Merge pull request #62 from domharrington/revert-59-master

Revert "Security Fix for RCE on "gitlogplus" - huntr.dev"
domharrington · Oct 1, 2020 · 03b8b28 · 03b8b28
2 parents 7ab4f61 + 46db769
commit 03b8b28
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/src/index.ts b/src/index.ts
@@ -1,4 +1,4 @@
-import { execFile, execFileSync, ExecSyncOptions, ExecException } from "child_process";
+import { exec, execSync, ExecSyncOptions, ExecException } from "child_process";
 import { existsSync } from "fs";
 import createDebugger from "debug";
 
@@ -323,11 +323,9 @@ function gitlog<Field extends CommitField = DefaultField>(
   };
   const execOptions = { cwd: userOptions.repo, ...userOptions.execOptions };
   const command = createCommand(options);
-
-  command = command.split(' ');
 
   if (!cb) {
-    const stdout = execFileSync(command[0], command.slice(1), execOptions).toString();
+    const stdout = execSync(command, execOptions).toString();
     const commits = stdout.split("@begin@");
 
     if (commits[0] === "") {
@@ -338,7 +336,7 @@ function gitlog<Field extends CommitField = DefaultField>(
     return parseCommits(commits, options.fields, options.nameStatus);
   }
 
-  execFile(command[0], command.slice(1), execOptions, (err, stdout, stderr) => {
+  exec(command, execOptions, (err, stdout, stderr) => {
     debug("stdout", stdout);
     const commits = stdout.split("@begin@");