Enforce pid to be a number, do not allow shell expansion in commands

sorellabs · Jul 23, 2020 · 7684811 · 7684811
1 parent b6d819e
commit 7684811
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 12 deletions.
diff --git a/lib/linux.js b/lib/linux.js
@@ -45,5 +45,8 @@ function list() {
 // @type: (Number) -> Task(Error, Undefined)
 exports.kill = kill;
 function kill(pid) {
+  if (typeof pid !== "number") {
+    throw new TypeError(`Expected pid to be a number`);
+  }
   return shell('kill', ['-9', pid]).map(K(undefined));
 }
diff --git a/lib/utils.js b/lib/utils.js
@@ -6,14 +6,10 @@
 
 // -- Dependencies -----------------------------------------------------
 var Task    = require('data.task');
-var exec    = require('child_process').exec;
+var exec    = require('child_process').execFile;
 var compose = require('core.lambda').compose;
 var unary   = require('core.arity').unary;
 
-// -- Helpers and aliases ----------------------------------------------
-var escapeArg = JSON.stringify;
-
-
 // -- Implementation ---------------------------------------------------
 
 // ### function: shell(command, args)
@@ -23,9 +19,8 @@ var escapeArg = JSON.stringify;
 // @type: (String, [String]) -> Task(Error, { output: String, error: String })
 exports.shell = shell;
 function shell(cmd, args) {
-  var command = cmd + ' ' + args.map(unary(compose(escapeArg)(String))).join(' ');
   return new Task(function(reject, resolve) {
-    exec(command, function(error, stdout, stderr) {
+    exec(cmd, args, function(error, stdout, stderr) {
       if (error)  reject(error);
       else        resolve({ output: stdout, error: stderr });
     });

diff --git a/package.json b/package.json
@@ -1,12 +1,10 @@
 {
   "name": "xps",
-  "version": "0.0.0-semantically-released",
+  "version": "1.0.3",
   "description": "Cross-platform library for listing and killing processes.",
   "main": "./lib/index.js",
   "scripts": {
-    "test": "make test",
-    "prepublish": "semantic-release pre",
-    "postpublish": "semantic-release post"
+    "test": "make test"
   },
   "repository": {
     "type": "git",
@@ -34,7 +32,6 @@
     "ms-task": "^1.1.0"
   },
   "devDependencies": {
-    "semantic-release": "^3.3.1",
     "specify-assertions": "^1.0.0",
     "specify-core": "^1.0.1",
     "specify-reporter-spec": "^1.0.0",