无论如何要修复mathjs漏洞
[英]Anyway to fix mathjs vulnerabilities
问题描述
In math.js there are vulnerabilities where if a person enters a impossible question, 1:999999999999999999999 , it will crash the node.js process, any ideas?
在math.js中存在漏洞,如果一个人输入一个不可能的问题1:999999999999999999999 ,它将使node.js进程崩溃,有什么想法吗?
The code I use for calculations:我用于计算的代码:
let resp;
try {
resp = math.evaluate(args.join(" "))
} catch (e) {
return message.channel.send('Please provide a **valid** question')
}
2 个解决方案
解决方案1
0 2021-08-30 20:15:59
You can use a child process for running the calculations and limiting the maximum memory of processes on your OS, if you are using linux on a raspberry pi for example例如,如果您在树莓派上使用 linux,您可以使用子进程来运行计算并限制操作系统上进程的最大 memory
解决方案2
0 2022-01-19 08:19:33
It's really absurd but if 1:999999999999999999999 is your only concern, I have noticed that / does not cause any problems but: does.这真的很荒谬,但是如果1:999999999999999999999是您唯一关心的问题,我注意到 / 不会引起任何问题,但是:会。 So you could replace every : in your calculation with / .因此,您可以将计算中的每个:替换为/ 。
let resp;
try {
resp = math.evaluate(args.join(" ").replace(/:/g, "/"))
} catch (e) {
return message.channel.send('Please provide a **valid** question')
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.