Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some thinking to discuss a way to fix the RCE issue #86

Open
darxtrix opened this issue Sep 15, 2017 · 2 comments
Open

Some thinking to discuss a way to fix the RCE issue #86

darxtrix opened this issue Sep 15, 2017 · 2 comments

Comments

@darxtrix
Copy link

darxtrix commented Sep 15, 2017
edited
Loading

Hey,

Attended your session at JSFoo today, liked the answers !

Just wanted to discuss an approach through which Remote Code execution chances can be brought to a very low percentage. This approach can be used

  1. Install the package in a sandbox env, for eg. superagent
  2. Unless it is used in the code, don't install in main repo, prevent installation before somebody does this:
superagent.get(----)

Then make sure that get method is there corresponding to superagent that is installed in sandbox env, if it is there, then install it. I think this methodology will significantly decrease the chances of RCE ?
@siddharthkp
Copy link
Owner

Ah this is super interesting. Any idea on how do you detect usage in a generic way?

@darxtrix
Copy link
Author

darxtrix commented Sep 15, 2017
edited
Loading

Mostly all my sunny days go by writing Python, will try to figure out something during the conference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@siddharthkp @darxtrix