This repository has been archived by the owner on Dec 19, 2023. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
⚙️ Fix:
I had real fun fixing this one! The code was really clean and tracing what variables were passing through what functions were awesome! 😄
The fix is implemented by using
cp_execfile()
(execFile
) instead ofcp_exec()
(exec
).❓ How:
The
_is_clamav_binary()
function was vulnerable to Command Injection, it accepted a variablescanner
to determine what utility to choose, ie:clamdscan
andclamscan
.The
execFile()
executes a system command from a binary path, ie:/bin/ls
for thels
command. And as thescanner
variable is passed toversion_cmds{}
to concatenate with argument--version
, it was easy to implement the fix. Thepath
was set as/usr/bin/clamdscan
in the constructor function so just splitting the command and passing it toexecFile()
can fix the issue.🗒️ Proof of Concept:
place it in the root folder of the project as
poc.js
🔥 Fix On Action:
🍎 Mac:
🐧 Linux:
❤️ After Fix:
As you can see in the above screenshot, no file named
create.txt
was created! ✔️✌️ Fixed