Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
52 lines (42 sloc) 2.03 KB

This module adds some protection aganist poison null bytes to the native "fs" module. To activate it, just put this at the top of your main application file:

require('protect-fs')

This modifies all relevant fs methods (I hope I didn't forget any) to give you this protection.

Installation

npm install protect-fs

Examples

> require('fs').readFileSync('/etc/passwd\0', 'utf8').length
2226
> require('fs').readFile('/etc/passwd\0', 'utf8', function(e,d){if(e){console.error('error cb');throw e;}console.log(d.length)})
> 2226

> require('protect-fs')
{}
> require('fs').readFileSync('/etc/passwd\0', 'utf8').length
Error: fs function was called with a nullbyte in argument #0
    at fail (/home/jann/tmp/node_modules/protect-fs/index.js:17:15)
    at Object.openSync (/home/jann/tmp/node_modules/protect-fs/index.js:28:16)
    at Object.readFileSync (fs.js:113:15)
    at repl:1:16
    at REPLServer.eval (repl.js:80:21)
    at Interface.<anonymous> (repl.js:182:12)
    at Interface.emit (events.js:67:17)
    at Interface._onLine (readline.js:162:10)
    at Interface._line (readline.js:426:8)
    at Interface._ttyWrite (readline.js:603:14)
> require('fs').readFile('/etc/passwd\0', 'utf8', function(e,d){if(e){console.error('error cb');throw e;}console.log(d.length)})
> error cb

node.js:202
        throw e; // process.nextTick error, or 'error' event on first tick
              ^
Error: fs function was called with a nullbyte in argument #0
    at fail (/home/jann/tmp/node_modules/protect-fs/index.js:17:15)
    at Object.open (/home/jann/tmp/node_modules/protect-fs/index.js:28:16)
    at new <anonymous> (fs.js:1019:6)
    at Object.createReadStream (fs.js:973:10)
    at Object.readFile (fs.js:71:23)
    at repl:1:16
    at REPLServer.eval (repl.js:80:21)
    at Interface.<anonymous> (repl.js:182:12)
    at Interface.emit (events.js:67:17)
    at Interface._onLine (readline.js:162:10)
Jump to Line
Something went wrong with that request. Please try again.