阻止来自 NodeJS 服务器的所有传出请求? [英] Prevent all outgoing requests from NodeJS server?
问题描述
是否有任何现有技术或 npm 包可以阻止来自 NodeJS 服务器的所有传出请求,只允许响应传入请求?这可以防止安全审核中遗漏的深度依赖项中的回传类型攻击.
Is there any existing technique or npm package that can prevent all outgoing requests from a NodeJS server, allowing only responses to incoming requests? This could prevent phone-home type attacks in deep dependencies missed in security audits.
推荐答案
如果您正在寻找纯 node.js 解决方案,您可以这样做.
If you're looking for pure node.js solution, you can do something like that.
使用诸如 mockery 之类的模块,您可以限制您的 javascript 模块可以对 node.js 核心执行的调用.例如,如果您覆盖 require('net').connect,恶意代码将更难执行某些操作.
Using some module like mockery you can limit what calls your javascript module can do to node.js core. For example, if you override require('net').connect, it'll make harder for malicious code to execute something.
我不知道任何现有的解决方案,但绝对有可能,而且我真的很想看到一个.
I don't know of any existing solutions, but it's definitely possible, and I'd really like to see one.
也就是说,解决这个问题的通用方法完全超出了 node.js 的范围:
That said, the generic approaches to this problem are completely outside of node.js scope:
- 防火墙
- 服装
这篇关于阻止来自 NodeJS 服务器的所有传出请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
