doc: warn about unvalidated input in child_process
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: https://github.com/nodejs/node/pull/10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit is contained in:
parent
6463ef6aff
commit
f60aba2fd4
@ -149,6 +149,10 @@ added: v0.1.90
|
|||||||
Spawns a shell then executes the `command` within that shell, buffering any
|
Spawns a shell then executes the `command` within that shell, buffering any
|
||||||
generated output.
|
generated output.
|
||||||
|
|
||||||
|
**Note: Never pass unsanitised user input to this function. Any input
|
||||||
|
containing shell metacharacters may be used to trigger arbitrary command
|
||||||
|
execution.**
|
||||||
|
|
||||||
```js
|
```js
|
||||||
const exec = require('child_process').exec;
|
const exec = require('child_process').exec;
|
||||||
exec('cat *.js bad_file | wc -l', (error, stdout, stderr) => {
|
exec('cat *.js bad_file | wc -l', (error, stdout, stderr) => {
|
||||||
@ -324,6 +328,10 @@ The `child_process.spawn()` method spawns a new process using the given
|
|||||||
`command`, with command line arguments in `args`. If omitted, `args` defaults
|
`command`, with command line arguments in `args`. If omitted, `args` defaults
|
||||||
to an empty array.
|
to an empty array.
|
||||||
|
|
||||||
|
**Note: If the `shell` option is enabled, do not pass unsanitised user input to
|
||||||
|
this function. Any input containing shell metacharacters may be used to
|
||||||
|
trigger arbitrary command execution.**
|
||||||
|
|
||||||
A third argument may be used to specify additional options, with these defaults:
|
A third argument may be used to specify additional options, with these defaults:
|
||||||
|
|
||||||
```js
|
```js
|
||||||
@ -645,6 +653,10 @@ If the process times out, or has a non-zero exit code, this method ***will***
|
|||||||
throw. The [`Error`][] object will contain the entire result from
|
throw. The [`Error`][] object will contain the entire result from
|
||||||
[`child_process.spawnSync()`][]
|
[`child_process.spawnSync()`][]
|
||||||
|
|
||||||
|
**Note: Never pass unsanitised user input to this function. Any input
|
||||||
|
containing shell metacharacters may be used to trigger arbitrary command
|
||||||
|
execution.**
|
||||||
|
|
||||||
### child_process.spawnSync(command[, args][, options])
|
### child_process.spawnSync(command[, args][, options])
|
||||||
<!-- YAML
|
<!-- YAML
|
||||||
added: v0.11.12
|
added: v0.11.12
|
||||||
@ -690,6 +702,10 @@ completely exited. Note that if the process intercepts and handles the
|
|||||||
`SIGTERM` signal and doesn't exit, the parent process will wait until the child
|
`SIGTERM` signal and doesn't exit, the parent process will wait until the child
|
||||||
process has exited.
|
process has exited.
|
||||||
|
|
||||||
|
**Note: If the `shell` option is enabled, do not pass unsanitised user input to
|
||||||
|
this function. Any input containing shell metacharacters may be used to
|
||||||
|
trigger arbitrary command execution.**
|
||||||
|
|
||||||
## Class: ChildProcess
|
## Class: ChildProcess
|
||||||
<!-- YAML
|
<!-- YAML
|
||||||
added: v2.2.0
|
added: v2.2.0
|
||||||
|
Loading…
x
Reference in New Issue
Block a user