isexe 3.0.0 → 3.1.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "isexe",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "description": "Minimal module to check if a file is executable.",
   "main": "./dist/cjs/index.js",
   "module": "./dist/mjs/index.js",

package/src/options.ts

@@ -20,6 +20,13 @@ export interface IsexeOptions {
    */
   gid?: number
 
+  /**
+   * effective group ID list to use when checking executable mode flags
+   * on posix
+   * Defaults to process.getgroups()
+   */
+  groups?: number[]
+
   /**
    * The ;-delimited path extension list for win32 implementation.
    * Defaults to process.env.PATHEXT

package/src/posix.ts

@@ -31,7 +31,10 @@ export const isexe = async (
  * Synchronously determine whether a path is executable according to
  * the mode and current (or specified) user and group IDs.
  */
-export const sync = (path: string, options: IsexeOptions = {}): boolean => {
+export const sync = (
+  path: string,
+  options: IsexeOptions = {}
+): boolean => {
   const { ignoreErrors = false } = options
   try {
     return checkStat(statSync(path), options)
@@ -46,23 +49,19 @@ const checkStat = (stat: Stats, options: IsexeOptions) =>
   stat.isFile() && checkMode(stat, options)
 
 const checkMode = (stat: Stats, options: IsexeOptions) => {
-  if (!process.getuid || !process.getgid) {
+  const myUid = options.uid ?? process.getuid?.()
+  const myGroups = options.groups ?? process.getgroups?.() ?? []
+  const myGid = options.gid ?? process.getgid?.() ?? myGroups[0]
+  if (myUid === undefined || myGid === undefined) {
     throw new Error('cannot get uid or gid')
   }
+
+  const groups = new Set([myGid, ...myGroups])
+
   const mod = stat.mode
   const uid = stat.uid
   const gid = stat.gid
 
-  const myUid =
-    options.uid !== undefined
-      ? options.uid
-      : process.getuid && process.getuid()
-
-  const myGid =
-    options.gid !== undefined
-      ? options.gid
-      : process.getgid && process.getgid()
-
   const u = parseInt('100', 8)
   const g = parseInt('010', 8)
   const o = parseInt('001', 8)
@@ -70,7 +69,7 @@ const checkMode = (stat: Stats, options: IsexeOptions) => {
 
   return !!(
     mod & o ||
-    (mod & g && gid === myGid) ||
+    (mod & g && groups.has(gid)) ||
     (mod & u && uid === myUid) ||
     (mod & ug && myUid === 0)
   )

package/test/fixtures/index.ts

@@ -6,23 +6,26 @@ export const createFixtures = (t: Tap.Test) => {
     'meow.cat': '#!/usr/bin/env cat\nmeow\n',
     'mine.cat':'#!/usr/bin/env cat\nmine\n',
     'ours.cat':'#!/usr/bin/env cat\nours\n',
+    'others.cat':'#!/usr/bin/env cat\nothers\n',
     'fail.false':'#!/usr/bin/env false\n',
   })
 
   const meow = resolve(dir, 'meow.cat')
   const mine = resolve(dir, 'mine.cat')
   const ours = resolve(dir, 'ours.cat')
+  const others = resolve(dir, 'others.cat')
   const fail = resolve(dir, 'fail.false')
   const enoent = resolve(dir, 'enoent.exe')
   const modes = {
     [meow]: 0o755,
     [mine]: 0o744,
     [ours]:0o754,
+    [others]:0o754,
     [fail]:0o644,
   }
   for (const [path, mode] of Object.entries(modes)) {
     chmodSync(path, mode)
   }
 
-  return { meow, mine, ours, fail, enoent, modes }
+  return { meow, mine, ours, others, fail, enoent, modes }
 }

package/test/posix.ts

@@ -1,7 +1,7 @@
 import t from 'tap'
 
 import { createFixtures } from './fixtures/index'
-const { meow, fail, mine, ours, enoent, modes } = createFixtures(t)
+const { meow, fail, mine, ours, others, enoent, modes } = createFixtures(t)
 
 const isWindows = process.platform === 'win32'
 
