frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use child_process.execFile to prevent command injection

Browse Source
This commit is contained in:
Nick O'Leary
2015-11-08 14:26:11 +00:00
parent 985875cc75
commit 075a2abf71
2 changed files with 7 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
red/nodes/index.js
View File

@@ -135,7 +135,7 @@ function installModule(module) {
log.info(log._("server.install.installing",{name: module}));
var installDir = settings.userDir || process.env.NODE_RED_HOME || ".";
var child = child_process.exec('npm install --production '+module,
var child = child_process.execFile('npm',['install','--production',module],
{
cwd: installDir
},
@@ -206,7 +206,7 @@ function uninstallModule(module) {
var list = removeModule(module);
log.info(log._("server.install.uninstalling",{name:module}));
var child = child_process.exec('npm remove '+module,
var child = child_process.execFile('npm',['remove',module],
{
cwd: installDir
},