Unsafe use of eval

[cristianstaicu]

In the file server/setConfiguration.js and util/response2json.js possible dangerous eval call sites e.g.:

eval('var _rule = ' + o.rule);

An attacker that can access your server can execute arbitrary commands by sending a specially crafted config file. I suggest removing eval, validating the input (o.rule) or using a sanitization module like: https://www.npmjs.com/package/eval-sanitizer