Skip to content

Commit

Permalink
Fix command-builder arg escape for ;
Browse files Browse the repository at this point in the history 
Issue #551

Also version bump for patch release
  • Loading branch information
@sbs20
sbs20 committed Feb 14, 2023
1 parent 67d6d8c commit e30b688
Show file tree
Hide file tree
Showing 8 changed files with 17 additions and 11 deletions.
4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "scanservjs",
"version": "2.25.1",
"version": "2.25.2",
"description": "scanservjs is a simple web-based UI for SANE which allows you to share a scanner on a network without the need for drivers or complicated installation.",
"scripts": {
"clean": "rm -rf ./dist",
Expand Down
4 changes: 2 additions & 2 deletions packages/client/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion packages/client/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "scanservjs",
"version": "2.25.1",
"version": "2.25.2",
"description": "scanservjs is a simple web-based UI for SANE which allows you to share a scanner on a network without the need for drivers or complicated installation.",
"author": "Sam Strachan",
"scripts": {
Expand Down
4 changes: 2 additions & 2 deletions packages/server/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion packages/server/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "scanservjs-api",
"version": "2.25.1",
"version": "2.25.2",
"description": "scanservjs-api is a REST based API to control your scanner.",
"scripts": {
"lint": "gulp lint",
Expand Down
2 changes: 1 addition & 1 deletion packages/server/src/classes/command-builder.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ module.exports = class CommandBuilder {
if (typeof value === 'string') {
if (value.includes('\'')) {
throw Error('Argument must not contain single quote "\'"');
} else if (['$', ' ', '#', '\\'].some(c => value.includes(c))) {
} else if (['$', ' ', '#', '\\', ';'].some(c => value.includes(c))) {
return `'${value}'`;
}
}
Expand Down
8 changes: 7 additions & 1 deletion packages/server/test/command-builder.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,18 @@ describe('CommandBuilder', () => {
'echo \'hello world\'');
});

it('command-arg2', async () => {
it('command-arg-hash', async () => {
assert.strictEqual(
new CommandBuilder('echo').arg('-n', 'hello#world').build(),
'echo -n \'hello#world\'');
});

it('command-arg-comma', async () => {
assert.strictEqual(
new CommandBuilder('echo').arg('-n', 'hello;world').build(),
'echo -n \'hello;world\'');
});

it('command-security-1', async () => {
assert.strictEqual(
new CommandBuilder('echo').arg('-n', 'hello" && ls -al;# world').build(),
Expand Down

0 comments on commit e30b688

Please sign in to comment.