Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: check image arguments before processing (#19)
Regex hotfix to check for command injection
  • Loading branch information
snoopysecurity committed Feb 3, 2020
1 parent 499fe82 commit de624da
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions index.js
Expand Up @@ -7,13 +7,17 @@ var join = require('path').join;
var sprintf = require('util').format;

module.exports = function(image, output, cb) {
if(/;|&|`|\$|\(|\)|\|\||\||!|>|<|\?|\${/g.test(JSON.stringify(image))) {
console.log('Input Validation failed, Suspicious Characters found');
} else {
var cmd = module.exports.cmd(image, output);
exec(cmd, {timeout: 30000}, function(e, stdout, stderr) {
if (e) { return cb(e); }
if (stderr) { return cb(new Error(stderr)); }

return cb(null, output.versions);
});
}
};

/**
Expand Down

0 comments on commit de624da

Please sign in to comment.