[英]How can I run user code securely in nodejs using VM without being vulnerable to attacks
I'm making a nodejs project, and I want to be able to run user code safely using the vm
module, but there's many vulnerabilities such as the constructor
of every object/function to be used to eval js string.我正在制作一个 nodejs 项目,我希望能够使用
vm
模块安全地运行用户代码,但是存在许多漏洞,例如每个对象/函数的constructor
函数都用于评估 js 字符串。 any way to secure it?有什么方法可以保护它吗? Thanks!
谢谢!
I tried everything, but nothing works.我尝试了一切,但没有任何效果。 I also don't want to use other packages.
我也不想使用其他包。 Thanks.
谢谢。
There doesn't seem to be any built-in method to run untrusted code safely.似乎没有任何内置方法可以安全地运行不受信任的代码。 I suppose if you could work with external libraries, there are a few solutions dedicated to this purpose like isolated-vm and vm2 .
我想如果您可以使用外部库,那么有一些专门用于此目的的解决方案,例如isolated-vm和vm2 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.