francesca francesca - 1 month ago 19
Bash Question

How do I escape command injection in node child_process?

I'm adding arguments to

child_process.exec
command using string concatenation and they are ignored

var exec = require( "child_process" ).exec;

var cmd = exec( "grunt build --project="+application, {
cwd: application
},
function( error, stdout, stderr ){});

cmd.stdout.pipe( process.stdout );
cmd.stderr.pipe( process.stderr );


Why is string concatenation a problem and how to avoid it?

Answer

Check your grunt build task to see if there is anything wrong. There is nothing wrong in your code with string concatenation in child_process.exec

Comments