在discord.js中运行安全节点repl
我想尝试在Discord Bot中运行节点REPL。 因此,我必须关注REPL中的一些不受信任的代码。
这是REPL代码。
const repl = require('repl');
const { Readable, Writable } = require('stream');
const datas = [];
const readable = new Readable({
read(size) {
return true;
}
});
const writable = new Writable({
write(chunk, encoding, callback) {
const value = chunk.toString();
if (value !== "") {
datas.push(value);
}
callback();
}
});
const { context } = repl.start({
prompt: "",
input: readable,
output: writable,
useGlobal: false,
replMode: repl.REPL_MODE_STRICT
});
function run(code) {
readable.push(code);
const strList = datas.slice();
datas.length = 0;
return strList;
}
exports.run = run;
该代码有安全问题:
const fs = require('fs');
fs.readFile('.env', 'utf8', function(err, data) {
console.log(data);
});
console.log(1);
我正在尝试将此代码应用于Discord机器人,并且此代码将打印出机器人令牌。
如何解决这个问题?
I want to try to run the node repl in the discord bot.
So I have to concern some untrusted code in the repl.
here is repl code.
const repl = require('repl');
const { Readable, Writable } = require('stream');
const datas = [];
const readable = new Readable({
read(size) {
return true;
}
});
const writable = new Writable({
write(chunk, encoding, callback) {
const value = chunk.toString();
if (value !== "") {
datas.push(value);
}
callback();
}
});
const { context } = repl.start({
prompt: "",
input: readable,
output: writable,
useGlobal: false,
replMode: repl.REPL_MODE_STRICT
});
function run(code) {
readable.push(code);
const strList = datas.slice();
datas.length = 0;
return strList;
}
exports.run = run;
this code have security problem :
const fs = require('fs');
fs.readFile('.env', 'utf8', function(err, data) {
console.log(data);
});
console.log(1);
I'm trying to apply this code to a discord bot, and this code prints out the bot token.
How do I solve this problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论