Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: move policy docs to the permissions scope #44222

Merged
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 33 additions & 6 deletions doc/api/policy.md → doc/api/permissions.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,28 @@
# Policies
# Permissions

This section exposes security features available to be adopted in a
Node.js application. The available scopes are:
RafaelGSS marked this conversation as resolved.
Show resolved Hide resolved

* [Resource-based permissions](#resource-based-permissions)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not quite sure if Resource-based permission would improve the UX. Even accepting resources such as data:, I see Module-based permissions better even being not 100% accurate. Happy to see your thoughts.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, “Module-based permissions” sounds fine to me. Maybe ask at the next Security WG meeting which sounds better to most people and go with that.

* [Process-based permissions](#process-based-permissions)

Resource-based permissions stands for the managment of modules using
policies. A policy can guarantee which module/resource is available
during the application execution.

Process-based permissions stands for the management of resources such
as _File System_ or _Network_. A permission can be configured to restrict
access to specific resources, for instance, one can restrict access to
all the _File System_ write.

Both permissions can be used together to provide a safer environment.

**Note**: if you find a potential security vulnerability on Node.js,
refer to our [Security Policy][].
RafaelGSS marked this conversation as resolved.
Show resolved Hide resolved

## Resource-based permissions

## Policies
RafaelGSS marked this conversation as resolved.
Show resolved Hide resolved
RafaelGSS marked this conversation as resolved.
Show resolved Hide resolved

<!--introduced_in=v11.8.0-->

Expand All @@ -22,7 +46,7 @@ by the running Node.js application in any way. A typical setup would be to
create the policy file as a different user id than the one running Node.js
and granting read permissions to the user id running Node.js.

## Enabling
### Enabling
RafaelGSS marked this conversation as resolved.
Show resolved Hide resolved

<!-- type=misc -->

Expand All @@ -48,9 +72,9 @@ even if the file is changed on disk.
node --experimental-policy=policy.json --policy-integrity="sha384-SggXRQHwCG8g+DktYYzxkXRIkTiEYWBHqev0xnpCxYlqMBufKZHAHQM3/boDaI/0" app.js
```

## Features
### Features

### Error behavior
#### Error behavior

When a policy check fails, Node.js by default will throw an error.
It is possible to change the error behavior to one of a few possibilities
Expand All @@ -74,7 +98,7 @@ available to change the behavior:
}
```

### Integrity checks
#### Integrity checks
RafaelGSS marked this conversation as resolved.
Show resolved Hide resolved

Policy files must use integrity checks with Subresource Integrity strings
compatible with the browser
Expand Down Expand Up @@ -116,7 +140,7 @@ body for the resource which can be useful for local development. It is not
recommended in production since it would allow unexpected alteration of
resources to be considered valid.

### Dependency redirection
#### Dependency redirection
RafaelGSS marked this conversation as resolved.
Show resolved Hide resolved

An application may need to ship patched versions of modules or to prevent
modules from allowing all modules access to all other modules. Redirection
Expand Down Expand Up @@ -423,6 +447,9 @@ not adopt the origin of the `blob:` URL.
Additionally, import maps only work on `import` so it may be desirable to add a
`"import"` condition to all dependency mappings.

## Process-based permissions
RafaelGSS marked this conversation as resolved.
Show resolved Hide resolved

[import maps]: https://url.spec.whatwg.org/#relative-url-with-fragment-string
[relative-url string]: https://url.spec.whatwg.org/#relative-url-with-fragment-string
[special schemes]: https://url.spec.whatwg.org/#special-scheme
[Security Policy]: https://github.com/nodejs/node/blob/main/SECURITY.md