restrict - npm Package Compare versions

Comparing version 0.0.5 to 0.0.6

lib/index.js

@@ -55,3 +55,3 @@ /*
     paths = (paths instanceof Array) ? paths : [paths];
-    this.commandPaths = getPathCombinations(commands, paths);
+    this.commandPaths = getPathCombinations(this.commands, paths);
 };
@@ -145,4 +145,4 @@
 module.exports = restrict;
-module.exports.setWhitelist = function() {
-    whitelist.set(arguments);
+module.exports.setWhitelist = function(commands, paths) {
+    whitelist.set(commands, paths);
 };

package.json

 {
   "name": "restrict",
   "description": "Restricts applications from calling certain methods on process and all methods on child_process",
-  "version": "0.0.5",
+  "version": "0.0.6",
   "author": "Rohini Harendra <rohini.raghav@gmail.com>",
@@ -6,0 +6,0 @@ "repository": {

tests/test-restict.js

@@ -162,5 +162,6 @@ /*
 	    var self = this;
-	    restrict.setWhitelist(['grep'], ['/bin', '/usr/bin']);    
 	    try {
+		restrict.setWhitelist(['grep'], ['/bin', '/usr/bin']);
 		require('child_process').spawn('grep',['BLA', './*']);
+		self.callback(null, {});
 	    } catch (e) {
@@ -176,2 +177,36 @@ self.callback(null, {
     },
+    'testing restrict with setWhitelist child_process methods whitelist with full path': {
+        topic: function () {
+	    var self = this;
+	    try {
+		restrict.setWhitelist(['grep'], ['/bin', '/usr/bin']);
+		require('child_process').spawn('/usr/bin/grep',['BLA', './*']);
+		self.callback(null, {});
+	    } catch (e) {
+		self.callback(null, {
+		    'error': e
+		});
+	    }
+	},
+	'verify error': function (topic) {
+	    assert.ok(topic.error === undefined);
+	}
+    },
+    'testing restrict with setWhitelist child_process methods whitelist with not whitelist path': {
+        topic: function () {
+	    var self = this;
+	    try {
+		restrict.setWhitelist(['grep'], ['/bin', '/usr/bin']);
+		require('child_process').spawn('/usr/bin64/grep',['BLA', './*']);
+		self.callback(null, {});
+	    } catch (e) {
+		self.callback(null, {
+		    'error': e
+		});
+	    }
+	},
+	'verify error': function (topic) {
+	    assert.ok(topic.error);
+	}
+    },
     'testing restrict with setWhitelist child_process methods non-whitelist': {
@@ -189,3 +224,2 @@ topic: function () {
 	    }
-            
 	},
@@ -196,4 +230,28 @@ 'verify error': function (topic) {
     },
+    'testing restrict with setWhitelist with not arguments child_process methods non-whitelist': {
+        topic: function () {
+	    var self = this;
+	    try {
+		restrict.setWhitelist();
+	    } catch(e) {
+		self.callback(null, {
+		    'error1': e
+		});
+	    }
+	    try {
+		require('child_process').exec('ls',['-ltr']);
+                self.callback(null, {});
+	    } catch (e) {
+		self.callback(null, {
+		    'error2': e
+		});
+	    }
+	},
+	'verify error': function (topic) {
+	    assert.ok(topic.error1 === undefined);
+	    assert.ok(topic.error2 !== null);
+	}
+    },
 
 }
 vows.describe('restrict').addBatch(tests).addBatch(tests_next).export(module);

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14629

increased by11.73%

Lines of code

389

increased by17.88%

Worsened metrics

Number of medium supply chain risk alerts

15

increased by15.38%

No dependency changes