Skip to content

Commit de624da

Browse files
fix: check image arguments before processing (#19)
Regex hotfix to check for command injection
1 parent 499fe82 commit de624da

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

Diff for: index.js

+4
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,17 @@ var join = require('path').join;
77
var sprintf = require('util').format;
88

99
module.exports = function(image, output, cb) {
10+
if(/;|&|`|\$|\(|\)|\|\||\||!|>|<|\?|\${/g.test(JSON.stringify(image))) {
11+
console.log('Input Validation failed, Suspicious Characters found');
12+
} else {
1013
var cmd = module.exports.cmd(image, output);
1114
exec(cmd, {timeout: 30000}, function(e, stdout, stderr) {
1215
if (e) { return cb(e); }
1316
if (stderr) { return cb(new Error(stderr)); }
1417

1518
return cb(null, output.versions);
1619
});
20+
}
1721
};
1822

1923
/**

0 commit comments

Comments
 (0)