Skip to content

Commit

Permalink
Merge pull request #20 from flypapertech/fixCommandInjection
Browse files Browse the repository at this point in the history
Fixes arbitrary command injection by using execFile instead of exec
  • Loading branch information
scravy authored Jun 23, 2018
2 parents dd07962 + 214ad00 commit 358fd59
Show file tree
Hide file tree
Showing 6 changed files with 11 additions and 24 deletions.
3 changes: 3 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
language: node_js
os:
- linux
- osx
node_js:
- stable
- "0.12"
Expand Down
6 changes: 3 additions & 3 deletions lib/linux.js
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
var exec = require('child_process').exec;
var execFile = require('child_process').execFile;

module.exports = function (iface, callback) {
exec("cat /sys/class/net/" + iface + "/address", function (err, out) {
execFile("cat", ["/sys/class/net/" + iface + "/address"], function (err, out) {
if (err) {
callback(err, null);
return;
}
callback(null, out.trim().toLowerCase());
});
};
};
16 changes: 0 additions & 16 deletions lib/macosx.js

This file was deleted.

4 changes: 2 additions & 2 deletions lib/unix.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
var exec = require('child_process').exec;
var execFile = require('child_process').execFile;

module.exports = function (iface, callback) {
exec("ifconfig " + iface, function (err, out) {
execFile("ifconfig", [iface], function (err, out) {
if (err) {
callback(err, null);
return;
Expand Down
4 changes: 2 additions & 2 deletions lib/windows.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
var exec = require('child_process').exec;
var execFile = require('child_process').execFile;

var regexRegex = /[-\/\\^$*+?.()|[\]{}]/g;

Expand All @@ -7,7 +7,7 @@ function escape(string) {
}

module.exports = function (iface, callback) {
exec("ipconfig /all", function (err, out) {
execFile("ipconfig", ["/all"], function (err, out) {
if (err) {
callback(err, null);
return;
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "macaddress",
"version": "0.2.9",
"version": "0.2.10",
"description": "Get the MAC addresses (hardware addresses) of the hosts network interfaces.",
"main": "index.js",
"scripts": {
Expand Down

0 comments on commit 358fd59

Please sign in to comment.