3

I'm making a nodejs project, and I want to be able to run user code safely using the vm module, but there's many vulnerabilities such as the constructor of every object/function to be used to eval js string. any way to secure it? Thanks!

I tried everything, but nothing works. I also don't want to use other packages. Thanks.

xzfses dawqdq
  • 31
  • 2
  • There are plenty of similar questions in this space. Though it may be very obvious to you (and to someone else after carefully reading your question), it would still be useful to others if you indicated clearly how your question differs from the others, or how their answers were insufficient for your question. Ex. [1](https://stackoverflow.com/q/7446729/20170164), [2](https://stackoverflow.com/q/11028666/20170164), [3](https://stackoverflow.com/q/73236354/20170164), [4](https://stackoverflow.com/q/17513212/20170164). That's one way you can demonstrate your on-site research effort. – rainbow.gekota Nov 01 '22 at 18:14

1 Answers1

1

There doesn't seem to be any built-in method to run untrusted code safely. I suppose if you could work with external libraries, there are a few solutions dedicated to this purpose like isolated-vm and vm2.

kush
  • 154
  • 1
  • 12