/limit-dirpath

Primary LanguageJavaScriptMIT LicenseMIT

Method Limiter

npm Libraries.io dependency status for latest release GitHub top language NPM

npm npm

paypal

Set a directory limit for require and fs functions.

Notice: This module should Not be relied on for security on its own. You should Never depend on this module to block unknown users from a directory. This module is build so you can easily try to limit yourself from accidentally exiting a directory, or to limit admins to a specific root, but that does Not mean it will always work.

Installation

npm install @aspiesoft/limit-dirpath

Setup

const LimitDirpath = require('@aspiesoft/limit-dirpath');

Usage

// options, and their defaults
LimitDirpath({
    throwErrors: true,
    root: false,
    require: 'modules',
    modules: true,
    fs: false,
    eval: false,
});


// to include a root limited fs function
const fs = LimitDirpath({root: __dirname, fs: true}).fs;

Note: anything that runs before this function, will not be limited

throwErrors

  • If true, will through errors.
  • If false, will return null or undefined.

root

  • Set to a dir path to limit file requests to that path.
  • If false, will try to grab the dirname from the main file.

require

  • This node module modifies the default require function, to help add limits. There are also a few options for this.
  • If true, will allow any file within the root option you set.
  • If false, will try to completely disable the require function.
  • Set to 'module', to attempt to only allow node_modules to be required.

modules

  • There are some additional options to control requiring modules.
  • If true, will allow any node_module to be required.
  • If false, will try to block any node_modules from being required.
  • Set to an array, to only allow node_modules mentioned in that list.
  • Set to an object, to use array lists: allow and deny.

fs

  • This node module can generate a new, and limited fs function. It cannot override the original fs module, the modules fs and fs-extra will not be allowed. You should manually deny any other modules, or only allow specific ones. This module uses fs-extra to add some extra capabilities to make up for the permission restrictions.
  • If false, fs is not added.
  • If true, a root limited fs object will be returned from the function, with all fs actions allowed by default
  • If an array, you can list what fs actions are allowed.
    • ['read', 'write', 'stream', 'add', 'modify', 'append', 'delete', 'rename', 'watch', 'copy', 'move', 'exists', 'sync', 'dir', 'js', 'json']
    • read: allows reading files
      • stream: can createReadStream
    • write: allows writing to files
      • stream: can createWriteStream
      • add: can add new files
      • modify: can modify existing files
      • if add and modify are not included, but write is, there both assumed as true
      • append: can append to a file
    • delete: can delete files
    • rename: can rename files
    • watch: can watch files
    • copy: can copy files
    • move: can move files
    • exists: can check if files exist
    • sync: can run readSync, writeSync, ect.
    • dir: can do similar allowed actions with directories
    • js: can run methods on files that end with .js
    • json: can run methods on files that end with .json

eval

  • If true, will allow eval to be used.
  • If false, will override the eval function, with a permission denied function.
  • If 'global', will override eval, but not global.eval.