On 12/17/2013 02:00 PM, Stefan Klein wrote: > Afaik mockery > (https://github.com/mfncooper/mockery#registering-allowable-modules) > overwrites "require" to warn on non-allowed modules. Nice :) So indeed there is more to controlling imported code parts than only virus/malware related issue. Granted that I am blissfully unacquainted with the cocept of "mock", I think the suggested tool is more focused on loading the right things. Might be that this is helpful for avoiding untrusted code comletely, more than restricting the privileges. Still I think this threat has been encriched by this idea, thank you Stefan.
The approach to overwrite require seems something a sandboxing scheme might adopt, since after all using require is imho much more real-life case as compared to the one which https://github.com/gf3/sandbox helps with, which is of this form of a string-js-code-argument: // Example 1 - Standard JS s.run( "1 + 1", function( output ) { console.log( "Example 1: " + output.result + "\n" ) }) where the untrusted code would be the "1 + 1" (granted some very scary code nonetheless ;) -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
