Skip to content

Commit

Permalink
sanitizeShellString() and other security improvements
Browse files Browse the repository at this point in the history
  • Loading branch information
@sebhildebrandt
sebhildebrandt committed Mar 15, 2021
1 parent 0be6fcd commit 01ef56c
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions lib/internet.js
View file
Expand Up @@ -14,7 +14,6 @@
// ----------------------------------------------------------------------------------

// const exec = require('child_process').exec;
const execFile = require('child_process').execFile;
const util = require('./util');

let _platform = process.platform;
Expand Down Expand Up @@ -213,9 +212,9 @@ function inetLatency(host, callback) {
let result = null;
try {
const params = hostSanitized + ' -n 1';
execFile('ping', params.split(' '), util.execOptsWin, function (error, stdout) {
if (!error) {
let lines = stdout.toString().split('\r\n');
util.execSave('ping', params.split(' '), util.execOptsWin).then((stdout) => {
if (stdout) {
let lines = stdout.split('\r\n');
lines.shift();
lines.forEach(function (line) {
if ((line.toLowerCase().match(/ms/g) || []).length === 3) {
Expand Down

2 comments on commit 01ef56c

@Aaisui
Copy link

@Aaisui Aaisui commented on 01ef56c Jun 24, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In fact,I think the previous version is also safe,i try to do something bad but can't bypass sanitizeShellString !! :( @sebhildebrandt

@Aaisui
Copy link

@Aaisui Aaisui commented on 01ef56c Jun 24, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In fact, I think the previous version is also safe, I try to do something bad but can't bypass sanitizeShellString !! :( @sebhildebrandt

I hope you can give some trick for me XDDDD

Please sign in to comment.