Be cautious when working with child processes

One Paragraph Explainer

As great as child processes are, they should be used with caution. Passing in user input must be sanitized, if not avoided at all. The dangers of unsanitized input executing system-level logic are unlimited, reaching from remote code execution to the exposure of sensitive system data and even data loss. A check list of preparations could look like this

  • avoid user input in every case, otherwise validate and sanitize it
  • limit the privileges of the parent and child processes using user/group identities
  • run your process inside of an isolated environment to prevent unwanted side-effects if the other preparations fail

Code example: Dangers of unsanitized child process executions

  1. const { exec } = require('child_process');
  2. ...
  3. // as an example, take a script that takes two arguments, one of them is unsanitized user input
  4. exec('"/path/to/test file/someScript.sh" --someOption ' + input);
  5. // -> imagine what could happen if the user simply enters something like '&& rm -rf --no-preserve-root /'
  6. // you'd be in for an unwanted surprise

Additional resources

From the Node.js child process documentation:

Never pass unsanitized user input to this function. Any input containing shell metacharacters may be used to trigger arbitrary command execution.