mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-24 04:04:06 -08:00
🐛 Improve expression security
This commit is contained in:
parent
653a8bb42e
commit
e8133d80f8
|
@ -99,6 +99,19 @@ export class Expression {
|
|||
);
|
||||
const data = dataProxy.getDataProxy();
|
||||
|
||||
// Support only a subset of process properties
|
||||
// @ts-ignore
|
||||
data.process = {
|
||||
arch: process.arch,
|
||||
env: process.env,
|
||||
platform: process.platform,
|
||||
pid: process.pid,
|
||||
ppid: process.ppid,
|
||||
release: process.release,
|
||||
version: process.pid,
|
||||
versions: process.versions,
|
||||
};
|
||||
|
||||
// Execute the expression
|
||||
try {
|
||||
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
|
||||
|
|
Loading…
Reference in a new issue