open-source/qinglong
1
0
Fork 0
mirror of https://github.com/whyour/qinglong.git synced 2025-12-13 07:25:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
e28cce1636
qinglong/SECURITY.md
copilot-swe-agent[bot] e28cce1636 Update documentation with subprocess protection details 
Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
2025-11-17 15:17:28 +00:00

2.7 KiB
Raw Blame History

Reporting a Vulnerability

To report a vulnerability, please open a private vulnerability report at https://github.com/whyour/qinglong/security.

While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Qinglong to ensure your application remains as secure as possible.

Script Sandboxing

Qinglong includes built-in filesystem sandboxing to protect against malicious scripts. Scripts running in Qinglong have restricted filesystem access:

Protected Directories (Read-Only for Scripts)

Scripts cannot write to or modify files in these directories:

  • /back - Backend application code
  • /src - Frontend source code
  • /shell - Shell scripts and system utilities
  • /sample - Sample configuration files
  • /node_modules - Node.js dependencies
  • /data/config - System configuration files (including task_before.sh, task_after.sh, config.sh, etc.)
  • /data/db - Database files

Allowed Directories (Scripts Can Write)

Scripts can freely read and write in these directories:

  • /data/scripts - User scripts directory
  • /data/log - Log files
  • /data/repo - Repository clones
  • /data/raw - Raw data storage
  • /.tmp - Temporary files
  • /tmp - System temporary directory

Disabling Sandbox (Not Recommended)

The sandbox is enabled by default. To disable it (not recommended for security reasons), set the environment variable:

QL_DISABLE_SANDBOX=true

Warning: Disabling the sandbox allows scripts to modify any file on the system, including critical system files like task_after.sh, which could compromise the entire Qinglong installation.

How It Works

The sandbox works by intercepting filesystem operations and subprocess executions in Node.js and Python scripts:

  • Node.js:
    • Wraps the fs module and its methods (writeFile, appendFile, mkdir, rmdir, unlink, etc.)
    • Wraps the child_process module (spawn, exec, execSync, etc.) to prevent sandbox bypass via subprocesses
    • Automatically injects NODE_OPTIONS into all spawned subprocesses
  • Python:
    • Wraps builtins.open(), os module functions, shutil operations, and pathlib.Path methods
    • Wraps subprocess module functions (Popen, run, call, etc.) to prevent sandbox bypass
    • Automatically injects PYTHONPATH into all spawned subprocesses

When a script attempts to write to a protected path, the operation is blocked with a PermissionError (Python) or EACCES error (Node.js).

Subprocess Protection: The sandbox also prevents scripts from bypassing restrictions by spawning node or python3 subprocesses. All spawned subprocesses automatically inherit the sandbox, ensuring consistent protection.