Server.js: improved security
This commit is contained in:
parent
69a8f83c9c
commit
1f93640139
3 changed files with 12 additions and 1 deletions
5
python_aternos/data/package.json
Normal file
5
python_aternos/data/package.json
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"dependencies": {
|
||||
"vm2": "^3.9.13"
|
||||
}
|
||||
}
|
||||
|
|
@ -1,6 +1,8 @@
|
|||
const http = require('http')
|
||||
const process = require('process')
|
||||
|
||||
const { VM } = require('vm2')
|
||||
|
||||
args = process.argv.slice(2)
|
||||
|
||||
const port = args[0] || 8000
|
||||
|
|
@ -16,7 +18,7 @@ const listener = (req, res) => {
|
|||
|
||||
req.on('end', () => {
|
||||
let resp
|
||||
try { resp = JSON.stringify(eval(body)) }
|
||||
try { resp = JSON.stringify(new VM().run(body)) }
|
||||
catch (ex) { resp = ex.message }
|
||||
res.writeHead(200)
|
||||
res.end(resp)
|
||||
|
|
|
|||
Reference in a new issue