{"id":15514630,"url":"https://github.com/fgasper/p5-filesys-restrict","last_synced_at":"2025-10-20T05:09:41.028Z","repository":{"id":141192167,"uuid":"415037557","full_name":"FGasper/p5-Filesys-Restrict","owner":"FGasper","description":"CPAN’s Filesys::Restrict","archived":false,"fork":false,"pushed_at":"2022-12-30T13:35:34.000Z","size":122,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-28T19:21:25.319Z","etag":null,"topics":["filesystem","perl"],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FGasper.png","metadata":{"files":{"readme":"README.md","changelog":"Changes","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-08T15:27:37.000Z","updated_at":"2022-12-23T18:35:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"ca89c831-6ffa-444d-b0a6-e70c861e1472","html_url":"https://github.com/FGasper/p5-Filesys-Restrict","commit_stats":{"total_commits":34,"total_committers":1,"mean_commits":34.0,"dds":0.0,"last_synced_commit":"8859cc2529a15b2e3c65a74ca9b453aa2edaccf8"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/FGasper/p5-Filesys-Restrict","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FGasper%2Fp5-Filesys-Restrict","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FGasper%2Fp5-Filesys-Restrict/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FGasper%2Fp5-Filesys-Restrict/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FGasper%2Fp5-Filesys-Restrict/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FGasper","download_url":"https://codeload.github.com/FGasper/p5-Filesys-Restrict/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FGasper%2Fp5-Filesys-Restrict/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261315679,"owners_count":23140317,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["filesystem","perl"],"created_at":"2024-10-02T10:00:18.548Z","updated_at":"2025-10-20T05:09:40.939Z","avatar_url":"https://github.com/FGasper.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NAME\n\nFilesys::Restrict - Restrict filesystem access\n\n# SYNOPSIS\n\n    {\n        my $check = Filesys::Restrict::create(\n            sub {\n                my ($op, $path) = @_;\n\n                return 1 if $path =~ m\u003c^/safe/place/\u003e;\n\n                # Deny access to anything else:\n                return 0;\n            },\n        );\n\n        # In this block, most Perl code will throw if it tries\n        # to access anything outside of /safe/place.\n    }\n\n    # No more filesystem checks here.\n\n# DESCRIPTION\n\nThis module is a reasonable-best-effort at preventing Perl code from\naccessing files you don’t want to allow. One potential application of\nthis is to restrict filesystem access to `/tmp` in tests.\n\n# **THIS** **IS** **NOT** **A** **SECURITY** **TOOL!**\n\nThis module cannot prevent all unintended filesystem access.\nThe following are some known ways to circumvent it:\n\n- Use XS modules (e.g., [POSIX](https://metacpan.org/pod/POSIX)).\n- Use one of `open()`’s more esoteric forms.\nThis module tries to parse typical `open()` arguments but doesn’t\n“bend over backward”. The 2- and 3-argument forms are assumed to be\nvalid if there’s an unrecognized format, and we ignore the 1-argument\nform entirely.\n- Call `system()`, `do()`, or `require()`.\n\n    We _could_ actually restrict `do()` and `require()`.\n    These, though, are a bit different from other built-ins because they\n    don’t facilitate reading arbitrary data off the filesystem; rather,\n    they’re narrowly-scoped to bringing in additional Perl code.\n\n    If you have a use case where it’s useful to restrict these,\n    file a feature request.\n\n# SEE ALSO\n\n[Test::MockFile](https://metacpan.org/pod/Test%3A%3AMockFile) can achieve a similar effect to this module but\nhas some compatibility problems with some Perl syntax.\n\nLinux’s [fanotify(7)](http://man.he.net/man7/fanotify) provides a method of real-time access control\nvia the kernel. See [Linux::Fanotify](https://metacpan.org/pod/Linux%3A%3AFanotify) and [Linux::Perl](https://metacpan.org/pod/Linux%3A%3APerl) for Perl\nimplementations.\n\n# FUNCTIONS\n\n## $obj = create( sub { .. } )\n\nCreates an opaque object that installs an access-control callback.\nAny existing access-control callback is saved and restored whenever\n$obj is DESTROYed.\n\nThe access-control callback is called with two arguments:\n\n- The name of the Perl op that requests filesystem access.\nThe names come from `PL_op_desc` in Perl’s [opcode.h](https://metacpan.org/pod/opcode.h) header file;\nthey should correlate to the actual built-in called.\n- The filesystem path in question.\n\nThe callback can end in one of three ways:\n\n- Return truthy to confirm access to the path.\n- Return falsy to cause a [Filesys::Restrict::X::Forbidden](https://metacpan.org/pod/Filesys%3A%3ARestrict%3A%3AX%3A%3AForbidden)\ninstance to be thrown.\n- Throw a custom exception.\n\n# LICENSE \u0026 COPYRIGHT\n\nCopyright 2022 Gasper Software Consulting. All rights reserved.\n\nThis library is licensed under the same terms as Perl itself.\nSee [perlartistic](https://metacpan.org/pod/perlartistic).\n\nThis library was originally a research project at\n[cPanel, L.L.C.](https://cpanel.net).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffgasper%2Fp5-filesys-restrict","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffgasper%2Fp5-filesys-restrict","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffgasper%2Fp5-filesys-restrict/lists"}