admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 10:02:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(Code Node): Update vm2 to address CVE-2023-32313 (#6318)

Browse Source 
GH advisory: https://github.com/advisories/GHSA-p5gc-c584-jj6v
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
2023-05-25 10:55:53 +00:00
committed by GitHub
parent 071955ba68
commit bcbec52552
5 changed files with 23 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
packages/nodes-base/nodes/Code/JavaScriptSandbox.ts
View File

@@ -1,5 +1,5 @@
import type { NodeVMOptions } from 'vm2';
import { NodeVM } from 'vm2';
import { NodeVM, makeResolverFromLegacyOptions } from 'vm2';
import type { IExecuteFunctions, INodeExecutionData, WorkflowExecuteMode } from 'n8n-workflow';
import { ValidationError } from './ValidationError';
@@ -10,16 +10,23 @@ import { Sandbox } from './Sandbox';
const { NODE_FUNCTION_ALLOW_BUILTIN: builtIn, NODE_FUNCTION_ALLOW_EXTERNAL: external } =
process.env;
export const vmResolver = makeResolverFromLegacyOptions({
external: external
? {
modules: external.split(','),
transitive: false,
}
: false,
builtin: builtIn?.split(',') ?? [],
});
const getSandboxOptions = (
context: SandboxContext,
workflowMode: WorkflowExecuteMode,
): NodeVMOptions => ({
console: workflowMode === 'manual' ? 'redirect' : 'inherit',
sandbox: context,
require: {
builtin: builtIn ? builtIn.split(',') : [],
external: external ? { modules: external.split(','), transitive: false } : false,
},
require: vmResolver,
});
export class JavaScriptSandbox extends Sandbox {