Skip to content

Commit

Permalink
fix: sanitise pid parameter (#31)
Browse files Browse the repository at this point in the history 
This patch adds a simple check to the process ID passed in, ensuring it
is a number, and throwing an error otherwise. The aim is to fix the
issue explained here:

- https://hackerone.com/reports/701183
- https://snyk.io/vuln/SNYK-JS-TREEKILL-536781

Fixes: #30
  • Loading branch information
@robcresswell @billiegoose
robcresswell authored and billiegoose committed Dec 11, 2019
1 parent 3b5b8fe commit ff73dbf
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ var spawn = childProcess.spawn;
var exec = childProcess.exec;

module.exports = function (pid, signal, callback) {
if (typeof pid !== "number") {
throw new Error("pid must be a number");
}

var tree = {};
var pidsToProcess = {};
tree[pid] = [];
Expand Down

0 comments on commit ff73dbf

Please sign in to comment.