doc: Provide a warning around child_process.exec() #10466
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
child_process
|
/cc @nodejs/security |
|
Should this perhaps be a general message for all child process commands? |
|
@thealphanerd It's much less true for the others in the family that don't launch shells. |
jasnell
approved these changes
Dec 27, 2016
| @@ -149,6 +149,9 @@ added: v0.1.90 | |||
| Spawns a shell then executes the `command` within that shell, buffering any | |||
| generated output. | |||
|
|
|||
| **Note: Never pass unsanitised user input to this function, as otherwise | |||
There was a problem hiding this comment.
I would suggest rephrasing slightly...
*Note*: Passing unsanitized user input containing shell metacharacters can be
used to trigger arbitrary command execution.
LGTM either way tho.
|
@nodejs/documentation |
cjihrig
requested changes
Dec 28, 2016
|
People will frequently look at function documentation without reading top level text. Adding it to all relevant calls seems reasonable? |
|
Ok I've added the same warning to execSync(). I don't think it's as relevant for the spawn() family. |
What about with the |
|
If the arguments are passed as an array rather than being passed as a single argument to the shell, they won't be interpreted by the shell. |
|
Hm actually this may not be true - sorry, I'm making assumptions about how Unix handles exec(), which is exactly the problem in the first place! Let me look a little more at exactly what child_process does here. |
sam-github
suggested changes
Dec 29, 2016
|
Added warnings to spawn() and spawnSync() as well. |
sam-github
reviewed
Dec 29, 2016
| @@ -149,6 +149,10 @@ added: v0.1.90 | |||
| Spawns a shell then executes the `command` within that shell, buffering any | |||
| generated output. | |||
|
|
|||
| **Note: Never pass unsanitised user input to this function. Any input | |||
| containing shell metacharacters may be used to trigger arbitrary command | |||
| execution** | |||
There was a problem hiding this comment.
Missing . at end of sentence
sam-github
approved these changes
Dec 29, 2016
sam-github
suggested changes
Dec 29, 2016
|
Thanks - fixed up the commit message and added the missing full stops. |
gibfahn
approved these changes
Dec 30, 2016
sam-github
approved these changes
Dec 30, 2016
jasnell
approved these changes
Dec 30, 2016
cjihrig
approved these changes
Dec 30, 2016
|
Landed in f60aba2, thanks. |
sam-github
pushed a commit
that referenced
this pull request
Dec 30, 2016
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
|
Thanks for doing this! 👍 |
evanlucas
pushed a commit
that referenced
this pull request
Jan 3, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
evanlucas
pushed a commit
that referenced
this pull request
Jan 4, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 23, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 23, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 23, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 24, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 24, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 31, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
MylesBorins
pushed a commit
that referenced
this pull request
Feb 1, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
child_process.exec() allows trivial arbitrary command execution if code
passes unsanitised user input to it. Add a warning in the docs to make that
clear.
Checklist
Affected core subsystem(s)
doc
Description of change