Enable passing environment variables to the node process

[jukra]

We noticed that Chrome does not behave well with jemalloc enabled, and we prefer to use that in general.

Instead of disabling jemalloc in the whole environment, we opted to just disable it for the node process used. Based on quick search, others have had the same issue as well (#80)

We disabled it by passing a new environment variable for the node process like this

[abrom]

At face value this certainly seems reasonable, unfortunately it is also possible to use this change to allow a pretty broad set of attacks on the host via the middleware. Options can be parsed from the body of the page being converted, and if the system supports file uploads and has the middleware enabled to allow conversion of responses it would be possible to have the end user alter these settings per request. This might include things like including extra files (--require ..) or changing the default CA, or enabling process inspection, changing the node path. This is a surefire way to allow potential back-dooring or file exfiltration.

https://nodejs.org/api/cli.html#environment-variables_1

This would either require an absolutely bullet proof set of guards in Grover::OptionsBuilder#meta_options or configuring this outside the bounds of the options passed to the Grover initialiser.

[jukra]

Ah yes, you are right, I did not consider the middleware usage as we are not using it. Could this be under the config like this? So not using the options but adding one more flag here lib/grover/configuration.rb

# config/initializers/grover.rb
Grover.configure do |config|
  config.node_env_vars = { 'LD_PRELOAD': '' }
end

Then passing it along for the lib/grover/processor.rb?

[abrom]

Yes, exactly.. much safer

[jukra]

Changed now so that node_env_vars is part of the config instead of options

[abrom]

Released in v1.1.8