Add security documentation for filesystem sandbox

Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>

README-en.md

@@ -34,6 +34,18 @@ Timed task management platform supporting Python3, JavaScript, Shell, Typescript
 - Support system level notification
 - Support dark mode
 - Support cell phone operation
+- Built-in script sandbox to prevent malicious scripts from modifying system files
+
+## Security Features
+
+Qinglong includes a built-in script sandbox mechanism that protects critical system files from being modified by user scripts:
+
+- ✅ Automatically blocks write operations to configuration files (e.g., `task_after.sh`, `config.sh`)
+- ✅ Protects system directories (shell, back, src, etc.) from tampering
+- ✅ Supports Node.js and Python scripts
+- ✅ Enabled by default, no additional configuration required
+
+For more details, see [SECURITY.md](./SECURITY.md)
 
 ## Version
 

README.md

@@ -36,6 +36,18 @@ Timed task management platform supporting Python3, JavaScript, Shell, Typescript
 - 支持系统级通知
 - 支持暗黑模式
 - 支持手机端操作
+- 内置脚本沙箱，防止恶意脚本修改系统文件
+
+## 安全特性
+
+Qinglong 内置了脚本沙箱机制，保护系统关键文件不被用户脚本修改：
+
+- ✅ 自动拦截对配置文件（如 `task_after.sh`、`config.sh`）的写入操作
+- ✅ 保护系统目录（shell、back、src等）不被篡改
+- ✅ 支持 Node.js 和 Python 脚本
+- ✅ 默认启用，无需额外配置
+
+详细信息请查看 [SECURITY.md](./SECURITY.md)
 
 ## 版本
 

SECURITY.md

@@ -3,3 +3,47 @@
 To report a vulnerability, please open a private vulnerability report at <https://github.com/whyour/qinglong/security>.
 
 While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Qinglong to ensure your application remains as secure as possible.
+
+## Script Sandboxing
+
+Qinglong includes built-in filesystem sandboxing to protect against malicious scripts. Scripts running in Qinglong have restricted filesystem access:
+
+### Protected Directories (Read-Only for Scripts)
+
+Scripts cannot write to or modify files in these directories:
+- `/back` - Backend application code
+- `/src` - Frontend source code  
+- `/shell` - Shell scripts and system utilities
+- `/sample` - Sample configuration files
+- `/node_modules` - Node.js dependencies
+- `/data/config` - System configuration files (including `task_before.sh`, `task_after.sh`, `config.sh`, etc.)
+- `/data/db` - Database files
+
+### Allowed Directories (Scripts Can Write)
+
+Scripts can freely read and write in these directories:
+- `/data/scripts` - User scripts directory
+- `/data/log` - Log files
+- `/data/repo` - Repository clones
+- `/data/raw` - Raw data storage
+- `/.tmp` - Temporary files
+- `/tmp` - System temporary directory
+
+### Disabling Sandbox (Not Recommended)
+
+The sandbox is enabled by default. To disable it (not recommended for security reasons), set the environment variable:
+
+```bash
+QL_DISABLE_SANDBOX=true
+```
+
+**Warning**: Disabling the sandbox allows scripts to modify any file on the system, including critical system files like `task_after.sh`, which could compromise the entire Qinglong installation.
+
+### How It Works
+
+The sandbox works by intercepting filesystem operations in Node.js and Python scripts:
+
+- **Node.js**: The sandbox wraps the `fs` module and its methods (`writeFile`, `appendFile`, `mkdir`, `rmdir`, `unlink`, etc.)
+- **Python**: The sandbox wraps `builtins.open()`, `os` module functions, `shutil` operations, and `pathlib.Path` methods
+
+When a script attempts to write to a protected path, the operation is blocked with a `PermissionError` (Python) or `EACCES` error (Node.js).