admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 10:02:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): Prevent arbitrary code execution via expressions (#6420)

Browse Source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
2023-06-14 13:15:27 +02:00
committed by GitHub
parent 2aef9de148
commit da7ae2beef
2 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
packages/workflow/src/Expression.ts
View File

@@ -39,6 +39,18 @@ tmpl.tmpl.errorHandler = (error: Error) => {
}
};
// eslint-disable-next-line @typescript-eslint/naming-convention
const AsyncFunction = (async () => {}).constructor as FunctionConstructor;
const fnConstructors = {
sync: Function.prototype.constructor,
// eslint-disable-next-line @typescript-eslint/ban-types
async: AsyncFunction.prototype.constructor,
mock: () => {
throw new ExpressionError('Arbitrary code execution detected');
},
};
export class Expression {
workflow: Workflow;
@@ -315,6 +327,9 @@ export class Expression {
data: IWorkflowDataProxyData,
): tmpl.ReturnValue | undefined {
try {
[Function, AsyncFunction].forEach(({ prototype }) =>
Object.defineProperty(prototype, 'constructor', { value: fnConstructors.mock }),
);
return tmpl.tmpl(expression, data);
} catch (error) {
if (error instanceof ExpressionError) {
@@ -352,6 +367,11 @@ export class Expression {
throw new Error(match.groups.msg);
}
} finally {
Object.defineProperty(Function.prototype, 'constructor', { value: fnConstructors.sync });
Object.defineProperty(AsyncFunction.prototype, 'constructor', {
value: fnConstructors.async,
});
}
return null;
}