Security News
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom Payments Within 24 Hours
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
fs-lock
Advanced tools
open_basedir and file_accessdir for Node
Weekly downloads
Readme
This module implements open_basedir
and file_accessdir
inside of Node.js.
open_basedir
: Validates that all require
's are inside these directories.file_accessdir
: fs
module methods are verified against these directories.If a path is not validated, it will throw an error (either throw or err out the callback).
The goal for this module is to help when you are loading 3rd party modules and you need to restrict their access. A few examples of this come to mind:
When you use this module, you require
it and configure it in your controlled script.
Then any call/require after that will be forced to use these predefined scoped directories.
Since this is written purely in Javascript, there are likely places that a user could
override other methods to gain access. I have tried to prevent this with Object.freeze
on the two Object
's that are modified so that they can't be modified again.
The constructor to fs-lock
can not be called more than once, this means that once the
settings are in place, they can not be overrided (except for testing, view code to see that).
The only overrides available for this are a set of Environment variables that are read at init time. Environment vars where chosen because if you have access to them you probably have access to the script too.
NODEJS_FILE_ACCESSDIR
NODEJS_OPEN_BASEDIR
Both of these support the standard :
separator and will be auto processed when
the module is loaded.
//Do your startup code here, then lock it down with:
require('fs-lock')({
'file_accessdir': [ __dirname, '/tmp' ],
'open_basedir': [ '/usr/local/share/node_modules', __dirname ]
});
var fs = require('fs');
fs.readFile('/etc/passwd', function(err, data) {
//this will throw an Access Denied error
});
FAQs
open_basedir and file_accessdir for Node
The npm package fs-lock receives a total of 32 weekly downloads. As such, fs-lock popularity was classified as not popular.
We found that fs-lock demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
Security News
Redis is no longer OSS, breaking its explicit commitment to remain under the BSD 3-Clause License forever. This has angered contributors who are now working to fork the software.
Product
Socket AI now enables 'AI detected potential malware' alerts by default, ensuring users benefit from AI-powered state-of-the-art malware detection without needing to opt-in.