Server.js: improved security

This commit is contained in:
DarkCat09 2022-12-26 16:20:33 +04:00
parent 69a8f83c9c
commit 1f93640139
3 changed files with 12 additions and 1 deletions

4
.gitignore vendored
View file

@ -110,3 +110,7 @@ cython_debug/
# Credentials for unittest
tests/samples/login_pswd.txt
# NPM
node_modules/
package-lock.json

View file

@ -0,0 +1,5 @@
{
"dependencies": {
"vm2": "^3.9.13"
}
}

View file

@ -1,6 +1,8 @@
const http = require('http')
const process = require('process')
const { VM } = require('vm2')
args = process.argv.slice(2)
const port = args[0] || 8000
@ -16,7 +18,7 @@ const listener = (req, res) => {
req.on('end', () => {
let resp
try { resp = JSON.stringify(eval(body)) }
try { resp = JSON.stringify(new VM().run(body)) }
catch (ex) { resp = ex.message }
res.writeHead(200)
res.end(resp)