doc: Provide a warning around child_process.exec()#10466
Closed
mjg59 wants to merge 1 commit intonodejs:masterfrom
Closed
doc: Provide a warning around child_process.exec()#10466mjg59 wants to merge 1 commit intonodejs:masterfrom
mjg59 wants to merge 1 commit intonodejs:masterfrom
Conversation
nodejs-github-bot
added
child_process
Contributor
|
/cc @nodejs/security |
Contributor
|
Should this perhaps be a general message for all child process commands? |
Author
|
@thealphanerd It's much less true for the others in the family that don't launch shells. |
jasnell
approved these changes
Dec 27, 2016
doc/api/child_process.md
Outdated
Member
There was a problem hiding this comment.
I would suggest rephrasing slightly...
*Note*: Passing unsanitized user input containing shell metacharacters can be
used to trigger arbitrary command execution.
LGTM either way tho.
Member
|
@nodejs/documentation |
cjihrig
requested changes
Dec 28, 2016
Contributor
cjihrig
left a comment
cjihrig
left a comment
There was a problem hiding this comment.
This isn't the only function that spawns a shell. If we include this, it should probably be in top level text.
Author
|
People will frequently look at function documentation without reading top level text. Adding it to all relevant calls seems reasonable? |
Author
|
Ok I've added the same warning to execSync(). I don't think it's as relevant for the spawn() family. |
Contributor
What about with the |
Author
|
If the arguments are passed as an array rather than being passed as a single argument to the shell, they won't be interpreted by the shell. |
Author
|
Hm actually this may not be true - sorry, I'm making assumptions about how Unix handles exec(), which is exactly the problem in the first place! Let me look a little more at exactly what child_process does here. |
sam-github
suggested changes
Dec 29, 2016
Contributor
sam-github
left a comment
sam-github
left a comment
There was a problem hiding this comment.
spawn doesn't use the shell by default, exec does use shell by default, execFile never uses the shell, sync vs. async is not relevant here
Author
|
Added warnings to spawn() and spawnSync() as well. |
sam-github
reviewed
Dec 29, 2016
doc/api/child_process.md
Outdated
Contributor
There was a problem hiding this comment.
Missing . at end of sentence
sam-github
approved these changes
Dec 29, 2016
sam-github
suggested changes
Dec 29, 2016
Contributor
sam-github
left a comment
sam-github
left a comment
There was a problem hiding this comment.
I updated the PR description for you, please follow directions in the template next time.
The commit message is now inaccurate since the scope expanded.
I suggest
test: warn about shell metas in child_process
or something of the like.
Author
|
Thanks - fixed up the commit message and added the missing full stops. |
gibfahn
approved these changes
Dec 30, 2016
sam-github
approved these changes
Dec 30, 2016
jasnell
approved these changes
Dec 30, 2016
cjihrig
approved these changes
Dec 30, 2016
Contributor
|
Landed in f60aba2, thanks. |
sam-github
pushed a commit
that referenced
this pull request
Dec 30, 2016
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Member
|
Thanks for doing this! 👍 |
evanlucas
pushed a commit
that referenced
this pull request
Jan 3, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
evanlucas
pushed a commit
that referenced
this pull request
Jan 4, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 23, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 23, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 23, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 24, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 24, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
MylesBorins
pushed a commit
that referenced
this pull request
Jan 31, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
MylesBorins
pushed a commit
that referenced
this pull request
Feb 1, 2017
child_process.exec*() and child_process.spawn*() (if options.shell is true) allow trivial arbitrary command execution if code passes unsanitised user input to it. Add warnings in the docs to make that clear. PR-URL: #10466 Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
child_process.exec() allows trivial arbitrary command execution if code
passes unsanitised user input to it. Add a warning in the docs to make that
clear.
Checklist
Affected core subsystem(s)
doc
Description of change