diff --git a/README-en.md b/README-en.md index e0e1eb59..e6ebba5f 100644 --- a/README-en.md +++ b/README-en.md @@ -34,6 +34,18 @@ Timed task management platform supporting Python3, JavaScript, Shell, Typescript - Support system level notification - Support dark mode - Support cell phone operation +- Built-in script sandbox to prevent malicious scripts from modifying system files + +## Security Features + +Qinglong includes a built-in script sandbox mechanism that protects critical system files from being modified by user scripts: + +- ✅ Automatically blocks write operations to configuration files (e.g., `task_after.sh`, `config.sh`) +- ✅ Protects system directories (shell, back, src, etc.) from tampering +- ✅ Supports Node.js and Python scripts +- ✅ Enabled by default, no additional configuration required + +For more details, see [SECURITY.md](./SECURITY.md) ## Version diff --git a/README.md b/README.md index fadc841b..e7cb41f2 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,18 @@ Timed task management platform supporting Python3, JavaScript, Shell, Typescript - 支持系统级通知 - 支持暗黑模式 - 支持手机端操作 +- 内置脚本沙箱,防止恶意脚本修改系统文件 + +## 安全特性 + +Qinglong 内置了脚本沙箱机制,保护系统关键文件不被用户脚本修改: + +- ✅ 自动拦截对配置文件(如 `task_after.sh`、`config.sh`)的写入操作 +- ✅ 保护系统目录(shell、back、src等)不被篡改 +- ✅ 支持 Node.js 和 Python 脚本 +- ✅ 默认启用,无需额外配置 + +详细信息请查看 [SECURITY.md](./SECURITY.md) ## 版本 diff --git a/SECURITY.md b/SECURITY.md index 89f3a34a..72409330 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -3,3 +3,47 @@ To report a vulnerability, please open a private vulnerability report at . While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Qinglong to ensure your application remains as secure as possible. + +## Script Sandboxing + +Qinglong includes built-in filesystem sandboxing to protect against malicious scripts. Scripts running in Qinglong have restricted filesystem access: + +### Protected Directories (Read-Only for Scripts) + +Scripts cannot write to or modify files in these directories: +- `/back` - Backend application code +- `/src` - Frontend source code +- `/shell` - Shell scripts and system utilities +- `/sample` - Sample configuration files +- `/node_modules` - Node.js dependencies +- `/data/config` - System configuration files (including `task_before.sh`, `task_after.sh`, `config.sh`, etc.) +- `/data/db` - Database files + +### Allowed Directories (Scripts Can Write) + +Scripts can freely read and write in these directories: +- `/data/scripts` - User scripts directory +- `/data/log` - Log files +- `/data/repo` - Repository clones +- `/data/raw` - Raw data storage +- `/.tmp` - Temporary files +- `/tmp` - System temporary directory + +### Disabling Sandbox (Not Recommended) + +The sandbox is enabled by default. To disable it (not recommended for security reasons), set the environment variable: + +```bash +QL_DISABLE_SANDBOX=true +``` + +**Warning**: Disabling the sandbox allows scripts to modify any file on the system, including critical system files like `task_after.sh`, which could compromise the entire Qinglong installation. + +### How It Works + +The sandbox works by intercepting filesystem operations in Node.js and Python scripts: + +- **Node.js**: The sandbox wraps the `fs` module and its methods (`writeFile`, `appendFile`, `mkdir`, `rmdir`, `unlink`, etc.) +- **Python**: The sandbox wraps `builtins.open()`, `os` module functions, `shutil` operations, and `pathlib.Path` methods + +When a script attempts to write to a protected path, the operation is blocked with a `PermissionError` (Python) or `EACCES` error (Node.js).