src: whitelist new options for NODE_OPTIONS

Add --inspect-*, --napi-modules, --trace-event-categories

Remove --prof-process, like -p and -e, it causes node to do something
other than run node js scripts.

PR-URL: https://github.com/nodejs/node/pull/13002
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

doc/api/cli.md

@@ -411,14 +411,18 @@ Node options that are allowed are:
 - `--enable-fips`
 - `--force-fips`
 - `--icu-data-dir`
+- `--inspect-brk`
+- `--inspect-port`
+- `--inspect`
+- `--napi-modules`
 - `--no-deprecation`
 - `--no-warnings`
 - `--openssl-config`
-- `--prof-process`
 - `--redirect-warnings`
 - `--require`, `-r`
 - `--throw-deprecation`
 - `--trace-deprecation`
+- `--trace-events-categories`
 - `--trace-events-enabled`
 - `--trace-sync-io`
 - `--trace-warnings`

src/node.cc

@@ -3703,25 +3703,29 @@ static void CheckIfAllowedInEnv(const char* exe, bool is_env,
 
   static const char* whitelist[] = {
     // Node options
-    "-r", "--require",
+    "--require", "-r",
+    "--inspect",
+    "--inspect-brk",
+    "--inspect-port",
     "--no-deprecation",
+    "--trace-deprecation",
+    "--throw-deprecation",
     "--no-warnings",
+    "--napi-modules",
     "--trace-warnings",
     "--redirect-warnings",
-    "--trace-deprecation",
     "--trace-sync-io",
     "--trace-events-enabled",
+    "--trace-events-categories",
     "--track-heap-objects",
-    "--throw-deprecation",
     "--zero-fill-buffers",
     "--v8-pool-size",
-    "--use-openssl-ca",
     "--use-bundled-ca",
+    "--use-openssl-ca",
     "--enable-fips",
     "--force-fips",
     "--openssl-config",
     "--icu-data-dir",
-    "--napi-modules",
 
     // V8 options
     "--max_old_space_size",