restrict - npm Package Compare versions

Comparing version 0.0.1 to 0.0.2

lib/index.js

		@@ -12,5 +12,12 @@ /*
		*/
		function permissionDenied(name) {
		function permissionDenied(name, originalMethod, whitelist) {
		return function () {
		throw new Error("Function call " + name + "() is prohibited in this environment.");
		if (whitelist.indexOf(arguments[0]) >= 0) {
		return originalMethod.apply(this, arguments);
		} else if (arguments.length >= 2
		&& whitelist.indexOf((arguments[1])[1]) >= 0) {
		return originalMethod.apply(this, arguments);
		} else {
		throw new Error("Function call " + name + "() is prohibited in this environment.");
		}
		};
		@@ -22,6 +29,12 @@ }
		*/
		function restrict() {
		function restrict(config) {

		var origBinding = process.binding,
		fn;
		fn,
		whitelist = config.whitelist ? config.whitelist : [],
		whitelistPath = config.whitelistPath ? config.whitelistPath : '/usr/local/bin',
		whitelistAbs = whitelist.map(function(single) {
		return whitelistPath + "/" + single;
		}),
		originalMethod;

		@@ -36,6 +49,6 @@ process.binding = function (name) {

		// restrict the functionality on the module itself
		for (fn in child) {
		if (child.hasOwnProperty(fn)) {
		child[fn] = permissionDenied(fn);
		originalMethod = child[fn];
		child[fn] = permissionDenied(fn, originalMethod, whitelistAbs);
		}
		@@ -48,2 +61,2 @@ }

		module.exports = restrict();
		module.exports = restrict;

package.json

		{
		"name": "restrict",
		"description": "Restricts applications from calling certain methods on process and all methods on child_process",
		"version": "0.0.1",
		"version": "0.0.2",
		"author": "Rohini Harendra <rohini.raghav@gmail.com>",
		@@ -6,0 +6,0 @@ "repository": {

README.md

		@@ -19,6 +19,16 @@ # restrict

		require('restrict');
		var restrict = require('restrict');
		// ls is whitelisted
		restrict({
		'whitelist': ['ls'],
		'whitelistPath': '/bin'
		});

		var child_process = require('child_process');
		try {
		// ls is whitelisted. So you can see the output of ls
		child_process.exec('/bin/ls', function (err, stdout, stderr) {
		console.log(stdout);
		});
		// grep is not whitelisted. Exception thrown
		child_process.spawn('grep', ['ssh']);
		@@ -38,1 +48,8 @@ } catch (e) {
		```
		# Build Status

		[![Build Status](https://secure.travis-ci.org/yahoo/node-restrict.png?branch=master)](http://travis-ci.org/yahoo/node-restrict)

		# Node Badge

		[![NPM](https://nodei.co/npm/restrict.png)](https://nodei.co/npm/restrict/)

tests/test-restict.js

		@@ -9,3 +9,8 @@ /*

		require('..');
		var restrict = require('..');
		// Add ls to whitelist
		restrict({
		'whitelist': ['ls'],
		'whitelistPath': '/bin'
		});

		@@ -29,2 +34,19 @@ var tests = {
		},
		'testing restrict child_process methods whitelist': {
		topic: function () {
		var self = this;
		try {
		require('child_process').exec('/bin/ls',['-ltr']);
		self.callback(null, {});
		} catch (e) {
		self.callback(null, {
		'error': e
		});
		}

		},
		'verify error': function (topic) {
		assert.ok(topic.error === undefined);
		}
		},
		'testing restrict kill method': {
		@@ -31,0 +53,0 @@ topic: function () {

Improved metrics