Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src: whitelist new options for NODE_OPTIONS #13002

Merged
merged 1 commit into from
May 17, 2017
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion doc/api/cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -411,14 +411,18 @@ Node options that are allowed are:
- `--enable-fips`
- `--force-fips`
- `--icu-data-dir`
- `--inspect-brk`
Copy link
Contributor

@refack refack May 12, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You must have had a reason to leave those out on the first run?
They will make a very weird effect...
inspect-port on the other hand is benign if used alone.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Useful when running node via a shell script, and wanting to cause node when it runs to break on first line. I'm not sure how much thought went into this initially. I can leave only the -port if that's preferred.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm ±0 on these.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, I'll give it a couple days to see if anyone feels strongly

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems useful to have, although if the node process spawns a child will that child also try to connect to the inspector?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, so don't do that unless the port is 0

- `--inspect-port`
- `--inspect`
- `--napi-modules`
- `--no-deprecation`
- `--no-warnings`
- `--openssl-config`
- `--prof-process`
- `--redirect-warnings`
- `--require`, `-r`
- `--throw-deprecation`
- `--trace-deprecation`
- `--trace-events-categories`
- `--trace-events-enabled`
- `--trace-sync-io`
- `--trace-warnings`
Expand Down
14 changes: 9 additions & 5 deletions src/node.cc
Original file line number Diff line number Diff line change
Expand Up @@ -3703,25 +3703,29 @@ static void CheckIfAllowedInEnv(const char* exe, bool is_env,

static const char* whitelist[] = {
// Node options
"-r", "--require",
"--require", "-r",
"--inspect",
"--inspect-brk",
"--inspect-port",
"--no-deprecation",
"--trace-deprecation",
"--throw-deprecation",
"--no-warnings",
"--napi-modules",
"--trace-warnings",
"--redirect-warnings",
"--trace-deprecation",
"--trace-sync-io",
"--trace-events-enabled",
"--trace-events-categories",
"--track-heap-objects",
"--throw-deprecation",
"--zero-fill-buffers",
"--v8-pool-size",
"--use-openssl-ca",
"--use-bundled-ca",
"--use-openssl-ca",
"--enable-fips",
"--force-fips",
"--openssl-config",
"--icu-data-dir",
"--napi-modules",

// V8 options
"--max_old_space_size",
Expand Down