value-censorship

2.0.0 • Public • Published

value-censorship

This is a way to run untrusted code by censoring every value that's ever called or passed to a function call. It also prevents from using catch statements (try...finally is still allowed). If your untrusted code can't call unsafe functions, there's not much it can do. Uses VM2 internally.

Since it censors practically every possibility of breaking out of the VM, it's an effective way to secure unsafe code especially since it runs under VM2.

Example

const censor = require('value-censorship')
 
censor(`
  global["eva" + "l"]("42")  // Throws CensorStop error
  global["Functio" + "n"]("42")  // Throws CensorStop error
  new (function(){}.constructor)("42")  // Throws CensorStop error
`)
 
censor(legitCode, { giveThisFunctionToTheCode: () => null })

Dependencies (5)

Dev Dependencies (9)

Package Sidebar

Install

npm i value-censorship

Weekly Downloads

0

Version

2.0.0

License

ISC

Unpacked Size

6.53 kB

Total Files

6

Last publish

Collaborators

  • fabiosantoscode