-
-
Notifications
You must be signed in to change notification settings - Fork 5
Permissions
EnginePermissions is a [Flags] enum that restricts which system resources a script can access. The default is None — safe by default, unsafe by choice.
using DScript.Extras;
// Deny all privileged operations (default — safe by default)
new EngineFunctionLoader().RegisterFunctions(engine);
// Selective access
new EngineFunctionLoader().RegisterFunctions(engine,
EnginePermissions.FileSystemRead | EnginePermissions.Network);
// Full file-system access including paths outside the working directory
new EngineFunctionLoader().RegisterFunctions(engine, EnginePermissions.FileSystemUnsafe);
// All permissions
new EngineFunctionLoader().RegisterFunctions(engine, EnginePermissions.All);| Flag | Value | Guards |
|---|---|---|
FileSystemRead |
1 |
readFileSync, existsSync, statSync, readdirSync
|
FileSystemWrite |
33 (includes Read) |
writeFileSync, appendFileSync, mkdirSync, rmdirSync, unlinkSync, renameSync, copyFileSync (dest) |
FileSystemEscape |
64 |
Paths outside the process working directory. Off by default. |
FileSystem |
FileSystemRead | FileSystemWrite |
Read + write, confined to CWD (backwards-compat alias) |
FileSystemUnsafe |
FileSystem | FileSystemEscape |
Unrestricted file-system access |
Write implies read. Granting FileSystemWrite automatically satisfies any FileSystemRead check.
CWD confinement. Without FileSystemEscape, all fs.* paths are resolved via Path.GetFullPath and must fall inside Directory.GetCurrentDirectory(). Attempting to access a path outside CWD (e.g. /etc/passwd, ../secret, an absolute temp path) throws PermissionException(FileSystemEscape).
| Flag | Guards |
|---|---|
Network |
fetch(), http.createServer, net.createServer, net.createConnection
|
| Flag | Default | Guards |
|---|---|---|
ProcessSpawn |
off |
child_process.execSync, spawnSync, exec, spawn
|
ProcessExit |
off | process.exit() |
| Flag | Value | Guards |
|---|---|---|
EnvironmentVariablesRead |
16 |
process.getenv(), process.env (read) |
EnvironmentVariablesWrite |
144 (includes Read) |
process.setenv() |
EnvironmentVariables |
16 |
Alias for EnvironmentVariablesRead (backwards-compat) |
Write implies read. Granting EnvironmentVariablesWrite automatically satisfies any EnvironmentVariablesRead check.
| Flag | Meaning |
|---|---|
None |
No privileged operations allowed |
All |
All operations allowed |
Attempting a denied operation throws PermissionException (a C# exception, not a script-level error). It is not catchable inside a script's try/catch — it propagates out of engine.Run() to the host.
From C# it is catchable as PermissionException:
try
{
engine.Run(program);
}
catch (PermissionException ex)
{
Console.Error.WriteLine($"Permission denied: {ex.Required}");
}Run arbitrary user code with no system access at all:
var engine = new ScriptEngine();
new EngineFunctionLoader().RegisterFunctions(engine, EnginePermissions.None);
engine.SetTimeout(TimeSpan.FromSeconds(5));
engine.SetInstructionLimit(10_000_000);
try
{
engine.Run(ScriptEngine.Compile(userCode));
}
catch (ScriptTimeoutException) { /* killed by limit */ }
catch (PermissionException) { /* tried to access system */ }
catch (JITException ex) { /* script runtime error */ }Allow a script to read its own data files, nothing else:
new EngineFunctionLoader().RegisterFunctions(engine, EnginePermissions.FileSystemRead);Paths are automatically confined to the working directory. Attempting fs.readFileSync('/etc/passwd') throws even though read permission is granted.
// Read-only access to environment variables
new EngineFunctionLoader().RegisterFunctions(engine, EnginePermissions.EnvironmentVariablesRead);
// Read and write
new EngineFunctionLoader().RegisterFunctions(engine, EnginePermissions.EnvironmentVariablesWrite);Script usage:
var path = process.getenv('PATH');
var allEnv = process.env; // object snapshot of all env vars
process.setenv('MY_VAR', 'hello'); // requires EnvironmentVariablesWrite