admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-18 02:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

🐛 Improve expression security

Browse Source
This commit is contained in:
Jan Oberhauser
2021-11-10 08:49:45 +01:00
parent 653a8bb42e
commit e8133d80f8
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
packages/workflow/src/Expression.ts
View File

@@ -99,6 +99,19 @@ export class Expression {
); );
const data = dataProxy.getDataProxy(); const data = dataProxy.getDataProxy();
// Support only a subset of process properties
// @ts-ignore
data.process = {
arch: process.arch,
env: process.env,
platform: process.platform,
pid: process.pid,
ppid: process.ppid,
release: process.release,
version: process.pid,
versions: process.versions,
};
// Execute the expression // Execute the expression
try { try {
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call