Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: check path argument before processing (#10)
hotfix to re mediate command injection
  • Loading branch information
snoopysecurity committed Feb 3, 2020
1 parent 049ce24 commit ea15ddd
Showing 1 changed file with 9 additions and 6 deletions.
15 changes: 9 additions & 6 deletions index.js
Expand Up @@ -9,15 +9,18 @@ module.exports = function(path, opts, cb) {
opts = {};
}

var cmd = module.exports.cmd(path, opts);
opts.timeout = opts.timeout || 5000;

exec(cmd, opts, function(e, stdout, stderr) {
if (e) { return cb(e); }
if(/;|&|`|\$|\(|\)|\|\||\||!|>|<|\?|\${/g.test(JSON.stringify(path))) {
console.log('Input Validation failed, Suspicious Characters found');
} else {
var cmd = module.exports.cmd(path, opts);
opts.timeout = opts.timeout || 5000;
exec(cmd, opts, function(e, stdout, stderr) {
if (e) { return cb(e); }
if (stderr) { return cb(new Error(stderr)); }

return cb(null, module.exports.parse(path, stdout, opts));
return cb(null, module.exports.parse(path, stdout, opts));
});
}
};

module.exports.cmd = function(path, opts) {
Expand Down

0 comments on commit ea15ddd

Please sign in to comment.