Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

A wrapper around the core 'fs' module that allows for sandboxed access by whitelisting or blacklisting

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 lib
Octocat-spinner-32 test
Octocat-spinner-32 LICENSE.txt
Octocat-spinner-32 README.md
Octocat-spinner-32 package.json
README.md

nodejs-sandboxed-fs

Identical API to the core fs module, but allows for whitelisting and blacklisting of certain paths. Can be used to provide sandboxed file system for VM sandboxes.

TODO

  • Implement all the APIs.

Installing

This package is proof of concept and is not published to npmjs.org.

Usage

Will only be able to access files and folders beyond the listed paths.

var sbfs = require("sandboxed-fs").createWhitelisted([
    "/home/deploy/foo",
    "/tmp"
]);

Will not be able to access any files or folders in the specified paths.

var sbfs = require("sandboxed-fs").createBlacklisted([
    "/var",
    "/home"
]);

The sbfs can then be used as a normal fs module, with 100% core fs module API compatibility.

You probably want to use this module in a VM, like so:

var sbfs = require("sandboxed-fs").createWhitelisted([...]);
var vm = require("vm");
var ctx = {};
ctx.require = function (module) {
    if (module === "fs") {
        return sbfs;
    }

    return require(module);
}
vm.runInNewContext(stringOfCode, ctx);

The stringOfCode will be evaluated as a normal Node.js script, but will only have the globals available that you specify in ctx. Here we define our own require, where fs will return our own sbfs module, or otherwise piggyback to the normal require.

Something went wrong with that request. Please try again.