问题
How could I deactivate the access to plv8 functions in my eval?
create or replace function
js(src text, input json) returns json as $$
plv8.elog(NOTICE, 'test');
//--plv8 = null; // this would disable permanently plv8, also after another call of the function
var evalRes = eval('var output=null; ' + src + '; output;');
return JSON.stringify(evalRes);
$$ LANGUAGE plv8;
回答1:
I finally found the solution:
create or replace function
public.js(src text, input json) returns json as $$
//-- select js('var a = input.test; var output = []; for(k in a) { output.push(10+a[k]); };', '{"test": [1,2,3]}'::json)
//-- select public.js('plv8.elog(NOTICE, "yoyo");', null) // should not be possible
plv8.elog(NOTICE, 'test');
var evalRes = null;
(function() {
var plv8 = null; //-- In order to disable execute, prepare...
evalRes = eval('var output=null; ' + src + '; output;');
})();
plv8.elog(NOTICE, 'test2');
return JSON.stringify(evalRes);
$$ LANGUAGE plv8;
来源:https://stackoverflow.com/questions/30706274/plv8-disable-execute-and-prepare-function-in-eval