refactor: deserialize replace eval to vm.runInThisContext

oaijs · Feb 3, 2018 · 043048d · 043048d
1 parent 0a7a7cd
commit 043048d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/src/helper.js b/src/helper.js
@@ -1,6 +1,7 @@
 const _serialize = require('serialize-javascript');
 const _readall = require('readall');
 const perfy = require('perfy');
+const vm = require('vm');
 const debug = require('debug')('koa-oai-router:cache:helper');
 
 /**
@@ -50,7 +51,7 @@ function deserialize(serialized) {
   debug('deserialize', serialized);
 
   di('deserialize');
-  const ret = eval(`(${serialized})`);
+  const ret = vm.runInThisContext(`(${serialized})`, { timeout: 5000 });
   da('deserialize');
 
   if (ret.primitive === 'buffer') {

diff --git a/src/storage.js b/src/storage.js
@@ -2,7 +2,9 @@ const debug = require('debug')('koa-oai-router:cache:storage');
 const timestring = require('timestring');
 const { inherits } = require('util');
 const { Client } = require('catbox');
-const { serialize, deserialize, di, da } = require('./helper');
+const {
+  serialize, deserialize, di, da,
+} = require('./helper');
 
 function Storage(engine, options) {
   this.client = new Client(engine, options);