From c8316fecbda3727d2097805b2c16037bc1bd63f1 Mon Sep 17 00:00:00 2001
From: Rafael Gonzaga <rafael.nunu@hotmail.com>
Date: Thu, 11 Sep 2025 17:10:02 -0300
Subject: [PATCH] src,permission: add --allow-inspector ability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Refs: https://github.com/nodejs/node/issues/48534
PR-URL: https://github.com/nodejs/node/pull/59711
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
---
 doc/api/cli.md                                | 31 +++++++++++
 doc/node-config-schema.json                   |  3 +
 doc/node.1                                    |  3 +
 lib/internal/process/permission.js            |  1 +
 lib/internal/process/pre_execution.js         |  1 +
 src/env.cc                                    |  6 +-
 src/node_options.cc                           |  4 ++
 src/node_options.h                            |  1 +
 src/permission/permission_base.h              |  3 +-
 test/common/index.js                          |  3 +
 .../test-permission-allow-inspector.js        | 55 +++++++++++++++++++
 test/parallel/test-permission-inspector.js    |  2 +-
 .../parallel/test-permission-warning-flags.js |  1 +
 13 files changed, 110 insertions(+), 4 deletions(-)
 create mode 100644 test/parallel/test-permission-allow-inspector.js

diff --git a/doc/api/cli.md b/doc/api/cli.md
index cc990c01704484..81e57322255ec2 100644
--- a/doc/api/cli.md
+++ b/doc/api/cli.md
@@ -271,6 +271,36 @@ When passing a single flag with a comma a warning will be displayed.
 
 Examples can be found in the [File System Permissions][] documentation.
 
+### `--allow-inspector`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+> Stability: 1.0 - Early development
+
+When using the [Permission Model][], the process will not be able to connect
+through inspector protocol.
+
+Attempts to do so will throw an `ERR_ACCESS_DENIED` unless the
+user explicitly passes the `--allow-inspector` flag when starting Node.js.
+
+Example:
+
+```js
+const { Session } = require('node:inspector/promises');
+
+const session = new Session();
+session.connect();
+```
+
+```console
+$ node --permission index.js
+Error: connect ERR_ACCESS_DENIED Access to this API has been restricted. Use --allow-inspector to manage permissions.
+  code: 'ERR_ACCESS_DENIED',
+}
+```
+
 ### `--allow-wasi`
 
 <!-- YAML
@@ -3373,6 +3403,7 @@ one is included in the list below.
 * `--allow-child-process`
 * `--allow-fs-read`
 * `--allow-fs-write`
+* `--allow-inspector`
 * `--allow-wasi`
 * `--allow-worker`
 * `--conditions`, `-C`
diff --git a/doc/node-config-schema.json b/doc/node-config-schema.json
index 4340c95b952d2a..6c456b0242baa2 100644
--- a/doc/node-config-schema.json
+++ b/doc/node-config-schema.json
@@ -45,6 +45,9 @@
             }
           ]
         },
+        "allow-inspector": {
+          "type": "boolean"
+        },
         "allow-wasi": {
           "type": "boolean"
         },
diff --git a/doc/node.1 b/doc/node.1
index 6210cbf42b26d4..786623c6854de1 100644
--- a/doc/node.1
+++ b/doc/node.1
@@ -85,6 +85,9 @@ Allow using native addons when using the permission model.
 .It Fl -allow-child-process
 Allow spawning process when using the permission model.
 .
+.It Fl -allow-inspector
+Allow inspector access when using the permission model.
+.
 .It Fl -allow-wasi
 Allow execution of WASI when using the permission model.
 .
diff --git a/lib/internal/process/permission.js b/lib/internal/process/permission.js
index 0000fd700b1075..f8fc4562616e17 100644
--- a/lib/internal/process/permission.js
+++ b/lib/internal/process/permission.js
@@ -39,6 +39,7 @@ module.exports = ObjectFreeze({
       '--allow-fs-write',
       '--allow-addons',
       '--allow-child-process',
+      '--allow-inspector',
       '--allow-wasi',
       '--allow-worker',
     ];
diff --git a/lib/internal/process/pre_execution.js b/lib/internal/process/pre_execution.js
index c7f86098bdb00b..44de035e48bead 100644
--- a/lib/internal/process/pre_execution.js
+++ b/lib/internal/process/pre_execution.js
@@ -580,6 +580,7 @@ function initializePermission() {
     const warnFlags = [
       '--allow-addons',
       '--allow-child-process',
+      '--allow-inspector',
       '--allow-wasi',
       '--allow-worker',
     ];
diff --git a/src/env.cc b/src/env.cc
index 53f0bf7fc1e5c8..8dd7b3a749899d 100644
--- a/src/env.cc
+++ b/src/env.cc
@@ -912,8 +912,10 @@ Environment::Environment(IsolateData* isolate_data,
       options_->allow_native_addons = false;
       permission()->Apply(this, {"*"}, permission::PermissionScope::kAddon);
     }
-    flags_ = flags_ | EnvironmentFlags::kNoCreateInspector;
-    permission()->Apply(this, {"*"}, permission::PermissionScope::kInspector);
+    if (!options_->allow_inspector) {
+      flags_ = flags_ | EnvironmentFlags::kNoCreateInspector;
+      permission()->Apply(this, {"*"}, permission::PermissionScope::kInspector);
+    }
     if (!options_->allow_child_process) {
       permission()->Apply(
           this, {"*"}, permission::PermissionScope::kChildProcess);
diff --git a/src/node_options.cc b/src/node_options.cc
index 2a3ab5e73cdb98..8156d1e5d06787 100644
--- a/src/node_options.cc
+++ b/src/node_options.cc
@@ -606,6 +606,10 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
             "allow use of child process when any permissions are set",
             &EnvironmentOptions::allow_child_process,
             kAllowedInEnvvar);
+  AddOption("--allow-inspector",
+            "allow use of inspector when any permissions are set",
+            &EnvironmentOptions::allow_inspector,
+            kAllowedInEnvvar);
   AddOption("--allow-wasi",
             "allow wasi when any permissions are set",
             &EnvironmentOptions::allow_wasi,
diff --git a/src/node_options.h b/src/node_options.h
index 3a1503a035e12b..7f6dcf4782c60a 100644
--- a/src/node_options.h
+++ b/src/node_options.h
@@ -140,6 +140,7 @@ class EnvironmentOptions : public Options {
   std::vector<std::string> allow_fs_read;
   std::vector<std::string> allow_fs_write;
   bool allow_addons = false;
+  bool allow_inspector = false;
   bool allow_child_process = false;
   bool allow_wasi = false;
   bool allow_worker_threads = false;
diff --git a/src/permission/permission_base.h b/src/permission/permission_base.h
index b260de5d223068..81fd4561aa0ad7 100644
--- a/src/permission/permission_base.h
+++ b/src/permission/permission_base.h
@@ -27,7 +27,8 @@ namespace permission {
 #define WORKER_THREADS_PERMISSIONS(V)                                          \
   V(WorkerThreads, "worker", PermissionsRoot, "--allow-worker")
 
