Node-restrict 能够阻止应用程序使用 procss.binding(‘process_wrap’), process.kill 和 child_process 的 Nodejs 模块。
代码示例:
var restrict = require('restrict'); // ls is whitelisted restrict({ 'whitelist': ['ls'], 'whitelistPath': ['/bin'] }); //set whitelist can be invoked, if the whitelist is dynamic restrict.setWhitelist(['grep'], ['/bin', '/usr/bin']); var child_process = require('child_process'); try { // ls is whitelisted. So you can see the output of ls child_process.exec('/bin/ls', function (err, stdout, stderr) { console.log(stdout); }); // grep is not whitelisted. Exception thrown child_process.spawn('grep', ['ssh']); } catch (e) { //this will throw an error //[Error: Function call spawn() is prohibited in this environment.] console.log(e); } try { process.kill(30); } catch (e) { //this will throw an error //[Error: Function call process.kill() is prohibited in this environment.] console.log(e); }
