( stat: Awaited<ReturnType<typeof lstat>>, dir: string, label: string, )
| 183 | } |
| 184 | |
| 185 | function assertPrivateDirectory( |
| 186 | stat: Awaited<ReturnType<typeof lstat>>, |
| 187 | dir: string, |
| 188 | label: string, |
| 189 | ): void { |
| 190 | if (!stat.isDirectory() || stat.isSymbolicLink()) { |
| 191 | throw new Error( |
| 192 | `[udsMessaging] ${label} is not a private directory: ${dir}`, |
| 193 | ) |
| 194 | } |
| 195 | if (process.platform !== 'win32') { |
| 196 | const broadMode = Number(stat.mode) & 0o077 |
| 197 | if (broadMode !== 0) { |
| 198 | throw new Error( |
| 199 | `[udsMessaging] ${label} permissions are too broad: ${dir}`, |
| 200 | ) |
| 201 | } |
| 202 | if ( |
| 203 | typeof process.getuid === 'function' && |
| 204 | Number(stat.uid) !== process.getuid() |
| 205 | ) { |
| 206 | throw new Error( |
| 207 | `[udsMessaging] ${label} owner does not match current user: ${dir}`, |
| 208 | ) |
| 209 | } |
| 210 | } |
| 211 | } |
| 212 | |
| 213 | async function writePrivateFileExclusive( |
| 214 | path: string, |
no outgoing calls
no test coverage detected