@@ -13,20 +13,21 @@ import * as fsPromises from 'fs/promises'
 // uid/gid comparisons
 const mockStat = (path: string, st: Stats) =>
   Object.assign(st, {
-    uid: 123,
-    gid: 321,
+    uid: path === others || path === ours ? 987 : 123,
+    gid: path === others ? 987 : 321,
     mode: !modes[path] ? st.mode : setMode(st.mode, modes[path]),
   })
 
 const setMode = (orig: number, mode: number) => (orig & 0o7777000) | mode
 
-const { getuid, getgid } = process
+const { getuid, getgid, getgroups } = process
 t.teardown(() => {
-  Object.assign(process, { getuid, getgid })
+  Object.assign(process, { getuid, getgid, getgroups })
 })
 Object.assign(process, {
   getuid: () => 123,
   getgid: () => 321,
+  getgroups: () => [321, 987],
 })
 
 const { isexe, sync } = t.mock('../dist/cjs/posix.js', {
@@ -44,11 +45,13 @@ const { isexe, sync } = t.mock('../dist/cjs/posix.js', {
 t.test('basic tests', async t => {
   t.equal(await isexe(meow), true)
   t.equal(await isexe(ours), true)
+  t.equal(await isexe(others), true)
   t.equal(await isexe(mine), true)
   t.equal(await isexe(fail), false)
 
   t.equal(sync(meow), true)
   t.equal(sync(ours), true)
+  t.equal(sync(others), true)
   t.equal(sync(mine), true)
   t.equal(sync(fail), false)
 
@@ -60,51 +63,75 @@ t.test('basic tests', async t => {
 
 t.test('override uid/gid', async t => {
   t.test('same uid, different gid', async t => {
-    const o = { gid: 654 }
-    t.equal(await isexe(meow), true)
-    t.equal(await isexe(ours), true)
-    t.equal(await isexe(mine), true)
-    t.equal(await isexe(fail), false)
-    t.equal(sync(meow), true)
-    t.equal(sync(ours), true)
-    t.equal(sync(mine), true)
-    t.equal(sync(fail), false)
+    const o = { gid: 654, groups: [] }
+    t.equal(await isexe(meow, o), true)
+    t.equal(await isexe(ours, o), false)
+    t.equal(await isexe(others, o), false)
+    t.equal(await isexe(mine, o), true)
+    t.equal(await isexe(fail, o), false)
+    t.equal(sync(meow, o), true)
+    t.equal(sync(ours, o), false)
+    t.equal(sync(others, o), false)
+    t.equal(sync(mine, o), true)
+    t.equal(sync(fail, o), false)
   })
 
   t.test('different uid, same gid', async t => {
     const o = { uid: 456 }
     t.equal(await isexe(meow, o), true)
     t.equal(await isexe(ours, o), true)
+    t.equal(await isexe(others, o), true)
     t.equal(await isexe(mine, o), false)
     t.equal(await isexe(fail, o), false)
     t.equal(sync(meow, o), true)
     t.equal(sync(ours, o), true)
+    t.equal(sync(others, o), true)
     t.equal(sync(mine, o), false)
     t.equal(sync(fail, o), false)
   })
 
   t.test('different uid, different gid', async t => {
-    const o = { uid: 456, gid: 654 }
+    const o = { uid: 456, gid: 654, groups: [] }
     t.equal(await isexe(meow, o), true)
     t.equal(await isexe(ours, o), false)
+    t.equal(await isexe(others, o), false)
     t.equal(await isexe(mine, o), false)
     t.equal(await isexe(fail, o), false)
     t.equal(sync(meow, o), true)
     t.equal(sync(ours, o), false)
+    t.equal(sync(others, o), false)
     t.equal(sync(mine, o), false)
     t.equal(sync(fail, o), false)
   })
+
+  t.test('root can run anything runnable', async t => {
+    const o = { uid: 0, gid: 999, groups: [] }
+    t.equal(await isexe(meow, o), true)
+    t.equal(await isexe(ours, o), true)
+    t.equal(await isexe(others, o), true)
+    t.equal(await isexe(mine, o), true)
+    t.equal(await isexe(fail, o), false)
+    t.equal(sync(meow, o), true)
+    t.equal(sync(ours, o), true)
+    t.equal(sync(others, o), true)
+    t.equal(sync(mine, o), true)
+    t.equal(sync(fail, o), false)
+  })
 })
 
 t.test('getuid/getgid required', async t => {
-  const { getuid, getgid } = process
-  t.teardown(() => { Object.assign(process, { getuid, getgid })})
+  const { getuid, getgid, getgroups } = process
+  t.teardown(() => { Object.assign(process, { getuid, getgid, getgroups })})
   process.getuid = undefined
   process.getgid = undefined
+  process.getgroups = undefined
   t.throws(() => sync(meow), {
     message: 'cannot get uid or gid'
   })
   t.rejects(isexe(meow), {
     message: 'cannot get uid or gid'
   })
+  // fine as long as a group/user is specified though
+  t.equal(sync(meow, { uid: 999, groups: [321] }), true)
+  t.equal(await isexe(meow, { uid: 999, groups: [321] }), true)
 })