Fix possible security issue in inetChecksite()

2021-02-18 14:01:49 -03:00 · 2021-02-18 14:01:49 -03:00 · e64cb03654
commit e64cb03654
parent 078ea404f4
2 changed files with 23 additions and 0 deletions
--- a/lib/poc.js
+++ b/lib/poc.js
@ -0,0 +1,22 @@
+let si = require('./internet');
+si.inetChecksite([]).then((a) => {
+  if (a.ok == false)
+    console.log("inetChecksite is fixed!")
+  else
+    console.log("inetChecksite is not fixed!")
+});
+
+
+si.inetLatency([]).then((a) => {
+  if (a == null)
+    console.log("inetLatency is fixed!")
+  else
+    console.log("inetLatency is not fixed!")
+});
+si = require('./processes');
+si.services([]).then((a) => {
+  if (typeof a == typeof [])
+    console.log("services is fixed!")
+  else
+    console.log("services is not fixed!")
+});
--- a/lib/util.js
+++ b/lib/util.js
@ -529,6 +529,7 @@ function sanitizeShellString(str, strict = false) {
      s[i] === '\'' ||
      s[i] === '`' ||
      s[i] === '"' ||
+      strict && s[i] === '@' ||
      strict && s[i] === ' ' ||
      strict && s[i] == '{' ||
      strict && s[i] == ')')) {