Closed boneskull closed 3 weeks ago
@kriskowal I've added some tests: https://github.com/endojs/endo/pull/2308/files#diff-83a914c4839dc5f99eee550a04270efaa250a614f292da572b717e3cde1db18f
Noting that a snapshot would be inappropriate for captureFromMap()
's output, since it contains many absolute paths.
Description
This exposes
captureFromMap()
incapture-lite.js
.This function is similar to e.g.,
makeArchiveFromMap()
inarchive-lite.js
; but rather than creating a.zip
archive, it simply returns the fully-completedCompartmentMapDescriptor
,Sources
, and a mapping of filename to compartment map name.This information is needed for next-gen-lavamoat-node ("endomoat")'s automatic policy generation.
Another commit disables the hardcoded check for parsers in the compartment map validation functions (which are no longer necessary after #2304).
Questions
archive-lite.js
intocapture-lite.js
. Should these be extracted into a shared module?Security Considerations
None that I'm aware of.
Scaling Considerations
If anything, it may shave a few nanoseconds off of compartment map validation.
Documentation Considerations
Probably should be added to
NEWS.md
.Testing Considerations
captureFromMap()
needs some sort of basic round-trip test. I think a snapshot of the return value may suffice?Compatibility Considerations
None
Upgrade Considerations
None