https://github.com/commenthol/esc-command
Utility methods to prevent command injection vulnerabilities.
https://github.com/commenthol/esc-command
Last synced: 11 months ago
JSON representation
Utility methods to prevent command injection vulnerabilities.
- Host: GitHub
- URL: https://github.com/commenthol/esc-command
- Owner: commenthol
- License: mit
- Created: 2023-03-05T12:07:13.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2023-03-05T12:09:02.000Z (over 3 years ago)
- Last Synced: 2025-02-26T18:53:36.530Z (over 1 year ago)
- Language: JavaScript
- Size: 4.88 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# esc-command
Utility methods to prevent command injection vulnerabilities.
# usage
## escapeCommand()
Escapes a command or command arguments by operation system
```js
import {escapeCommand} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = 'ls -1 "' + escapeCommand(dirname) + '"'
// ls -1 "\/usr\/bin\;\" cat \/etc\/passwd"
```
## escapeCommandLit``
Literal to escape a command or command arguments by operation system
```js
import {escapeCommandLit} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = escapeCommandLit`ls -1 "${dirname}"`
// ls -1 "\/usr\/bin\;\" cat \/etc\/passwd"
```
## filterCommand()
Filters a command or command arguments by operation system
```js
import {filterCommand} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = 'ls -1 "' + filterCommand(dirname) + '"'
// ls -1 "\/usr\/bin cat \/etc\/passwd"
```
## filterCommandLit``
Literal to filter a command or command arguments by operation system
```js
import {filterCommandLit} from 'esc-command'
const dirname = '/usr/bin;" cat /etc/passwd'
const esc = filterCommandLit`ls -1 "${dirname}"`
// ls -1 "\/usr\/bin cat \/etc\/passwd"
```
## License
[MIT](./LICENSE)
## References
- [Testing for Command Injection][]
- [Escape Characters, Delimiters and Quotes at the Windows command line][]
[Testing for Command Injection]: https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)#Sanitization
[Escape Characters, Delimiters and Quotes at the Windows command line]: https://ss64.com/nt/syntax-esc.html