From 45bc9d9ae3614d02b8cc92c0d6f5c6eb1e70e0a9 Mon Sep 17 00:00:00 2001 From: soon <0coming.soon@gmail.com> Date: Wed, 24 Apr 2019 15:05:02 +0500 Subject: [PATCH] Minor docs changes (#252) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ddeed5897..5067cede3 100644 --- a/README.md +++ b/README.md @@ -137,8 +137,8 @@ We recommend you specify exact versions of lint libraries, including `tslint-mic Detects usages of child_process and especially child_process.exec() with a non-literal first argument. - It is dangerous to pass a string constructed at runtime as the first argument to the child_process.exec(). - child_process.exec(cmd) runs cmd as a shell command which allows attacker to execute malicious code injected into cmd string. + It is dangerous to pass a string constructed at runtime as the first argument to the child_process.exec(). + child_process.exec(cmd) runs cmd as a shell command which could allow an attacker to execute malicious code injected into cmd. Instead of child_process.exec(cmd) you should use child_process.spawn(cmd) or specify the command as a literal, e.g. child_process.exec('ls'). @next