aherman
/
uptime-kuma
mirror of https://github.com/louislam/uptime-kuma
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update server/monitor-types/system-service.js

Browse Source 
Co-authored-by: Frank Elsinga <frank@elsinga.de>
pull/6488/head
iotux 4 months ago committed by GitHub
parent c09882b00a
commit 2dbd8aecf2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File

8
server/monitor-types/system-service.js
Unescape View File

@ -76,8 +76,12 @@ class SystemServiceMonitorType extends MonitorType {
*/
async checkWindows(serviceName, heartbeat) {
return new Promise((resolve, reject) => {
// SECURITY: Proper Escaping.
const safeServiceName = serviceName.replaceAll("'", "''");
// SECURITY: Validate service name to reduce command-injection risk
if (!/^[A-Za-z0-9._-]+$/.test(serviceName)) {
throw new Error(
"Invalid service name. Only alphanumeric characters and '.', '_', '-' are allowed."
);
}
const cmd = "powershell";
const args = [

Write Preview
Loading…
Cancel
Save