Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
artch2015-01-16 12:49:04
Node.js
artch, 2015-01-16 12:49:04

Hiding global access in node.js?

Task: to make it so that some code executing on the server through eval (or through the function constructor, it doesn’t matter) in any way could not access the global object and require.
A simple solution:

function runCode(code) {
  var global, require; 
  eval(code);
}

// evaled code:
console.log(global); // -> undefined

Solution workaround:
// evaled code:  
var global = eval("(new ('hello'.constructor.constructor)('return global;'))()");
console.log(global); // !!!

Question: how to more securely hide the global so that this workaround doesn't work?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Denis Pushkarev, 2015-01-16
@artch

vm.runInNewContext

Similar questions
G
gassmonkey2015-12-25 22:56:54
Are node.js issues fixed on Win10? 3Reply
C
cat_crash2012-11-30 21:26:52
Why is the code not being executed 3Reply
C
cat_crash2012-12-03 11:41:48
NodeJS + jsDom synchronous call? 5Reply
A
Alexey Yarkov2015-12-27 21:21:48
Chat on Node.js. What DB to use? 3Reply
A
Alexey Dugnist2015-12-28 16:20:09
Is it possible to compress pictures using compression in express 4...? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question