esc-command

Utility methods to prevent command injection vulnerabilities.

usage

escapeCommand()

Escapes a command or command arguments by operation system

import {escapeCommand} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = 'ls -1 "' + escapeCommand(dirname) + '"'
// ls -1 "\/usr\/bin\;\" cat \/etc\/passwd"

escapeCommandLit``

Literal to escape a command or command arguments by operation system

import {escapeCommandLit} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = escapeCommandLit`ls -1 "${dirname}"`
// ls -1 "\/usr\/bin\;\" cat \/etc\/passwd"

filterCommand()

Filters a command or command arguments by operation system

import {filterCommand} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = 'ls -1 "' + filterCommand(dirname) + '"'
// ls -1 "\/usr\/bin   cat \/etc\/passwd"

filterCommandLit``

Literal to filter a command or command arguments by operation system

import {filterCommandLit} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = filterCommandLit`ls -1 "${dirname}"`
// ls -1 "\/usr\/bin   cat \/etc\/passwd"

License

MIT

References

• Testing for Command Injection
• Escape Characters, Delimiters and Quotes at the Windows command line