const Module = require('module');
const originalResolveFilename = Module._resolveFilename;
-const ADDONS_PATH = require('path').join(__dirname, '..', 'addon', process.type, 'addonapi.js');
+const path = require('path');
+const ADDONS_PATH = path.join(__dirname, '..', 'addon', process.type, 'addonapi.js');
+const restrictedDir = '/usr/share/wrt/app';
+const restrictedModules = [ 'wrt' ];
+const keyRequireTerm = 'at require';
+const keyAppsTerm = 'globalapps';
+
+function isRequiredByApps() {
+ let stack = new Error().stack;
+ stack = stack.split('\n');
+ for (let i = 0, line; i < stack.length; ++i) {
+ line = stack[i].trim();
+ if (line.startsWith(keyRequireTerm))
+ return (stack[i + 1].indexOf(keyAppsTerm) !== -1);
+ }
+}
+
+function isRequestRestricted(request) {
+ if (!isRequiredByApps())
+ return false;
+ // Check direct module request => 'wrt'
+ if (restrictedModules.indexOf(request) !== -1)
+ return true;
+ // Check absolute path request => '/usr/share/wrt/...'
+ let resolved = path.resolve(request);
+ if (resolved.startsWith(restrictedDir))
+ return true;
+ return false;
+}
Module._resolveFilename = function (request, parent, isMain) {
- if (request === 'addonapi') {
+ if (isRequestRestricted(request)) {
+ console.error('Access has been restricted');
+ return undefined;
+ } else if (request === 'addonapi') {
return ADDONS_PATH;
} else {
return originalResolveFilename(request, parent, isMain);
projects / platform / framework / web / wrtjs.git / commitdiff