[api] [security] [fix] Ensure backticks escape

* Fixes eval issue for for perl and bash #31 * Should be working for some cases, but not all * Requires additional review
stackvana · Feb 18, 2017 · ae64781 · ae64781
1 parent 40e5b06
commit ae64781
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/lib/plugins/spawn/generateCommandLineArguments/bash/index.js b/lib/plugins/spawn/generateCommandLineArguments/bash/index.js
@@ -10,7 +10,8 @@ function bashEscape (arg) {
   } else {
   }
   */
-  str = arg.toString().replace(/"/g, '\'');
+  str = str.replace(/`/g, '');
+  str = str.replace(/"/g, '\'');
   str = str.split("\r\n");
   str = str.join(" ");
   return str;

diff --git a/lib/plugins/spawn/generateCommandLineArguments/perl/index.js b/lib/plugins/spawn/generateCommandLineArguments/perl/index.js
@@ -3,6 +3,7 @@ function perlEscape (arg) {
     return "";
   }
   var str = arg.toString();
+  str = str.replace(/`/g, '');
   str = str.split("\r\n");
   str = str.join(" ");
   return str;