fix: validate ip address before executing command for 'find' (#16)

DylanPiercey · Oct 24, 2019 · 57b9a93 · 57b9a93
1 parent 0083068
commit 57b9a93
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/CHANGES.md b/CHANGES.md
@@ -8,7 +8,10 @@ adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ### Fixes
 
-- increase `maxBuffer` of `cp.exec` to 10MB (1024*1024*10), fixes #10
+- increase `maxBuffer` of `cp.exec` to 10MB (1024*1024*10), fixes [#10](https://github.com/DylanPiercey/local-devices/issues/10)
+- fix: add timeout options when exec arp ([#13](https://github.com/DylanPiercey/local-devices/pull/13))
+- Fixed win32 parser for better windows support ([#9](https://github.com/DylanPiercey/local-devices/pull/9))
+- validate ip address before executing command for 'find' ([#16](https://github.com/DylanPiercey/local-devices/pull/16))
 
 ## [2.0.0] - 2019-02-10
 

diff --git a/__tests__/index.js b/__tests__/index.js
@@ -63,6 +63,10 @@ describe('local-devices', () => {
         expect(result).toBeUndefined()
       })
 
+      it('rejects when the host is not a valid ip address', async () => {
+        await expect(find('127.0.0.1 | mkdir attacker')).rejects.toThrow('Invalid IP')
+      })
+
       it('invokes cp.exec with maxBuffer of 10 MB and a timeout of 1 minute, when invoking find without an ip', async () => {
         await find()
         expect(cp.exec).toHaveBeenCalledWith('arp -a', { 'maxBuffer': TEN_MEGA_BYTE, 'timeout': ONE_MINUTE })

diff --git a/src/index.js b/src/index.js
@@ -118,6 +118,10 @@ function parseAll (data) {
  * Reads the arp table for a single address.
  */
 function arpOne (address) {
+  if (!ip.isV4Format(address) && !ip.isV6Format(address)) {
+    return Promise.reject(new Error('Invalid IP address provided.'))
+  }
+
   return cp.exec('arp -n ' + address, options).then(parseOne)
 }