-#define INSPECTOR_PERMISSIONS(V) V(Inspector, "inspector", PermissionsRoot, "")
+#define INSPECTOR_PERMISSIONS(V)                                               \
+  V(Inspector, "inspector", PermissionsRoot, "--allow-inspector")
 
 #define ADDON_PERMISSIONS(V)                                                   \
   V(Addon, "addon", PermissionsRoot, "--allow-addons")
diff --git a/test/common/index.js b/test/common/index.js
index 0f06c480ff1556..c0bf6bfd0acba1 100755
--- a/test/common/index.js
+++ b/test/common/index.js
@@ -364,6 +364,9 @@ if (hasCrypto) {
   knownGlobals.add(globalThis.SubtleCrypto);
 }
 
+const { Worker } = require('node:worker_threads');
+knownGlobals.add(Worker);
+
 function allowGlobals(...allowlist) {
   for (const val of allowlist) {
     knownGlobals.add(val);
diff --git a/test/parallel/test-permission-allow-inspector.js b/test/parallel/test-permission-allow-inspector.js
new file mode 100644
index 00000000000000..7d8b2aba8357a8
--- /dev/null
+++ b/test/parallel/test-permission-allow-inspector.js
@@ -0,0 +1,55 @@
+// Flags: --permission --allow-fs-read=* --allow-inspector
+'use strict';
+
+const common = require('../common');
+
+common.skipIfInspectorDisabled();
+
+const { Session } = require('node:inspector/promises');
+const assert = require('node:assert');
+
+const session = new Session();
+session.connect();
+
+// Guarantee WorkerImpl doesn't gets bypassed
+(async () => {
+  await session.post('Debugger.enable');
+  await session.post('Runtime.enable');
+
+  globalThis.Worker = require('node:worker_threads').Worker;
+
+  const { result: { objectId } } = await session.post('Runtime.evaluate', { expression: 'Worker' });
+  const { internalProperties } = await session.post('Runtime.getProperties', { objectId: objectId });
+  const {
+    value: {
+      value: { scriptId }
+    }
+  } = internalProperties.filter((prop) => prop.name === '[[FunctionLocation]]')[0];
+  const { scriptSource } = await session.post('Debugger.getScriptSource', { scriptId });
+
+  const lineNumber = scriptSource.substring(0, scriptSource.indexOf('new WorkerImpl')).split('\n').length;
+
+  // Attempt to bypass it based on https://hackerone.com/reports/1962701
+  await session.post('Debugger.setBreakpointByUrl', {
+    lineNumber: lineNumber,
+    url: 'node:internal/worker',
+    columnNumber: 0,
+    condition: '((isInternal = true),false)'
+  });
+
+  assert.throws(() => {
+    // eslint-disable-next-line no-undef
+    new Worker(`
+      const child_process = require("node:child_process");
+      console.log(child_process.execSync("ls -l").toString());
+
+      console.log(require("fs").readFileSync("/etc/passwd").toString())
+    `, {
+      eval: true,
+    });
+  }, {
+    message: 'Access to this API has been restricted. Use --allow-worker to manage permissions.',
+    code: 'ERR_ACCESS_DENIED',
+    permission: 'WorkerThreads'
+  });
+})().then(common.mustCall());
diff --git a/test/parallel/test-permission-inspector.js b/test/parallel/test-permission-inspector.js
index 878adbf93415d4..51994c218eb5bb 100644
--- a/test/parallel/test-permission-inspector.js
+++ b/test/parallel/test-permission-inspector.js
@@ -22,7 +22,7 @@ if (!common.hasCrypto)
     const session = new Session();
     session.connect();
   }, common.expectsError({
-    message: 'Access to this API has been restricted. ',
+    message: 'Access to this API has been restricted. Use --allow-inspector to manage permissions.',
     code: 'ERR_ACCESS_DENIED',
     permission: 'Inspector',
   }));
diff --git a/test/parallel/test-permission-warning-flags.js b/test/parallel/test-permission-warning-flags.js
index 9b20248eae18e9..e203f4bc78b210 100644
--- a/test/parallel/test-permission-warning-flags.js
+++ b/test/parallel/test-permission-warning-flags.js
@@ -7,6 +7,7 @@ const assert = require('assert');
 const warnFlags = [
   '--allow-addons',
   '--allow-child-process',
+  '--allow-inspector',
   '--allow-wasi',
   '--allow-worker',
 ];