1.0.0 • Published 1 year ago
esc-command v1.0.0
esc-command
Utility methods to prevent command injection vulnerabilities.
usage
escapeCommand()
Escapes a command or command arguments by operation system
import {escapeCommand} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = 'ls -1 "' + escapeCommand(dirname) + '"'
// ls -1 "\/usr\/bin\;\" cat \/etc\/passwd"
escapeCommandLit
Literal to escape a command or command arguments by operation system
import {escapeCommandLit} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = escapeCommandLit`ls -1 "${dirname}"`
// ls -1 "\/usr\/bin\;\" cat \/etc\/passwd"
filterCommand()
Filters a command or command arguments by operation system
import {filterCommand} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = 'ls -1 "' + filterCommand(dirname) + '"'
// ls -1 "\/usr\/bin cat \/etc\/passwd"
filterCommandLit
Literal to filter a command or command arguments by operation system
import {filterCommandLit} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = filterCommandLit`ls -1 "${dirname}"`
// ls -1 "\/usr\/bin cat \/etc\/passwd"
License
References
1.0.0
1 year ago