Update documentation with subprocess protection details

Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
2025-12-15 08:25:38 +08:00 · 2025-11-17 15:17:28 +00:00 · 2025-11-17 15:17:28 +00:00 · e28cce1636
commit e28cce1636
parent 38d1f67301
2 changed files with 20 additions and 3 deletions
--- a/IMPLEMENTATION_SUMMARY.md
+++ b/IMPLEMENTATION_SUMMARY.md
@ -23,6 +23,8 @@ Implemented a filesystem sandbox that intercepts file operations and blocks unau
 - Wraps all fs module write methods (writeFile, appendFile, mkdir, unlink, etc.)
 - Wraps fs.promises API
 - Wraps fs.createWriteStream
 - **Wraps child_process module** (spawn, exec, execSync, fork, etc.) to prevent subprocess bypass
 - Automatically injects NODE_OPTIONS into subprocess environments
 - Prevents module require bypass by wrapping Module.prototype.require
 - Returns EACCES error with security message for blocked operations
@ -31,6 +33,8 @@ Implemented a filesystem sandbox that intercepts file operations and blocks unau
 - Wraps os module functions (remove, mkdir, rename, chmod, etc.)
 - Wraps shutil operations (rmtree, copy, move, etc.)
 - Wraps pathlib.Path methods (write_text, mkdir, unlink, etc.)
 - **Wraps subprocess module** (Popen, run, call, check_call, etc.) to prevent subprocess bypass
 - Automatically injects PYTHONPATH into subprocess environments
 - Raises PermissionError with security message for blocked operations
 #### 3. Integration
@ -38,6 +42,11 @@ Implemented a filesystem sandbox that intercepts file operations and blocks unau
 - Updated `shell/preload/sitecustomize.py` to load Python sandbox first
 - Sandboxes are loaded before any user code executes
 #### 4. Subprocess Protection
 - Scripts cannot bypass the sandbox by spawning `node` or `python3` subprocesses
 - All child processes automatically inherit the sandbox through environment variables
 - Prevents common bypass attempts like `execSync('node malicious.js')`
 ### Protected Directories
 Scripts CANNOT write to:
 - `/back` - Backend application code
--- a/SECURITY.md
+++ b/SECURITY.md
@ -41,9 +41,17 @@ QL_DISABLE_SANDBOX=true
 ### How It Works
-The sandbox works by intercepting filesystem operations in Node.js and Python scripts:
+The sandbox works by intercepting filesystem operations and subprocess executions in Node.js and Python scripts:
- **Node.js**: The sandbox wraps the `fs` module and its methods (`writeFile`, `appendFile`, `mkdir`, `rmdir`, `unlink`, etc.)
+- **Node.js**: 
- **Python**: The sandbox wraps `builtins.open()`, `os` module functions, `shutil` operations, and `pathlib.Path` methods
+  - Wraps the `fs` module and its methods (`writeFile`, `appendFile`, `mkdir`, `rmdir`, `unlink`, etc.)
  - Wraps the `child_process` module (spawn, exec, execSync, etc.) to prevent sandbox bypass via subprocesses
  - Automatically injects NODE_OPTIONS into all spawned subprocesses
 - **Python**: 
  - Wraps `builtins.open()`, `os` module functions, `shutil` operations, and `pathlib.Path` methods
  - Wraps `subprocess` module functions (Popen, run, call, etc.) to prevent sandbox bypass
  - Automatically injects PYTHONPATH into all spawned subprocesses
 When a script attempts to write to a protected path, the operation is blocked with a `PermissionError` (Python) or `EACCES` error (Node.js).
 **Subprocess Protection**: The sandbox also prevents scripts from bypassing restrictions by spawning `node` or `python3` subprocesses. All spawned subprocesses automatically inherit the sandbox, ensuring consistent protection.