else + echo "✅ module-2 could not write to process.env.DEBUG when no policy was specified." +fi + +echo + +node -e """ + require('../')({ + 'module-2': { + write: ['DEBUG'] + } + }) + require('module-2')() +""" &> /dev/null + +if [[ $? -ne 0 ]]; then + echo "❌ module-2 should have write access to process.env.DEBUG." + exit 1 +else + echo "✅ module-2 was allowed to write to process.env.DEBUG when it's policy allows process.env.DEBUG only." +fi + +echo + +node -e """ + require('../')({ + 'module-2': { + write: [/sdaasdasd/] + } + }) + require('module-2')() +""" &> /dev/null + +if [[ $? -ne 1 ]]; then + echo "❌ module-2 should not have write access to process.env.DEBUG." + exit 1 +else + echo "✅ module-2 could not write to process.env.DEBUG when no policy had no matching expression." +fi + +echo + +node -e """ + require('../')({ + 'module-2': { + write: '*' + } + }) + require('module-2')() +""" &> /dev/null + +if [[ $? -ne 0 ]]; then + echo "❌ module-2 should have write access to process.env.DEBUG." + exit 1 +else + echo "✅ module-2 was allowed to write to process.env.DEBUG when it's policy allows *." +fi + +echo + +node -e """ + require('../')({ + 'module-2': { + write: [/^debu.$/i] + } + }) + require('module-2')() +""" &> /dev/null + +if [[ $? -ne 0 ]]; then + echo "❌ module-2 should have write access to process.env.DEBUG." + exit 1 +else + echo "✅ module-2 was allowed to write to process.env.DEBUG when policy allows a matching regular expression." +fi + +echo + +echo "✅ all tests passed."