mirror of
https://github.com/nodejs/node.git
synced 2025-04-28 21:46:48 +00:00
56d8dc120c
Add `isLoopback` function to `internal/net` module to check if a given host is a loopback address. Add a warning when binding the inspector to a public IP with an open port, as it allows external hosts to connect to the inspector. Fixes: https://github.com/nodejs/node/issues/23444 Refs: https://nodejs.org/api/cli.html#--inspecthostport PR-URL: https://github.com/nodejs/node/pull/55736 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: LiviaMedeiros <livia@cirno.name>
17 lines
517 B
JavaScript
17 lines
517 B
JavaScript
'use strict';
|
|
|
|
const common = require('../common');
|
|
common.skipIfInspectorDisabled();
|
|
|
|
const inspector = require('inspector');
|
|
inspector.open(0, '0.0.0.0', false);
|
|
common.expectWarning(
|
|
'SecurityWarning',
|
|
'Binding the inspector to a public IP with an open port is insecure, ' +
|
|
'as it allows external hosts to connect to the inspector ' +
|
|
'and perform a remote code execution attack. ' +
|
|
'Documentation can be found at ' +
|
|
'https://nodejs.org/api/cli.html#--inspecthostport'
|
|
);
|
|
inspector.close();
|