admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 18:12:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(Code Node): Update vm2 to address CVE-2023-32313 (#6318)

Browse Source 
GH advisory: https://github.com/advisories/GHSA-p5gc-c584-jj6v
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
2023-05-25 10:55:53 +00:00
committed by GitHub
parent 071955ba68
commit bcbec52552
5 changed files with 23 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
packages/nodes-base/nodes/Function/Function.node.ts
View File

@@ -9,6 +9,7 @@ import type {
INodeTypeDescription,
} from 'n8n-workflow';
import { deepCopy, NodeOperationError } from 'n8n-workflow';
import { vmResolver } from '../Code/JavaScriptSandbox';
export class Function implements INodeType {
description: INodeTypeDescription = {
@@ -150,23 +151,9 @@ return items;`,
const options: NodeVMOptions = {
console: mode === 'manual' ? 'redirect' : 'inherit',
sandbox,
require: {
external: false as boolean | { modules: string[]; transitive: boolean },
builtin: [] as string[],
},
require: vmResolver,
};
if (process.env.NODE_FUNCTION_ALLOW_BUILTIN && typeof options.require === 'object') {
options.require.builtin = process.env.NODE_FUNCTION_ALLOW_BUILTIN.split(',');
}
if (process.env.NODE_FUNCTION_ALLOW_EXTERNAL && typeof options.require === 'object') {
options.require.external = {
modules: process.env.NODE_FUNCTION_ALLOW_EXTERNAL.split(','),
transitive: false,
};
}
const vm = new NodeVM(options);
if (mode === 'manual') {