Skip to content
This repository has been archived by the owner on Dec 19, 2023. It is now read-only.

Fix Command Injection vulnerability #1

Merged
merged 1 commit into from
Apr 1, 2021
Merged

Fix Command Injection vulnerability #1

merged 1 commit into from
Apr 1, 2021

Conversation

EffectRenan
Copy link

📊 Metadata *

find-process is a library to get information about running processes by PID number, port number or a string value.

Bounty URL: https://www.huntr.dev/bounties/1-npm-find-process/

⚙️ Description *

To get information by PID and port number, the user needs to inform a value, which is used in a concatenation of an OS command. There is no user input check to know if the PID or the port is a number, so the attacker may send a malicious string that will be interpreted as an OS command.

💻 Technical Description *

The fix provided checks if the user input is a number for the find calls using PID or port, which returns in a rejected promise for false checks.

PS: The find function for name is not vulnerable.

🐛 Proof of Concept (PoC) *

const find = require('find-process');
const command = "$(touch poc.txt)";

find('pid', command)
  .then(function (list) {
    console.log(list);
  }, function (err) {
    console.log(err.stack || err);
  })

🔥 Proof of Fix (PoF) *

The execution of the PoC will not imply the creation of the poc.txt file.

👍 User Acceptance Testing (UAT)

const find = require('find-process');

find('pid', 1)
  .then(function (list) {
    console.log(list);
  }, function (err) {
    console.log(err.stack || err);
  })

find('port', 80)
  .then(function (list) {
    console.log(list);
  }, function (err) {
    console.log(err.stack || err);
  })

find('name', "docker")
  .then(function (list) {
    console.log(list);
  }, function (err) {
    console.log(err.stack || err);
  })

@huntr-helper
Copy link
Member

👋 Hello, @yibn2008. @EffectRenan has opened a PR to us with a fix for a potential vulnerability in your repository. To view the vulnerability, please refer to the bounty URL in the first comment, above. If you want this fix in your repository, a PR will automatically open once you comment:

@huntr-helper - LGTM

☎️ Need further support?

Come and join us on our community Discord!

@yibn2008 - want more fixes like this?

Copy this snippet into your README.md for more vulnerability fixes in the future:

[![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)

huntr

@EffectRenan EffectRenan mentioned this pull request Mar 20, 2021
Closed
@yibn2008
Copy link

yibn2008 commented Apr 1, 2021

@huntr-helper - LGTM

@huntr-helper huntr-helper merged commit 4ca6a5c into 418sec:master Apr 1, 2021
@huntr-helper huntr-helper mentioned this pull request Apr 1, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@EffectRenan @huntr-helper @yibn2008