Ensure vm.runInNewContext is used securely

Anorov · Sep 4, 2017 · c460665 · c460665
1 parent 508cc1d
commit c460665
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/cfscrape/__init__.py b/cfscrape/__init__.py
@@ -108,7 +108,7 @@ def solve_challenge(self, body):
 
         # Use vm.runInNewContext to safely evaluate code
         # The sandboxed code cannot use the Node.js standard library
-        js = "return require('vm').runInNewContext('%s');" % js
+        js = "return require('vm').runInNewContext('%s', Object.create(null), {timeout: 5000});" % js
 
         try:
             node = execjs.get("Node")

diff --git a/setup.py b/setup.py
@@ -3,7 +3,7 @@
 setup(
   name = 'cfscrape',
   packages = ['cfscrape'],
-  version = '1.8.1',
+  version = '1.9.0',
   description = 'A simple Python module to bypass Cloudflare\'s anti-bot page. See https://github.com/Anorov/cloudflare-scrape for more information.',
   author = 'Anorov',
   author_email = '[email protected]',