From acfdcf7681765a6fb95613efd360255c06bd0b32 Mon Sep 17 00:00:00 2001 From: pon0marev Date: Fri, 22 May 2026 12:00:47 +0300 Subject: [PATCH] Security: enable Node.js Permission Model for JS executor Add --permission and --allow-fs-read=/usr/share/tb-js-executor/* to NODE_OPTIONS to restrict filesystem access and sandbox script execution. --- docker/tb-js-executor.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/tb-js-executor.env b/docker/tb-js-executor.env index 1938449d53..3f6b1f0649 100644 --- a/docker/tb-js-executor.env +++ b/docker/tb-js-executor.env @@ -4,4 +4,4 @@ LOG_FOLDER=logs LOGGER_FILENAME=tb-js-executor-%DATE%.log DOCKER_MODE=true SCRIPT_BODY_TRACE_FREQUENCY=1000 -NODE_OPTIONS="--max-old-space-size=200" +NODE_OPTIONS="--max-old-space-size=200 --permission --allow-fs-read=/usr/share/tb-js-executor/*"