From 68e4e69396e4f2ce599028f35fda785dd872fd12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9?= <9092381+Renegade334@users.noreply.github.com> Date: Wed, 28 Aug 2024 11:24:57 +0100 Subject: [PATCH 1/3] child_process: validate shell option in `normalizeExecArgs()` - narrow validation type to string (previously de facto not validated) - ensure empty string is coerced to true --- lib/child_process.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/child_process.js b/lib/child_process.js index 3fb21f755be3d7..36f4db23378a59 100644 --- a/lib/child_process.js +++ b/lib/child_process.js @@ -196,7 +196,12 @@ function normalizeExecArgs(command, options, callback) { // Make a shallow copy so we don't clobber the user's options object. options = { __proto__: null, ...options }; - options.shell = typeof options.shell === 'string' ? options.shell : true; + + // Validate the shell, if present, and ensure a truthy value. + if (options.shell != null) { + validateString(options.shell, 'options.shell'); + } + options.shell ||= true; return { file: command, From 1a386811483b126a044b6c06c6438a4a8fce7b3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9?= <9092381+Renegade334@users.noreply.github.com> Date: Wed, 28 Aug 2024 11:59:09 +0100 Subject: [PATCH 2/3] add test cases for options.shell --- .../test-child-process-exec-enforce-shell.js | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 test/parallel/test-child-process-exec-enforce-shell.js diff --git a/test/parallel/test-child-process-exec-enforce-shell.js b/test/parallel/test-child-process-exec-enforce-shell.js new file mode 100644 index 00000000000000..83c080037c0ae0 --- /dev/null +++ b/test/parallel/test-child-process-exec-enforce-shell.js @@ -0,0 +1,23 @@ +'use strict'; +const common = require('../common'); +const assert = require('assert'); +const { exec, execSync } = require('child_process'); + +const invalidArgTypeError = { + code: 'ERR_INVALID_ARG_TYPE', + name: 'TypeError' +}; + +exec('echo should-be-passed-as-argument', { shell: '' }, common.mustSucceed((stdout, stderr) => { + assert.match(stdout, /should-be-passed-as-argument/); + assert.ok(!stderr); +})); + +{ + const ret = execSync('echo should-be-passed-as-argument', { encoding: 'utf-8', shell: '' }); + assert.match(ret, /should-be-passed-as-argument/); +} + +for (const fn of [exec, execSync]) { + assert.throws(() => fn('should-throw-on-boolean-shell-option', { shell: false }), invalidArgTypeError); +} From 79e548efbf3c46c7cbe4df5119535a23ca6d7dd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9?= <9092381+Renegade334@users.noreply.github.com> Date: Sun, 8 Sep 2024 15:07:09 +0100 Subject: [PATCH 3/3] fix windows test --- test/parallel/test-child-process-exec-any-shells-windows.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/parallel/test-child-process-exec-any-shells-windows.js b/test/parallel/test-child-process-exec-any-shells-windows.js index 5c34bc77308cc3..10d37259a4021c 100644 --- a/test/parallel/test-child-process-exec-any-shells-windows.js +++ b/test/parallel/test-child-process-exec-any-shells-windows.js @@ -33,7 +33,7 @@ const testCopy = (shellName, shellPath) => { const system32 = `${process.env.SystemRoot}\\System32`; // Test CMD -test(true); +test(); test('cmd'); testCopy('cmd.exe', `${system32}\\cmd.exe`); test('cmd.exe');