Closed alexec closed 4 years ago
You can write outside your own tree:
$ cat main.js
const alice = {
name: 'Alice',
beverage: 'Club-Mate',
monitors: 2,
languages: [
'python',
'haskell',
'c++',
'68k assembly', // Alice is cool like that!
],
};
// Instruct to write the alice object as a YAML file.
export default [
{ value: alice, file: `../developers/${alice.name.toLowerCase()}.yaml` },
./jk generate main.js
# could be /etc/passwd!
ls ../developers
See #159
Ulp yes, I noticed that reads are sandboxed but writes not yet, the other day while doing something tangential. They should get the same treatment (you can write under the output directory, but not outside it). I've filed #345 for this.
Re disallowing writes at all, what's the use case you have in mind, @alexec?
I think sandboxing to the root would meet safety requirements.
Is it possible to run JK in a sandbox mode. E.g. with no ability to write to the FS?