From 3ab3ca821dedadcaf1539a6e78f73a9030fbd0c6 Mon Sep 17 00:00:00 2001 From: Asjid Kalam Date: Wed, 9 Sep 2020 21:22:36 +0530 Subject: [PATCH 1/3] fixed rce --- index.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/index.js b/index.js index da4c6f0..87347ec 100644 --- a/index.js +++ b/index.js @@ -1,5 +1,5 @@ var _ = require('underscore'); -var exec = require('child_process').exec; +var exec = require('child_process').execFile; var fse = require('fs-extra'); var path = require('path'); var Promise = require('bluebird'); @@ -99,8 +99,10 @@ function getTempBuildDir(packageName, version) { function tarDir(dir) { var archiveName = path.basename(dir) +'.orig.tar.xz'; var archivePath = path.join(path.dirname(dir), archiveName); - - return exec('tar cfJ '+ archivePath +' '+ dir); + + var cmd = 'tar cfJ '+ archivePath +' '+ dir; + cmd = cmd.split(' '); + return exec(cmd[0], cmd.slice(1)); } // Write the required files into the DEBIAN directory. @@ -122,7 +124,9 @@ function writeDebianFiles(tempBuildDir, options) { // Run dpkg to make the .deb file. function dpkg(tempBuildDir) { - return exec('dpkg -b '+ tempBuildDir); + var cmd = 'dpkg -b '+ tempBuildDir; + cmd = cmd.split(' '); + return exec(cmd[0], cmd.slice(1)); } module.exports = makeDeb; From 5f52a6f7bfef06060eae8f5e15a40cd10f053b21 Mon Sep 17 00:00:00 2001 From: Asjid Kalam Date: Thu, 10 Sep 2020 20:37:21 +0530 Subject: [PATCH 2/3] updated fix --- index.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/index.js b/index.js index 87347ec..5cfe8bf 100644 --- a/index.js +++ b/index.js @@ -99,10 +99,7 @@ function getTempBuildDir(packageName, version) { function tarDir(dir) { var archiveName = path.basename(dir) +'.orig.tar.xz'; var archivePath = path.join(path.dirname(dir), archiveName); - - var cmd = 'tar cfJ '+ archivePath +' '+ dir; - cmd = cmd.split(' '); - return exec(cmd[0], cmd.slice(1)); + return exec('tar', ['cfJ', archivePath, dir]); } // Write the required files into the DEBIAN directory. From 16ad0cb65a5b0f63005f12bb9e5d1fabf51f9031 Mon Sep 17 00:00:00 2001 From: Asjid Kalam Date: Thu, 10 Sep 2020 20:38:41 +0530 Subject: [PATCH 3/3] updated --- index.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/index.js b/index.js index 5cfe8bf..088a2d3 100644 --- a/index.js +++ b/index.js @@ -121,9 +121,7 @@ function writeDebianFiles(tempBuildDir, options) { // Run dpkg to make the .deb file. function dpkg(tempBuildDir) { - var cmd = 'dpkg -b '+ tempBuildDir; - cmd = cmd.split(' '); - return exec(cmd[0], cmd.slice(1)); + return exec('dpkg', ['-b', tempBuildDir]); } module.exports = makeDeb;