Skip to content

child_process: validate exec's options.shell as string #59185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+29 −8
Open

child_process: validate exec's options.shell as string #59185

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 13 additions & 7 deletions lib/child_process.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,13 @@ function normalizeExecArgs(command, options, callback) {

// Make a shallow copy so we don't clobber the user's options object.
options = { __proto__: null, ...options };
options.shell = typeof options.shell === 'string' ? options.shell : true;

// Validate the shell, if present, otherwise request the default shell.
if (options.shell != null && options.shell !== true) {
validateString(options.shell, 'options.shell');
} else {
options.shell = true;
}

return {
file: command,
Expand Down Expand Up @@ -613,11 +619,12 @@ function normalizeSpawnArguments(file, args, options) {
}

// Validate the shell, if present.
if (options.shell != null &&
typeof options.shell !== 'boolean' &&
typeof options.shell !== 'string') {
throw new ERR_INVALID_ARG_TYPE('options.shell',
['boolean', 'string'], options.shell);
if (options.shell != null) {
if (typeof options.shell !== 'boolean' && typeof options.shell !== 'string') {
throw new ERR_INVALID_ARG_TYPE('options.shell',
['boolean', 'string'], options.shell);
}
validateArgumentNullCheck(options.shell, 'options.shell');
Comment on lines +622 to +627
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have a test for when options.shell is the empty string?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not at present, that was the whole conversation that led to #58564. There will be one when we get around to a runtime deprecation.

}

// Validate argv0, if present.
Expand All @@ -639,7 +646,6 @@ function normalizeSpawnArguments(file, args, options) {
}

if (options.shell) {
validateArgumentNullCheck(options.shell, 'options.shell');
if (args.length > 0 && !emittedDEP0190Already) {
process.emitWarning(
'Passing args to a child process with shell option true can lead to security ' +
Expand Down
2 changes: 1 addition & 1 deletion test/parallel/test-child-process-exec-any-shells-windows.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ const testCopy = (shellName, shellPath) => {
const system32 = `${process.env.SystemRoot}\\System32`;

// Test CMD
test(true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shell: true is a widely used input. many downstream devs (and me) are actually using it.

https://github.com/search?q=child_process+shell%3A+true+language%3AJavaScript&type=code&l=JavaScript

So this is a breaking change. I personally unvote this

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On exec() or its sister functions?

This is only adding validation of documented behaviour, which by precedent is not a breaking change – not that it's for me to say.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, it is string on document. But I think it's too loose before on runtime, now it's hard to make it back

test(null);
test('cmd');
testCopy('cmd.exe', `${system32}\\cmd.exe`);
test('cmd.exe');
Expand Down
15 changes: 15 additions & 0 deletions test/parallel/test-child-process-exec-shell.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
'use strict';
require('../common');
const assert = require('assert');
const { exec, execSync } = require('child_process');

const invalidArgTypeError = {
code: 'ERR_INVALID_ARG_TYPE',
name: 'TypeError'
};

for (const fn of [exec, execSync]) {
assert.throws(() => fn('should-throw-on-boolean-shell-option', { shell: false }), invalidArgTypeError);
}

// TODO: add DEP0196 tests following runtime deprecation
Loading