milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 20:20:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix command injection

Browse source
This commit is contained in:
Sander Declerck 2025-07-17 16:59:01 +02:00
parent fe1ca396b4
commit 3825b94a09
No known key found for this signature in database
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/shell-integration/helpers.js
View file

@ -1,4 +1,4 @@
import { execSync } from "child_process";
import { execSync, spawnSync } from "child_process";
import * as os from "os";
import fs from "fs";
@ -13,9 +13,9 @@ export const knownAikidoTools = [
export function doesExecutableExistOnSystem(executableName) {
try {
if (os.platform() === "win32") {
execSync(`where ${executableName}`, { stdio: "ignore" });
spawnSync("where", [executableName], { stdio: "ignore" });
} else {
execSync(`which ${executableName}`, { stdio: "ignore" });
spawnSync("which", [executableName], { stdio: "ignore" });
}
return true;
} catch {
@ -46,6 +46,7 @@ export function addLineToFile(filePath, line) {
if (!fs.existsSync(filePath)) {
fs.writeFileSync(filePath, "", "utf-8");
}
const fileContent = fs.readFileSync(filePath, "utf-8");
const updatedContent = fileContent + os.EOL + line;
fs.writeFileSync(filePath, updatedContent, "utf-8");