mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2024-11-10 06:34:05 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

🐛 Improve expression security

Browse source
This commit is contained in:
Jan Oberhauser 2021-11-10 08:49:45 +01:00
parent 653a8bb42e
commit e8133d80f8
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
packages/workflow/src/Expression.ts
View file

@ -99,6 +99,19 @@ export class Expression {
);
const data = dataProxy.getDataProxy();
// Support only a subset of process properties
// @ts-ignore
data.process = {
arch: process.arch,
env: process.env,
platform: process.platform,
pid: process.pid,
ppid: process.ppid,
release: process.release,
version: process.pid,
versions: process.versions,
};
// Execute the expression
try {
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call