UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

31 lines (30 loc) 1.18 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.detectShellInjection = detectShellInjection; const containsShellSyntax_1 = require("./containsShellSyntax"); const isSafelyEncapsulated_1 = require("./isSafelyEncapsulated"); function detectShellInjection(command, userInput) { // Block single ~ character. For example echo ~ if (userInput === "~") { if (command.length > 1 && command.includes("~")) { return true; } } if (userInput.length <= 1) { // We ignore single characters since they don't pose a big threat. // They are only able to crash the shell, not execute arbitrary commands. return false; } if (userInput.length > command.length) { // We ignore cases where the user input is longer than the command. // Because the user input can't be part of the command. return false; } if (!command.includes(userInput)) { return false; } if ((0, isSafelyEncapsulated_1.isSafelyEncapsulated)(command, userInput)) { return false; } return (0, containsShellSyntax_1.containsShellSyntax)(command, userInput); }