From 57b9a933c9d23d34bd5a055536db824de66db553 Mon Sep 17 00:00:00 2001
From: Dylan Piercey <pierceydylan@gmail.com>
Date: Thu, 24 Oct 2019 10:58:43 -0700
Subject: [PATCH] fix: validate ip address before executing command for 'find'
 (#16)

---
 CHANGES.md         | 5 ++++-
 __tests__/index.js | 4 ++++
 src/index.js       | 4 ++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 6a3b094..e8e6a63 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -8,7 +8,10 @@ adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ### Fixes
 
-- increase `maxBuffer` of `cp.exec` to 10MB (1024*1024*10), fixes #10
+- increase `maxBuffer` of `cp.exec` to 10MB (1024*1024*10), fixes [#10](https://github.com/DylanPiercey/local-devices/issues/10)
+- fix: add timeout options when exec arp ([#13](https://github.com/DylanPiercey/local-devices/pull/13))
+- Fixed win32 parser for better windows support ([#9](https://github.com/DylanPiercey/local-devices/pull/9))
+- validate ip address before executing command for 'find' ([#16](https://github.com/DylanPiercey/local-devices/pull/16))
 
 ## [2.0.0] - 2019-02-10
 
diff --git a/__tests__/index.js b/__tests__/index.js
index a273608..e6652e3 100644
--- a/__tests__/index.js
+++ b/__tests__/index.js
@@ -63,6 +63,10 @@ describe('local-devices', () => {
         expect(result).toBeUndefined()
       })
 
+      it('rejects when the host is not a valid ip address', async () => {
+        await expect(find('127.0.0.1 | mkdir attacker')).rejects.toThrow('Invalid IP')
+      })
+
       it('invokes cp.exec with maxBuffer of 10 MB and a timeout of 1 minute, when invoking find without an ip', async () => {
         await find()
         expect(cp.exec).toHaveBeenCalledWith('arp -a', { 'maxBuffer': TEN_MEGA_BYTE, 'timeout': ONE_MINUTE })
diff --git a/src/index.js b/src/index.js
index bc79a99..4ca36fd 100644
--- a/src/index.js
+++ b/src/index.js
@@ -118,6 +118,10 @@ function parseAll (data) {
  * Reads the arp table for a single address.
  */
 function arpOne (address) {
+  if (!ip.isV4Format(address) && !ip.isV6Format(address)) {
+    return Promise.reject(new Error('Invalid IP address provided.'))
+  }
+
   return cp.exec('arp -n ' + address, options).then(parseOne)
 }