Local-GitHub-Proxy/Sub-Store
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/sub-store-org/Sub-Store.git synced 2025-08-11 08:19:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

Replaced eval with Function for security

Browse Source
This commit is contained in:
Peng-YM 2022-06-03 20:36:06 +08:00
parent cc628788fc
commit 1678d2cb65
5 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
backend/dist/sub-store-parser.loon.min.js vendored
View File

File diff suppressed because one or more lines are too long

15
backend/package-lock.json generated
View File

@ -1,17 +1,18 @@
{ {
"name": "sub-store", "name": "sub-store",
"version": "1.5.1", "version": "1.6",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "sub-store", "name": "sub-store",
"version": "1.5.1", "version": "1.6",
"license": "GPL", "license": "GPL",
"dependencies": { "dependencies": {
"body-parser": "^1.19.0", "body-parser": "^1.19.0",
"express": "^4.17.1", "express": "^4.17.1",
"js-base64": "^3.7.2", "js-base64": "^3.7.2",
"lodash": "^4.17.21",
"request": "^2.88.2", "request": "^2.88.2",
"static-js-yaml": "^1.0.0" "static-js-yaml": "^1.0.0"
}, },
@ -7628,6 +7629,11 @@
"node": ">=6" "node": ">=6"
} }
}, },
"node_modules/lodash": {
"version": "4.17.21",
"resolved": "https://registry.npmmirror.com/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
},
"node_modules/lodash._reinterpolate": { "node_modules/lodash._reinterpolate": {
"version": "3.0.0", "version": "3.0.0",
"resolved": "https://registry.npmmirror.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz", "resolved": "https://registry.npmmirror.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz",
@ -18538,6 +18544,11 @@
"path-exists": "^3.0.0" "path-exists": "^3.0.0"
} }
}, },
"lodash": {
"version": "4.17.21",
"resolved": "https://registry.npmmirror.com/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
},
"lodash._reinterpolate": { "lodash._reinterpolate": {
"version": "3.0.0", "version": "3.0.0",
"resolved": "https://registry.npmmirror.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz", "resolved": "https://registry.npmmirror.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz",

1
backend/package.json
View File

@ -15,6 +15,7 @@
"body-parser": "^1.19.0", "body-parser": "^1.19.0",
"express": "^4.17.1", "express": "^4.17.1",
"js-base64": "^3.7.2", "js-base64": "^3.7.2",
"lodash": "^4.17.21",
"request": "^2.88.2", "request": "^2.88.2",
"static-js-yaml": "^1.0.0" "static-js-yaml": "^1.0.0"
}, },

36
backend/src/core/proxy-utils.js
View File

@ -1,10 +1,11 @@
/* eslint-disable no-case-declarations */ /* eslint-disable no-case-declarations */
// eslint-disable-next-line no-unused-vars import { HTTP } from '../vendor/open-api';
import { AND, FULL, OR, NOT } from '../utils/logical';
import { safeLoad } from 'static-js-yaml'; import { safeLoad } from 'static-js-yaml';
import download from '../utils/download'; import download from '../utils/download';
import { FULL } from '../utils/logical';
import { getFlag } from '../utils/geo'; import { getFlag } from '../utils/geo';
import { Base64 } from 'js-base64'; import { Base64 } from 'js-base64';
import lodash from 'lodash';
import $ from './app'; import $ from './app';
@ -1186,26 +1187,18 @@ const PROXY_PROCESSORS = (function () {
1. This function name should be `operator`! 1. This function name should be `operator`!
2. Always declare variables before using them! 2. Always declare variables before using them!
*/ */
// eslint-disable-next-line no-unused-vars
function ScriptOperator(script, targetPlatform, $arguments) { function ScriptOperator(script, targetPlatform, $arguments) {
return { return {
name: 'Script Operator', name: 'Script Operator',
func: async (proxies) => { func: async (proxies) => {
let output = proxies; let output = proxies;
await (async function () { await (async function () {
// interface to get internal operators const operator = new Function(
'$arguments',
// eslint-disable-next-line no-unused-vars 'HTTP',
const $get = (name, args) => { 'lodash',
const item = PROXY_PROCESSORS[name]; `${script}\n return operator`,
return item(args); )($arguments, HTTP, lodash);
};
// eslint-disable-next-line no-unused-vars
const $process = ApplyProcessor;
eval(script);
// eslint-disable-next-line no-undef
output = operator(proxies, targetPlatform); output = operator(proxies, targetPlatform);
})(); })();
return output; return output;
@ -1306,15 +1299,18 @@ const PROXY_PROCESSORS = (function () {
1. This function name should be `filter`! 1. This function name should be `filter`!
2. Always declare variables before using them! 2. Always declare variables before using them!
*/ */
// eslint-disable-next-line no-unused-vars
function ScriptFilter(script, targetPlatform, $arguments) { function ScriptFilter(script, targetPlatform, $arguments) {
return { return {
name: 'Script Filter', name: 'Script Filter',
func: async (proxies) => { func: async (proxies) => {
let output = FULL(proxies.length, true); let output = FULL(proxies.length, true);
await (async function () { await (async function () {
eval(script); const filter = new Function(
// eslint-disable-next-line no-undef '$arguments',
'HTTP',
'lodash',
`${script}\n return filter`,
)($arguments, HTTP, lodash);
output = filter(proxies, targetPlatform); output = filter(proxies, targetPlatform);
})(); })();
return output; return output;
@ -1956,7 +1952,7 @@ export async function ApplyProcessor(processor, objs) {
// select proxies // select proxies
let selected = FULL(objs.length, true); let selected = FULL(objs.length, true);
try { try {
selected = AND(selected, await filter.func(objs)); selected = await filter.func(objs);
} catch (err) { } catch (err) {
// print log and skip this filter // print log and skip this filter
console.log(`Cannot apply filter ${filter.name}\n Reason: ${err}`); console.log(`Cannot apply filter ${filter.name}\n Reason: ${err}`);

4
backend/sub-store.min.js vendored
View File

File diff suppressed because one or more lines are too long