Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/process_wrap.cc
Original file line number Diff line number Diff line change
Expand Up @@ -200,8 +200,10 @@ class ProcessWrap : public HandleWrap {
// batch files directly but is potentially insecure because arguments
// are not escaped (and sometimes cannot be unambiguously escaped),
// hence why they are rejected here.
#ifdef _WIN32
if (IsWindowsBatchFile(options.file))
err = UV_EINVAL;
#endif

// options.args
Local<Value> argv_v =
Expand Down
2 changes: 2 additions & 0 deletions src/spawn_sync.cc
Original file line number Diff line number Diff line change
Expand Up @@ -769,8 +769,10 @@ Maybe<int> SyncProcessRunner::ParseOptions(Local<Value> js_value) {
// batch files directly but is potentially insecure because arguments
// are not escaped (and sometimes cannot be unambiguously escaped),
// hence why they are rejected here.
#ifdef _WIN32
if (IsWindowsBatchFile(uv_process_options_.file))
return Just<int>(UV_EINVAL);
#endif

Local<Value> js_args =
js_options->Get(context, env()->args_string()).ToLocalChecked();
Expand Down
30 changes: 13 additions & 17 deletions src/util-inl.h
Original file line number Diff line number Diff line change
Expand Up @@ -540,25 +540,21 @@ constexpr std::string_view FastStringKey::as_string_view() const {
// Inline so the compiler can fully optimize it away on Unix platforms.
bool IsWindowsBatchFile(const char* filename) {
#ifdef _WIN32
static constexpr bool kIsWindows = true;
#else
static constexpr bool kIsWindows = false;
#endif // _WIN32
if (kIsWindows) {
std::string file_with_extension = filename;
// Regex to match the last extension part after the last dot, ignoring
// trailing spaces and dots
std::regex extension_regex(R"(\.([a-zA-Z0-9]+)\s*[\.\s]*$)");
std::smatch match;
std::string extension;

if (std::regex_search(file_with_extension, match, extension_regex)) {
extension = ToLower(match[1].str());
}

return !extension.empty() && (extension == "cmd" || extension == "bat");
std::string file_with_extension = filename;
// Regex to match the last extension part after the last dot, ignoring
// trailing spaces and dots
std::regex extension_regex(R"(\.([a-zA-Z0-9]+)\s*[\.\s]*$)");
std::smatch match;
std::string extension;

if (std::regex_search(file_with_extension, match, extension_regex)) {
extension = ToLower(match[1].str());
}

return !extension.empty() && (extension == "cmd" || extension == "bat");
#else
return false;
#endif // _WIN32
}

} // namespace node
Expand Down
Loading