pid parameter subject to command injection #49
Description
You should probably validate that pid is a digit only string. This line in ps.js is not very secure:
exec('ps -o "rss,vsize,pcpu" -p ' + pid, function(err, stdout, stderr) {
I got this to work on OSX:
usage.lookup("123; say foobar", options, function(err, result, p) {