From 55d6a119f6cc79df289334d839b03d19353205f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kat=20March=C3=A1n?= Date: Fri, 2 Jun 2017 17:41:28 -0700 Subject: [PATCH] fix(exec): escape binaries and args to cp.exec (#18) Fixes: #14 --- index.js | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/index.js b/index.js index 2c07fe2..35eb8b1 100755 --- a/index.js +++ b/index.js @@ -92,8 +92,10 @@ function getExistingPath (command, opts) { function getNpmCache (opts) { return which('npm').then(npmPath => { return BB.fromNode(cb => { - cp.exec(`${npmPath} config get cache${ - opts.userconfig ? ` --userconfig ${opts.userconfig}` : '' + cp.exec(`${escapeArg(npmPath, true)} config get cache${ + opts.userconfig + ? ` --userconfig ${escapeArg(opts.userconfig)}` + : '' }`, {}, cb) }).then(cache => cache.trim()) }) @@ -162,3 +164,15 @@ function spawn (cmd, args, opts) { }) }) } + +function escapeArg (str, asPath) { + return process.platform === 'win32' && asPath + ? path.normalize(str) + .split(/\\/) + .map(s => s.match(/\s+/) ? `"${s}"` : s) + : process.platform === 'win32' + ? `"${path.normalize(str)}"` + : str.match(/[^-_.~/\w]/) + ? `'${str.replace(/'/g, "'\"'\"'")}'` + : str +}